Acl

ACL enables some privileges for users to create, add, modify, delete value attributes.

ACL syntax will be home made, it will look like as SQL query syntax.

The syntax looks like:

select from [<LBEObject>(,<LBEObject>)*]
and
select from <LBEObject*>(<attribute>) <operator> values

As you can see, there are two syntax about the ACL. The first one just test if the connected person belongs to the LBEObject. The second query is more sophisticate. After the select from words, the first Object is about the LBEObject (such as name or displayName value).

The value into () corresponding to the attribute instance of LBEObject to query.

The values is about value to test.

Between values and (attribute) argument, you need operator such as : = , != , < , <= , > , >=.

ACL Example:

** First Type:**

select from employee
select from employee,administrator

with employee and administrator are LBEObject.

** Second Type:**

select from employee(cn)=Cedric Joron
select from employee(employeeNumber)={1..20}
select from employee(employeeNumber)!=4,5,6
select from employee(employeeNumber)>10

The first query is testing if the current connected person is Cedric Joron.

The second query allows employeeNumber between 1 and 20.

The Third query allows all employeeNumber except 4, 5 and 6.

The last query allows employeeNumber greater than 10.

Warning: the connected person MUST have the same value of uid ACL and nickname in order the ACLs work for him.