src/site/xdoc/docs/developers/aci_aciitemabnf.xml - directory-server - Git at Google

 <?xml version="1.0" encoding="UTF-8"?>

 <document>
   <properties>
     <author email="ersiner">ersiner</author>
     <title>ApacheDS - ACIItem ABNF Grammar</title>
   </properties>
   <body>
     <p>
 The ABNF syntax for LDAP ACIItem is as
 follows:</p>
     <source>ACIItem = "{" sp aci_identificationTag
               sep sp aci-precedence
               sep sp aci-authenticationLevel
               sep sp aci-itemOrUserFirst sp "}"

 aci_identificationTag   = id-identificationTag msp DirectoryString

 aci-precedence          = id-precedence msp Precedence

 aci-authenticationLevel = id-authenticationLevel msp AuthenticationLevel

 aci-itemOrUserFirst = id-itemOrUserFirst msp aci-itemOrUserFirst

 aci-itemOrUserFirst = aci-itemFirst / aci-userFirst

 aci-itemFirst       = id-itemFirst ":" ItemFirst

 aci-userFirst       = id-userFirst ":" UserFirst

 ItemFirst = "{" sp aci-protectedItems
                 sep sp aci-itemPermissions sp "}"

 UserFirst = "{" sp aci-userClasses
                 sep sp aci-userPermissions sp "}"

 aci-protectedItems    = id-protectedItems msp ProtectedItems

 aci-itemPermissions   = id-itemPermissions msp ItemPermissions

 aci-userClasses       = id-userClasses msp UserClasses

 aci-userPermissions   = id-userPermissions msp UserPermissions

 ProtectedItems = "{" [ sp aci-entry]
                      [ sep sp aci-allUserAttributeTypes ]
                      [ sep sp aci-attributeType ]
                      [ sep sp aci-allAttributeValues ]
                      [ sep sp aci-allUserAttributeTypesAndValues ]
                      [ sep sp aci-attributeValue ]
                      [ sep sp aci-selfValue ]
                      [ sep sp aci-rangeOfValues ]
                      [ sep sp aci-maxValueCount ]
                      [ sep sp aci-maxImmSub ]
                      [ sep sp aci-restrictedBy ]
                      [ sep sp aci-classes ] sp "}"

 ItemPermissions = "{" [ sp ItemPermission
                         *( sep sp ItemPermission ) sp "}"

 ItemPermission = "{" [ sp aci-precedence ]
                        sep sp aci-userClasses
                        sep sp aci-grantsAndDenials sp "}"

 UserClasses = "{" [ sp aci-allUsers ]
                   [ sep sp aci-thisEntry ]
                   [ sep sp aci-Name ]
                   [ sep sp aci-userGroup ]
                   [ sep sp aci-subtree ] sp "}"

 UserPermissions = "{" [ sp UserPermission
                         *( sep sp UserPermission ) ] sp "}"

 UserPermission = "{" [ sp aci-precedence ]
                        sep sp aci-protectedItems
                        sep sp aci-grantsAndDenials sp "}"

 aci-entry                          = id-entry

 aci-allUserAttributeTypes          = id-allUserAttributeTypes

 aci-attributeType                  = id-attributeType msp AttributeTypes

 aci-allAttributeValues             = id-allAttributeValues msp AttributeTypes

 aci-allUserAttributeTypesAndValues = id-allUserAttributeTypesAndValues

 aci-attributeValue                 = id-attributeValue msp AttributeTypeAndValues

 aci-selfValue                      = id-selfValue msp AttributeTypes

 aci-rangeOfValues                  = id-rangeOfValues msp Filter

 aci-maxValueCount                  = id-maxValueCount msp MaxValueCount

 aci-maxImmSub                      = id-maxImmSub msp INTEGER

 aci-restrictedBy                   = id-restrictedBy msp RestrictedBy

 aci-classes                        = id-classes msp Refinement

 aci-grantsAndDenials               = id-grantsAndDenials msp GrantsAndDenials

 aci-allUsers                       = id-allUsers

 aci-thisEntry                      = id-thisEntry

 aci-name                           = id-name msp DistinguishedNames

 aci-userGroup                      = id-userGroup msp DistinguishedNames

 aci-subtree                        = id-subtree msp SubtreeSpecifications

 AttributeTypes = "{" sp AttributeType
                      *( sep sp AttributeType ) sp "}"

 AttributeTypeAndValues = "{" sp AttributeTypeAndValue
                              *( sep sp AttributeTypeAndValue ) sp "}"

 MaxValueCount = "{" sp AttributeType
                     sep sp INTEGER sp "}"

 RestrictedBy = "{" sp RestrictedValue
                    *( sep sp RestrictedValue ) sp "}"

 GrantsAndDenials = "{" [ sp GrantAndDenialsBit
                          *( sep sp GrantAndDenialsBit ) ] sp "}"
                    ; WARNING: There SHALL NOT be any duplicates

 DistinguishedNames = "{" sp DistinguishedName
                          *( sep sp DistinguishedName ) sp "}"


 SubtreeSpecifications = "{" sp SubtreeSpecification
                             *( sep sp SubtreeSpecification ) sp "}"

 RestrictedValue = "{" sp aci-type
                       sep sp aci-valuesIn "}"

 aci-type     = id-type msp AttributeType

 aci-valuesIn = id-valuesIn msp AttributeType

 Precedence   = INTEGER(1..255) ; FIXME: How shall we show this ?

 AuthenticationLevel = id-none / id-simple / id-strong

 GrantAndDenialsBit = id-grantAdd
                      / id-denyAdd
                      / id-grantDiscloseOnError
                      / id-denyDiscloseOnError
                      / id-grantRead
                      / id-denyRead
                      / id-grantRemove
                      / id-denyRemove
                      / id-grantBrowse
                      / id-denyBrowse
                      / id-grantExport
                      / id-denyExport
                      / id-grantImport
                      / id-denyImport
                      / id-grantModify
                      / id-denyModify
                      / id-grantRename
                      / id-denyRename
                      / id-grantReturnDN
                      / id-denyReturnDN
                      / id-grantCompare
                      / id-denyCompare
                      / id-grantFilterMatch
                      / id-denyFilterMatch
                      / id-grantInvoke
                      / id-denyInvoke

 ;MYRULE
 ;id-X = "X"
 </source>
     <table>
       <tr>
         <th>
           <img src="http://docs.safehaus.org/images/icons/emoticons/information.png"/>
         </th>
         <th>
           <center>The Apache Directory Server way...</center>
         </th>
       </tr>
       <tr>
         <td/>
         <td>
           <p>
 Apache Directory Server allows a fully flexible version of this grammar where
 order of named components and amount of spaces (where applicable) do not
 matter.</p>
         </td>
       </tr>
     </table>
   </body>
 </document>
	<?xml version="1.0" encoding="UTF-8"?>

	<document>
	<properties>
	<author email="ersiner">ersiner</author>
	<title>ApacheDS - ACIItem ABNF Grammar</title>
	</properties>
	<body>
	<p>
	The ABNF syntax for LDAP ACIItem is as
	follows:</p>
	<source>ACIItem = "{" sp aci_identificationTag
	sep sp aci-precedence
	sep sp aci-authenticationLevel
	sep sp aci-itemOrUserFirst sp "}"

	aci_identificationTag = id-identificationTag msp DirectoryString

	aci-precedence = id-precedence msp Precedence

	aci-authenticationLevel = id-authenticationLevel msp AuthenticationLevel

	aci-itemOrUserFirst = id-itemOrUserFirst msp aci-itemOrUserFirst

	aci-itemOrUserFirst = aci-itemFirst / aci-userFirst

	aci-itemFirst = id-itemFirst ":" ItemFirst

	aci-userFirst = id-userFirst ":" UserFirst

	ItemFirst = "{" sp aci-protectedItems
	sep sp aci-itemPermissions sp "}"

	UserFirst = "{" sp aci-userClasses
	sep sp aci-userPermissions sp "}"

	aci-protectedItems = id-protectedItems msp ProtectedItems

	aci-itemPermissions = id-itemPermissions msp ItemPermissions

	aci-userClasses = id-userClasses msp UserClasses

	aci-userPermissions = id-userPermissions msp UserPermissions

	ProtectedItems = "{" [ sp aci-entry]
	[ sep sp aci-allUserAttributeTypes ]
	[ sep sp aci-attributeType ]
	[ sep sp aci-allAttributeValues ]
	[ sep sp aci-allUserAttributeTypesAndValues ]
	[ sep sp aci-attributeValue ]
	[ sep sp aci-selfValue ]
	[ sep sp aci-rangeOfValues ]
	[ sep sp aci-maxValueCount ]
	[ sep sp aci-maxImmSub ]
	[ sep sp aci-restrictedBy ]
	[ sep sp aci-classes ] sp "}"

	ItemPermissions = "{" [ sp ItemPermission
	*( sep sp ItemPermission ) sp "}"

	ItemPermission = "{" [ sp aci-precedence ]
	sep sp aci-userClasses
	sep sp aci-grantsAndDenials sp "}"

	UserClasses = "{" [ sp aci-allUsers ]
	[ sep sp aci-thisEntry ]
	[ sep sp aci-Name ]
	[ sep sp aci-userGroup ]
	[ sep sp aci-subtree ] sp "}"

	UserPermissions = "{" [ sp UserPermission
	*( sep sp UserPermission ) ] sp "}"

	UserPermission = "{" [ sp aci-precedence ]
	sep sp aci-protectedItems
	sep sp aci-grantsAndDenials sp "}"

	aci-entry = id-entry

	aci-allUserAttributeTypes = id-allUserAttributeTypes

	aci-attributeType = id-attributeType msp AttributeTypes

	aci-allAttributeValues = id-allAttributeValues msp AttributeTypes

	aci-allUserAttributeTypesAndValues = id-allUserAttributeTypesAndValues

	aci-attributeValue = id-attributeValue msp AttributeTypeAndValues

	aci-selfValue = id-selfValue msp AttributeTypes

	aci-rangeOfValues = id-rangeOfValues msp Filter

	aci-maxValueCount = id-maxValueCount msp MaxValueCount

	aci-maxImmSub = id-maxImmSub msp INTEGER

	aci-restrictedBy = id-restrictedBy msp RestrictedBy

	aci-classes = id-classes msp Refinement

	aci-grantsAndDenials = id-grantsAndDenials msp GrantsAndDenials

	aci-allUsers = id-allUsers

	aci-thisEntry = id-thisEntry

	aci-name = id-name msp DistinguishedNames

	aci-userGroup = id-userGroup msp DistinguishedNames

	aci-subtree = id-subtree msp SubtreeSpecifications

	AttributeTypes = "{" sp AttributeType
	*( sep sp AttributeType ) sp "}"

	AttributeTypeAndValues = "{" sp AttributeTypeAndValue
	*( sep sp AttributeTypeAndValue ) sp "}"

	MaxValueCount = "{" sp AttributeType
	sep sp INTEGER sp "}"

	RestrictedBy = "{" sp RestrictedValue
	*( sep sp RestrictedValue ) sp "}"

	GrantsAndDenials = "{" [ sp GrantAndDenialsBit
	*( sep sp GrantAndDenialsBit ) ] sp "}"
	; WARNING: There SHALL NOT be any duplicates

	DistinguishedNames = "{" sp DistinguishedName
	*( sep sp DistinguishedName ) sp "}"


	SubtreeSpecifications = "{" sp SubtreeSpecification
	*( sep sp SubtreeSpecification ) sp "}"

	RestrictedValue = "{" sp aci-type
	sep sp aci-valuesIn "}"

	aci-type = id-type msp AttributeType

	aci-valuesIn = id-valuesIn msp AttributeType

	Precedence = INTEGER(1..255) ; FIXME: How shall we show this ?

	AuthenticationLevel = id-none / id-simple / id-strong

	GrantAndDenialsBit = id-grantAdd
	/ id-denyAdd
	/ id-grantDiscloseOnError
	/ id-denyDiscloseOnError
	/ id-grantRead
	/ id-denyRead
	/ id-grantRemove
	/ id-denyRemove
	/ id-grantBrowse
	/ id-denyBrowse
	/ id-grantExport
	/ id-denyExport
	/ id-grantImport
	/ id-denyImport
	/ id-grantModify
	/ id-denyModify
	/ id-grantRename
	/ id-denyRename
	/ id-grantReturnDN
	/ id-denyReturnDN
	/ id-grantCompare
	/ id-denyCompare
	/ id-grantFilterMatch
	/ id-denyFilterMatch
	/ id-grantInvoke
	/ id-denyInvoke

	;MYRULE
	;id-X = "X"
	</source>
	<table>
	<tr>
	<th>
	<img src="http://docs.safehaus.org/images/icons/emoticons/information.png"/>
	</th>
	<th>
	<center>The Apache Directory Server way...</center>
	</th>
	</tr>
	<tr>
	<td/>
	<td>
	<p>
	Apache Directory Server allows a fully flexible version of this grammar where
	order of named components and amount of spaces (where applicable) do not
	matter.</p>
	</td>
	</tr>
	</table>
	</body>
	</document>