AND/OR rules not handling indeterminate result case.

git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@2528 cb58f699-b61c-0410-a6fe-9272a202ed29

diff --git a/shibsp/impl/XMLAccessControl.cpp b/shibsp/impl/XMLAccessControl.cpp
index afb6bb9..123dbc6 100644 (file)
--- a/shibsp/impl/XMLAccessControl.cpp
+++ b/shibsp/impl/XMLAccessControl.cpp
@@ -229,7 +229,7 @@ AccessControl::aclresult_t Operator::authorized(const SPRequest& request, const
 {\r
     switch (m_op) {\r
         case OP_NOT:\r
-            switch (m_operands[0]->authorized(request,session)) {\r
+            switch (m_operands.front()->authorized(request,session)) {\r
                 case shib_acl_true:\r
                     return shib_acl_false;\r
                 case shib_acl_false:\r
@@ -241,7 +241,7 @@ AccessControl::aclresult_t Operator::authorized(const SPRequest& request, const
         case OP_AND:\r
         {\r
             for (vector<AccessControl*>::const_iterator i=m_operands.begin(); i!=m_operands.end(); i++) {\r
-                if (!(*i)->authorized(request,session))\r
+                if ((*i)->authorized(request,session) != shib_acl_true)\r
                     return shib_acl_false;\r
             }\r
             return shib_acl_true;\r
@@ -250,7 +250,7 @@ AccessControl::aclresult_t Operator::authorized(const SPRequest& request, const
         case OP_OR:\r
         {\r
             for (vector<AccessControl*>::const_iterator i=m_operands.begin(); i!=m_operands.end(); i++) {\r
-                if ((*i)->authorized(request,session))\r
+                if ((*i)->authorized(request,session) == shib_acl_true)\r
                     return shib_acl_true;\r
             }\r
             return shib_acl_false;\r