Description
The position of optional elements is relavent within the ACIItemParser. For example for ProtectedItems the position of optional elements are relevant so for example the following ACI whould bomb out:
"{ " +
"identificationTag \"searchAci\", " +
"precedence 14, " +
"authenticationLevel none, " +
"itemOrUserFirst userFirst: { " +
"userClasses
"userPermissions { { " +
"protectedItems {allUserAttributeTypesAndValues, entry }, " +
"grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }"
This however would succeed:
"{ " +
"identificationTag \"searchAci\", " +
"precedence 14, " +
"authenticationLevel none, " +
"itemOrUserFirst userFirst: { " +
"userClasses { allUsers }
, " +
"userPermissions { { " +
"protectedItems
, " +
"grantsAndDenials
} } } }"
The same holds for other constructs where a sequence of optional elements are expected. However this is a big problem. The user specifying the ACI must know what comes first, what comes second and so on in the ASN.1 description. This is just too strict of a constraint to place on users and will degrade the ease of use.
Really because we have names for each field order does not need to matter anymore.
I marked this as an improvement as opposed to a bug because the ASN.1 to ABNF translation was correct. It just is not the best thing to do.