From c89035d544f484e2e61719164adf8269f2c55228 Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Thu, 2 Jun 2022 17:34:08 +0300 Subject: [PATCH] [#1471] eacl: Add testcase with incomplete list of object headers Scenario: * HEAD request of some object * 1st eACL record allows op for objects with specific user attribute * 2nd eACL record forbids op by object ID * node doesn't store the requested object locally With this scenario node shouldn't deny request. Signed-off-by: Leonard Lyubich --- pkg/services/object/acl/eacl/v2/eacl_test.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/pkg/services/object/acl/eacl/v2/eacl_test.go b/pkg/services/object/acl/eacl/v2/eacl_test.go index 2d12adf556..7eba649cb2 100644 --- a/pkg/services/object/acl/eacl/v2/eacl_test.go +++ b/pkg/services/object/acl/eacl/v2/eacl_test.go @@ -135,4 +135,20 @@ func TestHeadRequest(t *testing.T) { lStorage.err = errors.New("any error") require.Equal(t, eaclSDK.ActionAllow, validator.CalculateAction(unit.WithHeaderSource(newSource(t)))) + + r.SetAction(eaclSDK.ActionAllow) + + rID := eaclSDK.NewRecord() + rID.SetOperation(eaclSDK.OperationHead) + rID.SetAction(eaclSDK.ActionDeny) + rID.AddObjectIDFilter(eaclSDK.MatchStringEqual, addr.Object()) + eaclSDK.AddFormedTarget(rID, eaclSDK.RoleUnknown, (ecdsa.PublicKey)(*senderKey)) + + table = eaclSDK.NewTable() + table.AddRecord(r) + table.AddRecord(rID) + + unit.WithEACLTable(table) + + require.Equal(t, eaclSDK.ActionAllow, validator.CalculateAction(unit.WithHeaderSource(newSource(t)))) }