[#580] Fix user removal in astOperation

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-07-06 16:01:47 +03:00 · 2022-07-06 16:01:47 +03:00 · 36029ca864
commit 36029ca864
parent edc6aa2f88
2 changed files with 7 additions and 9 deletions
--- a/api/handler/acl.go
+++ b/api/handler/acl.go
@ -751,14 +751,13 @@ func addUsers(resource *astResource, astO *astOperation, users []string) {
 func removeUsers(resource *astResource, astOperation *astOperation, users []string) {
 	for _, astOp := range resource.Operations {
 		if astOp.Role == astOperation.Role && astOp.Op == astOperation.Op && astOp.Action == astOperation.Action {
-			ind := 0
+			filteredUsers := astOp.Users[:0] // new slice without allocation
 			for _, user := range astOp.Users {
-				if containsStr(users, user) {
+				if !containsStr(users, user) {
-					astOp.Users = append(astOp.Users[:ind], astOp.Users[ind+1:]...)
+					filteredUsers = append(filteredUsers, user)
 				} else {
 					ind++
 				}
 			}
 			astOp.Users = filteredUsers
 			return
 		}
 	}
--- a/api/handler/acl_test.go
+++ b/api/handler/acl_test.go
@ -394,7 +394,7 @@ func TestRemoveUsers(t *testing.T) {
 			Bucket: "bucket",
 		},
 		Operations: []*astOperation{{
-			Users:  []string{"user1", "user3"},
+			Users:  []string{"user1", "user3", "user4"},
 			Role:   eacl.RoleUser,
 			Op:     eacl.OperationPut,
 			Action: eacl.ActionAllow,
@ -407,11 +407,10 @@ func TestRemoveUsers(t *testing.T) {
 		Action: eacl.ActionAllow,
 	}
-	removeUsers(resource, op, []string{"user1", "user2"})
+	removeUsers(resource, op, []string{"user1", "user2", "user4"})
 	require.Equal(t, len(resource.Operations), 1)
-	require.Equal(t, resource.Name(), resource.Name())
+	require.Equal(t, []string{"user3"}, resource.Operations[0].Users)
 	require.Equal(t, resource.Operations[0].Users, []string{"user3"})
 }
 func TestBucketAclToPolicy(t *testing.T) {