[#590] Make service records valid

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-07-20 16:38:22 +03:00 · 2022-07-20 16:38:22 +03:00 · 7ba7e7dc4d
commit 7ba7e7dc4d
parent 1e26cf1541
1 changed files with 10 additions and 2 deletions
--- a/api/handler/acl.go
+++ b/api/handler/acl.go
@ -150,8 +150,11 @@ type ServiceRecord struct {

 func (s ServiceRecord) ToEACLRecord() *eacl.Record {
 	serviceRecord := eacl.NewRecord()
+	serviceRecord.SetAction(eacl.ActionAllow)
+	serviceRecord.SetOperation(eacl.OperationGet)
 	serviceRecord.AddFilter(eacl.HeaderFromService, eacl.MatchUnknown, serviceRecordResourceKey, s.Resource)
 	serviceRecord.AddFilter(eacl.HeaderFromService, eacl.MatchUnknown, serviceRecordGroupLengthKey, strconv.Itoa(s.GroupRecordsLength))
+	eacl.AddFormedTarget(serviceRecord, eacl.RoleSystem)
 	return serviceRecord
 }

@ -876,8 +879,13 @@ func astToTable(ast *ast) (*eacl.Table, error) {
 }

 func tryServiceRecord(record eacl.Record) *ServiceRecord {
-	if record.Action() != eacl.ActionUnknown || len(record.Targets()) != 0 ||
-		len(record.Filters()) != 2 {
+	if record.Action() != eacl.ActionAllow || record.Operation() != eacl.OperationGet ||
+		len(record.Targets()) != 1 || len(record.Filters()) != 2 {
+		return nil
+	}
+
+	target := record.Targets()[0]
+	if target.Role() != eacl.RoleSystem {
 		return nil
 	}