From a57b8d34d34fdaeb38374dd6cc3d32244cd82d85 Mon Sep 17 00:00:00 2001
From: Alex Vanin <alexey@nspcc.ru>
Date: Thu, 7 Jul 2022 12:00:09 +0300
Subject: [PATCH] [#553] Add more comments about eacl.RoleUnknown

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
---
 api/handler/acl.go      | 1 +
 api/handler/acl_test.go | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/api/handler/acl.go b/api/handler/acl.go
index ef7442e5..0f1f80ee 100644
--- a/api/handler/acl.go
+++ b/api/handler/acl.go
@@ -808,6 +808,7 @@ func formRecords(operations []*astOperation, resource *astResource) ([]*eacl.Rec
 				}
 				targetKeys = append(targetKeys, (ecdsa.PublicKey)(*pk))
 			}
+			// Unknown role is used, because it is ignored when keys are set
 			eacl.AddFormedTarget(record, eacl.RoleUnknown, targetKeys...)
 		}
 		if len(resource.Object) != 0 {
diff --git a/api/handler/acl_test.go b/api/handler/acl_test.go
index cae9e157..18afdbe1 100644
--- a/api/handler/acl_test.go
+++ b/api/handler/acl_test.go
@@ -38,6 +38,7 @@ func TestTableToAst(t *testing.T) {
 	record2 := eacl.NewRecord()
 	record2.SetAction(eacl.ActionDeny)
 	record2.SetOperation(eacl.OperationPut)
+	// Unknown role is used, because it is ignored when keys are set
 	eacl.AddFormedTarget(record2, eacl.RoleUnknown, *(*ecdsa.PublicKey)(key.PublicKey()), *((*ecdsa.PublicKey)(key2.PublicKey())))
 	record2.AddObjectAttributeFilter(eacl.MatchStringEqual, object.AttributeFileName, "objectName")
 	record2.AddObjectIDFilter(eacl.MatchStringEqual, id)
@@ -360,6 +361,7 @@ func TestAstToTable(t *testing.T) {
 	record := eacl.NewRecord()
 	record.SetAction(eacl.ActionAllow)
 	record.SetOperation(eacl.OperationPut)
+	// Unknown role is used, because it is ignored when keys are set
 	eacl.AddFormedTarget(record, eacl.RoleUnknown, *(*ecdsa.PublicKey)(key.PublicKey()))
 	expectedTable.AddRecord(record)
 	record2 := eacl.NewRecord()