diff --git a/api/handler/acl.go b/api/handler/acl.go index ef7442e..0f1f80e 100644 --- a/api/handler/acl.go +++ b/api/handler/acl.go @@ -808,6 +808,7 @@ func formRecords(operations []*astOperation, resource *astResource) ([]*eacl.Rec } targetKeys = append(targetKeys, (ecdsa.PublicKey)(*pk)) } + // Unknown role is used, because it is ignored when keys are set eacl.AddFormedTarget(record, eacl.RoleUnknown, targetKeys...) } if len(resource.Object) != 0 { diff --git a/api/handler/acl_test.go b/api/handler/acl_test.go index cae9e15..18afdbe 100644 --- a/api/handler/acl_test.go +++ b/api/handler/acl_test.go @@ -38,6 +38,7 @@ func TestTableToAst(t *testing.T) { record2 := eacl.NewRecord() record2.SetAction(eacl.ActionDeny) record2.SetOperation(eacl.OperationPut) + // Unknown role is used, because it is ignored when keys are set eacl.AddFormedTarget(record2, eacl.RoleUnknown, *(*ecdsa.PublicKey)(key.PublicKey()), *((*ecdsa.PublicKey)(key2.PublicKey()))) record2.AddObjectAttributeFilter(eacl.MatchStringEqual, object.AttributeFileName, "objectName") record2.AddObjectIDFilter(eacl.MatchStringEqual, id) @@ -360,6 +361,7 @@ func TestAstToTable(t *testing.T) { record := eacl.NewRecord() record.SetAction(eacl.ActionAllow) record.SetOperation(eacl.OperationPut) + // Unknown role is used, because it is ignored when keys are set eacl.AddFormedTarget(record, eacl.RoleUnknown, *(*ecdsa.PublicKey)(key.PublicKey())) expectedTable.AddRecord(record) record2 := eacl.NewRecord()