TrueCloudLab
/
frostfs-node
18
1
Fork 20
Code Issues 87 Pull Requests 6 Actions Releases Activity

[#986] tree: Skip ACL checks if basicACL mask is unset
DCO action / DCO (pull_request) Successful in 1m20s Details
Vulncheck / Vulncheck (pull_request) Successful in 3m0s Details
Build / Build Components (1.21) (pull_request) Successful in 3m43s Details
Build / Build Components (1.20) (pull_request) Successful in 3m52s Details
Tests and linters / Lint (pull_request) Successful in 4m18s Details
Tests and linters / Staticcheck (pull_request) Successful in 5m7s Details
Tests and linters / Tests (1.20) (pull_request) Successful in 7m53s Details
Tests and linters / Tests (1.21) (pull_request) Successful in 8m28s Details
Tests and linters / Tests with -race (pull_request) Successful in 9m13s Details 

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
pull/986/head
Airat Arifullin 2024-02-15 13:59:52 +03:00
parent 88cbe2db55
commit 511a8527d9
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/services/tree/signature.go
View File

@ -77,6 +77,11 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
}
basicACL := cnr.Value.BasicACL()
// Basic ACL mask can be unset, if a container operations are performed
// with strict APE checks only.
if basicACL == 0x0 {
return nil
}
if !basicACL.IsOpAllowed(op, role) {
return basicACLErr(op)