[#986] tree: Skip ACL checks if basicACL mask is unset
All checks were successful
DCO action / DCO (pull_request) Successful in 3m7s
Vulncheck / Vulncheck (pull_request) Successful in 3m5s
Build / Build Components (1.20) (pull_request) Successful in 3m55s
Build / Build Components (1.21) (pull_request) Successful in 3m51s
Tests and linters / Staticcheck (pull_request) Successful in 4m30s
Tests and linters / Lint (pull_request) Successful in 5m19s
Tests and linters / Tests (1.20) (pull_request) Successful in 5m56s
Tests and linters / Tests (1.21) (pull_request) Successful in 6m6s
Tests and linters / Tests with -race (pull_request) Successful in 7m25s
All checks were successful
DCO action / DCO (pull_request) Successful in 3m7s
Vulncheck / Vulncheck (pull_request) Successful in 3m5s
Build / Build Components (1.20) (pull_request) Successful in 3m55s
Build / Build Components (1.21) (pull_request) Successful in 3m51s
Tests and linters / Staticcheck (pull_request) Successful in 4m30s
Tests and linters / Lint (pull_request) Successful in 5m19s
Tests and linters / Tests (1.20) (pull_request) Successful in 5m56s
Tests and linters / Tests (1.21) (pull_request) Successful in 6m6s
Tests and linters / Tests with -race (pull_request) Successful in 7m25s
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
This commit is contained in:
parent
2943a56b76
commit
98ce78be0a
1 changed files with 5 additions and 0 deletions
|
|
@ -77,6 +77,11 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
|
||||||
}
|
}
|
||||||
|
|
||||||
basicACL := cnr.Value.BasicACL()
|
basicACL := cnr.Value.BasicACL()
|
||||||
|
// Basic ACL mask can be unset, if a container operations are performed
|
||||||
|
// with strict APE checks only.
|
||||||
|
if basicACL == 0x0 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
if !basicACL.IsOpAllowed(op, role) {
|
if !basicACL.IsOpAllowed(op, role) {
|
||||||
return basicACLErr(op)
|
return basicACLErr(op)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue