[#49] bearer: Allow empty eacl if token is impersonated
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
parent
d4fe9a193d
commit
15b4287092
2 changed files with 7 additions and 3 deletions
|
@ -46,10 +46,12 @@ func (b *Token) readFromV2(m acl.BearerToken, checkFieldPresence bool) error {
|
|||
return errors.New("missing token body")
|
||||
}
|
||||
|
||||
b.impersonate = body.GetImpersonate()
|
||||
|
||||
eaclTable := body.GetEACL()
|
||||
if b.eaclTableSet = eaclTable != nil; b.eaclTableSet {
|
||||
b.eaclTable = *eacl.NewTableFromV2(eaclTable)
|
||||
} else if checkFieldPresence {
|
||||
} else if checkFieldPresence && !b.impersonate {
|
||||
return errors.New("missing eACL table")
|
||||
}
|
||||
|
||||
|
@ -70,8 +72,6 @@ func (b *Token) readFromV2(m acl.BearerToken, checkFieldPresence bool) error {
|
|||
return errors.New("missing token lifetime")
|
||||
}
|
||||
|
||||
b.impersonate = body.GetImpersonate()
|
||||
|
||||
sig := m.GetSignature()
|
||||
if b.sigSet = sig != nil; sig != nil {
|
||||
b.sig = *sig
|
||||
|
|
|
@ -323,6 +323,10 @@ func TestToken_ReadFromV2(t *testing.T) {
|
|||
|
||||
require.NoError(t, val.ReadFromV2(m))
|
||||
|
||||
body.SetEACL(nil)
|
||||
body.SetImpersonate(true)
|
||||
require.NoError(t, val.ReadFromV2(m))
|
||||
|
||||
var m2 acl.BearerToken
|
||||
|
||||
val.WriteToV2(&m2)
|
||||
|
|
Loading…
Reference in a new issue