[#106] Ignore bearer token if basic ACL restrict it

There is a bit to allow or deny bearer token check for
each object service method. If this bit is not set then
ignore bearer token and use extended ACL table from
sidechain.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
Alex Vanin 2020-10-21 19:08:22 +03:00 committed by Alex Vanin
parent 89cd2ad463
commit bb455af05f

View file

@ -515,6 +515,11 @@ func eACLCheck(msg interface{}, reqInfo requestInfo, cfg *eACLCfg) bool {
return true return true
} }
// if bearer token is not allowed, then ignore it
if !reqInfo.basicACL.BearerAllowed(reqInfo.operation) {
reqInfo.bearer = nil
}
// if bearer token is not present, isValidBearer returns true // if bearer token is not present, isValidBearer returns true
if !isValidBearer(reqInfo) { if !isValidBearer(reqInfo) {
return false return false