From 15b4287092bd24a80959d19c7f3cea871cfa4feb Mon Sep 17 00:00:00 2001
From: Denis Kirillov <d.kirillov@yadro.com>
Date: Thu, 4 May 2023 18:01:07 +0300
Subject: [PATCH] [#49] bearer: Allow empty eacl if token is impersonated

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
---
 bearer/bearer.go      | 6 +++---
 bearer/bearer_test.go | 4 ++++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/bearer/bearer.go b/bearer/bearer.go
index c0a7d3f..aaea6c3 100644
--- a/bearer/bearer.go
+++ b/bearer/bearer.go
@@ -46,10 +46,12 @@ func (b *Token) readFromV2(m acl.BearerToken, checkFieldPresence bool) error {
 		return errors.New("missing token body")
 	}
 
+	b.impersonate = body.GetImpersonate()
+
 	eaclTable := body.GetEACL()
 	if b.eaclTableSet = eaclTable != nil; b.eaclTableSet {
 		b.eaclTable = *eacl.NewTableFromV2(eaclTable)
-	} else if checkFieldPresence {
+	} else if checkFieldPresence && !b.impersonate {
 		return errors.New("missing eACL table")
 	}
 
@@ -70,8 +72,6 @@ func (b *Token) readFromV2(m acl.BearerToken, checkFieldPresence bool) error {
 		return errors.New("missing token lifetime")
 	}
 
-	b.impersonate = body.GetImpersonate()
-
 	sig := m.GetSignature()
 	if b.sigSet = sig != nil; sig != nil {
 		b.sig = *sig
diff --git a/bearer/bearer_test.go b/bearer/bearer_test.go
index 46826a7..5948bad 100644
--- a/bearer/bearer_test.go
+++ b/bearer/bearer_test.go
@@ -323,6 +323,10 @@ func TestToken_ReadFromV2(t *testing.T) {
 
 	require.NoError(t, val.ReadFromV2(m))
 
+	body.SetEACL(nil)
+	body.SetImpersonate(true)
+	require.NoError(t, val.ReadFromV2(m))
+
 	var m2 acl.BearerToken
 
 	val.WriteToV2(&m2)