[#49] bearer: Allow empty eacl if token is impersonated

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
Denis Kirillov 2023-05-04 18:01:07 +03:00
parent d4fe9a193d
commit 15b4287092
2 changed files with 7 additions and 3 deletions

View file

@ -46,10 +46,12 @@ func (b *Token) readFromV2(m acl.BearerToken, checkFieldPresence bool) error {
return errors.New("missing token body")
}
b.impersonate = body.GetImpersonate()
eaclTable := body.GetEACL()
if b.eaclTableSet = eaclTable != nil; b.eaclTableSet {
b.eaclTable = *eacl.NewTableFromV2(eaclTable)
} else if checkFieldPresence {
} else if checkFieldPresence && !b.impersonate {
return errors.New("missing eACL table")
}
@ -70,8 +72,6 @@ func (b *Token) readFromV2(m acl.BearerToken, checkFieldPresence bool) error {
return errors.New("missing token lifetime")
}
b.impersonate = body.GetImpersonate()
sig := m.GetSignature()
if b.sigSet = sig != nil; sig != nil {
b.sig = *sig

View file

@ -323,6 +323,10 @@ func TestToken_ReadFromV2(t *testing.T) {
require.NoError(t, val.ReadFromV2(m))
body.SetEACL(nil)
body.SetImpersonate(true)
require.NoError(t, val.ReadFromV2(m))
var m2 acl.BearerToken
val.WriteToV2(&m2)