diff --git a/api/handler/acl.go b/api/handler/acl.go index 9db3d8ddd..67d6e9115 100644 --- a/api/handler/acl.go +++ b/api/handler/acl.go @@ -751,14 +751,13 @@ func addUsers(resource *astResource, astO *astOperation, users []string) { func removeUsers(resource *astResource, astOperation *astOperation, users []string) { for _, astOp := range resource.Operations { if astOp.Role == astOperation.Role && astOp.Op == astOperation.Op && astOp.Action == astOperation.Action { - ind := 0 + filteredUsers := astOp.Users[:0] // new slice without allocation for _, user := range astOp.Users { - if containsStr(users, user) { - astOp.Users = append(astOp.Users[:ind], astOp.Users[ind+1:]...) - } else { - ind++ + if !containsStr(users, user) { + filteredUsers = append(filteredUsers, user) } } + astOp.Users = filteredUsers return } } diff --git a/api/handler/acl_test.go b/api/handler/acl_test.go index 3f13eeac5..913991692 100644 --- a/api/handler/acl_test.go +++ b/api/handler/acl_test.go @@ -394,7 +394,7 @@ func TestRemoveUsers(t *testing.T) { Bucket: "bucket", }, Operations: []*astOperation{{ - Users: []string{"user1", "user3"}, + Users: []string{"user1", "user3", "user4"}, Role: eacl.RoleUser, Op: eacl.OperationPut, Action: eacl.ActionAllow, @@ -407,11 +407,10 @@ func TestRemoveUsers(t *testing.T) { Action: eacl.ActionAllow, } - removeUsers(resource, op, []string{"user1", "user2"}) + removeUsers(resource, op, []string{"user1", "user2", "user4"}) require.Equal(t, len(resource.Operations), 1) - require.Equal(t, resource.Name(), resource.Name()) - require.Equal(t, resource.Operations[0].Users, []string{"user3"}) + require.Equal(t, []string{"user3"}, resource.Operations[0].Users) } func TestBucketAclToPolicy(t *testing.T) {