From 7ba7e7dc4db079209593cfa0d7f79b2e722afced Mon Sep 17 00:00:00 2001 From: Denis Kirillov Date: Wed, 20 Jul 2022 16:38:22 +0300 Subject: [PATCH] [#590] Make service records valid Signed-off-by: Denis Kirillov --- api/handler/acl.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/api/handler/acl.go b/api/handler/acl.go index e05c61186..1ea6d5e93 100644 --- a/api/handler/acl.go +++ b/api/handler/acl.go @@ -150,8 +150,11 @@ type ServiceRecord struct { func (s ServiceRecord) ToEACLRecord() *eacl.Record { serviceRecord := eacl.NewRecord() + serviceRecord.SetAction(eacl.ActionAllow) + serviceRecord.SetOperation(eacl.OperationGet) serviceRecord.AddFilter(eacl.HeaderFromService, eacl.MatchUnknown, serviceRecordResourceKey, s.Resource) serviceRecord.AddFilter(eacl.HeaderFromService, eacl.MatchUnknown, serviceRecordGroupLengthKey, strconv.Itoa(s.GroupRecordsLength)) + eacl.AddFormedTarget(serviceRecord, eacl.RoleSystem) return serviceRecord } @@ -876,8 +879,13 @@ func astToTable(ast *ast) (*eacl.Table, error) { } func tryServiceRecord(record eacl.Record) *ServiceRecord { - if record.Action() != eacl.ActionUnknown || len(record.Targets()) != 0 || - len(record.Filters()) != 2 { + if record.Action() != eacl.ActionAllow || record.Operation() != eacl.OperationGet || + len(record.Targets()) != 1 || len(record.Filters()) != 2 { + return nil + } + + target := record.Targets()[0] + if target.Role() != eacl.RoleSystem { return nil }