forked from TrueCloudLab/frostfs-node
[#1471] eacl: Add testcase with incomplete list of object headers
Scenario: * HEAD request of some object * 1st eACL record allows op for objects with specific user attribute * 2nd eACL record forbids op by object ID * node doesn't store the requested object locally With this scenario node shouldn't deny request. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
parent
f9504c1cba
commit
c89035d544
1 changed files with 16 additions and 0 deletions
|
@ -135,4 +135,20 @@ func TestHeadRequest(t *testing.T) {
|
||||||
lStorage.err = errors.New("any error")
|
lStorage.err = errors.New("any error")
|
||||||
|
|
||||||
require.Equal(t, eaclSDK.ActionAllow, validator.CalculateAction(unit.WithHeaderSource(newSource(t))))
|
require.Equal(t, eaclSDK.ActionAllow, validator.CalculateAction(unit.WithHeaderSource(newSource(t))))
|
||||||
|
|
||||||
|
r.SetAction(eaclSDK.ActionAllow)
|
||||||
|
|
||||||
|
rID := eaclSDK.NewRecord()
|
||||||
|
rID.SetOperation(eaclSDK.OperationHead)
|
||||||
|
rID.SetAction(eaclSDK.ActionDeny)
|
||||||
|
rID.AddObjectIDFilter(eaclSDK.MatchStringEqual, addr.Object())
|
||||||
|
eaclSDK.AddFormedTarget(rID, eaclSDK.RoleUnknown, (ecdsa.PublicKey)(*senderKey))
|
||||||
|
|
||||||
|
table = eaclSDK.NewTable()
|
||||||
|
table.AddRecord(r)
|
||||||
|
table.AddRecord(rID)
|
||||||
|
|
||||||
|
unit.WithEACLTable(table)
|
||||||
|
|
||||||
|
require.Equal(t, eaclSDK.ActionAllow, validator.CalculateAction(unit.WithHeaderSource(newSource(t))))
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue