[#1471] eacl: Add testcase with incomplete list of object headers

Scenario:
 * HEAD request of some object
 * 1st eACL record allows op for objects with specific user attribute
 * 2nd eACL record forbids op by object ID
 * node doesn't store the requested object locally

With this scenario node shouldn't deny request.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2022-06-02 17:34:08 +03:00 committed by LeL
parent f9504c1cba
commit c89035d544

View file

@ -135,4 +135,20 @@ func TestHeadRequest(t *testing.T) {
lStorage.err = errors.New("any error") lStorage.err = errors.New("any error")
require.Equal(t, eaclSDK.ActionAllow, validator.CalculateAction(unit.WithHeaderSource(newSource(t)))) require.Equal(t, eaclSDK.ActionAllow, validator.CalculateAction(unit.WithHeaderSource(newSource(t))))
r.SetAction(eaclSDK.ActionAllow)
rID := eaclSDK.NewRecord()
rID.SetOperation(eaclSDK.OperationHead)
rID.SetAction(eaclSDK.ActionDeny)
rID.AddObjectIDFilter(eaclSDK.MatchStringEqual, addr.Object())
eaclSDK.AddFormedTarget(rID, eaclSDK.RoleUnknown, (ecdsa.PublicKey)(*senderKey))
table = eaclSDK.NewTable()
table.AddRecord(r)
table.AddRecord(rID)
unit.WithEACLTable(table)
require.Equal(t, eaclSDK.ActionAllow, validator.CalculateAction(unit.WithHeaderSource(newSource(t))))
} }