From b73c0c67a2dc4ebcf9dde1671d7ae0ad9823c7db Mon Sep 17 00:00:00 2001
From: Leonard Lyubich <leonard@nspcc.ru>
Date: Fri, 28 May 2021 15:31:00 +0300
Subject: [PATCH] [#525] ir/container: Fix checks without session token

In previous implementation verification of `SetEACL` events failed on events
without session token. It was caused by redundant tries to verify `nil`
session token.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
---
 pkg/innerring/processors/container/process_eacl.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkg/innerring/processors/container/process_eacl.go b/pkg/innerring/processors/container/process_eacl.go
index 529a47d3c..8b4ef1572 100644
--- a/pkg/innerring/processors/container/process_eacl.go
+++ b/pkg/innerring/processors/container/process_eacl.go
@@ -67,10 +67,12 @@ func (cp *Processor) checkSetEACL(e container.SetEACL) error {
 		return err
 	}
 
+	cnr.SetSessionToken(tok)
+
 	// TODO: check verb and container ID
 
 	// check key ownership
-	return cp.checkKeyOwnershipWithToken(cnr, key, tok)
+	return cp.checkKeyOwnership(cnr, key)
 }
 
 func (cp *Processor) approveSetEACL(e container.SetEACL) {