From bb455af05fa466b24bbff7c9e18e2144e4505d0b Mon Sep 17 00:00:00 2001
From: Alex Vanin <alexey@nspcc.ru>
Date: Wed, 21 Oct 2020 19:08:22 +0300
Subject: [PATCH] [#106] Ignore bearer token if basic ACL restrict it

There is a bit to allow or deny bearer token check for
each object service method. If this bit is not set then
ignore bearer token and use extended ACL table from
sidechain.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
---
 pkg/services/object/acl/acl.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/services/object/acl/acl.go b/pkg/services/object/acl/acl.go
index 5966ac5d1..b33354004 100644
--- a/pkg/services/object/acl/acl.go
+++ b/pkg/services/object/acl/acl.go
@@ -515,6 +515,11 @@ func eACLCheck(msg interface{}, reqInfo requestInfo, cfg *eACLCfg) bool {
 		return true
 	}
 
+	// if bearer token is not allowed, then ignore it
+	if !reqInfo.basicACL.BearerAllowed(reqInfo.operation) {
+		reqInfo.bearer = nil
+	}
+
 	// if bearer token is not present, isValidBearer returns true
 	if !isValidBearer(reqInfo) {
 		return false