From c89035d544f484e2e61719164adf8269f2c55228 Mon Sep 17 00:00:00 2001
From: Leonard Lyubich <leonard@nspcc.ru>
Date: Thu, 2 Jun 2022 17:34:08 +0300
Subject: [PATCH] [#1471] eacl: Add testcase with incomplete list of object
 headers

Scenario:
 * HEAD request of some object
 * 1st eACL record allows op for objects with specific user attribute
 * 2nd eACL record forbids op by object ID
 * node doesn't store the requested object locally

With this scenario node shouldn't deny request.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
---
 pkg/services/object/acl/eacl/v2/eacl_test.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/pkg/services/object/acl/eacl/v2/eacl_test.go b/pkg/services/object/acl/eacl/v2/eacl_test.go
index 2d12adf55..7eba649cb 100644
--- a/pkg/services/object/acl/eacl/v2/eacl_test.go
+++ b/pkg/services/object/acl/eacl/v2/eacl_test.go
@@ -135,4 +135,20 @@ func TestHeadRequest(t *testing.T) {
 	lStorage.err = errors.New("any error")
 
 	require.Equal(t, eaclSDK.ActionAllow, validator.CalculateAction(unit.WithHeaderSource(newSource(t))))
+
+	r.SetAction(eaclSDK.ActionAllow)
+
+	rID := eaclSDK.NewRecord()
+	rID.SetOperation(eaclSDK.OperationHead)
+	rID.SetAction(eaclSDK.ActionDeny)
+	rID.AddObjectIDFilter(eaclSDK.MatchStringEqual, addr.Object())
+	eaclSDK.AddFormedTarget(rID, eaclSDK.RoleUnknown, (ecdsa.PublicKey)(*senderKey))
+
+	table = eaclSDK.NewTable()
+	table.AddRecord(r)
+	table.AddRecord(rID)
+
+	unit.WithEACLTable(table)
+
+	require.Equal(t, eaclSDK.ActionAllow, validator.CalculateAction(unit.WithHeaderSource(newSource(t))))
 }