Skip to content

Commit

Permalink
[#590] Make service records valid
Browse files Browse the repository at this point in the history 
Signed-off-by: Denis Kirillov <[email protected]>
  • Loading branch information
@KirillovDenis @alexvanin
KirillovDenis authored and alexvanin committed Jul 20, 2022
1 parent 1e26cf1 commit 7ba7e7d
Showing 1 changed file with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions api/handler/acl.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,8 +150,11 @@ type ServiceRecord struct {

func (s ServiceRecord) ToEACLRecord() *eacl.Record {
serviceRecord := eacl.NewRecord()
serviceRecord.SetAction(eacl.ActionAllow)
serviceRecord.SetOperation(eacl.OperationGet)
serviceRecord.AddFilter(eacl.HeaderFromService, eacl.MatchUnknown, serviceRecordResourceKey, s.Resource)
serviceRecord.AddFilter(eacl.HeaderFromService, eacl.MatchUnknown, serviceRecordGroupLengthKey, strconv.Itoa(s.GroupRecordsLength))
eacl.AddFormedTarget(serviceRecord, eacl.RoleSystem)
return serviceRecord
}

Expand Down Expand Up @@ -876,8 +879,13 @@ func astToTable(ast *ast) (*eacl.Table, error) {
}

func tryServiceRecord(record eacl.Record) *ServiceRecord {
if record.Action() != eacl.ActionUnknown || len(record.Targets()) != 0 ||
len(record.Filters()) != 2 {
if record.Action() != eacl.ActionAllow || record.Operation() != eacl.OperationGet ||
len(record.Targets()) != 1 || len(record.Filters()) != 2 {
return nil
}

target := record.Targets()[0]
if target.Role() != eacl.RoleSystem {
return nil
}

Expand Down

0 comments on commit 7ba7e7d

Please sign in to comment.