status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Ensure that we return a permission denied only if the list of keys/entries prior to filtering by ACL is non empty

This commit is contained in:
Preetha Appan 2017-08-09 15:32:18 -05:00
parent d42c743c84
commit 3276891142
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
agent/consul/filter.go
View File

@ -25,7 +25,7 @@ func (d *dirEntFilter) Move(dst, src, span int) {
func FilterDirEnt(acl acl.ACL, ent structs.DirEntries) (structs.DirEntries, error) {
df := dirEntFilter{acl: acl, ent: ent}
filtered := ent[:FilterEntries(&df)]
if len(filtered) == 0 {
if len(ent) > 0 && len(filtered) == 0 {
return nil, errPermissionDenied
}
return filtered, nil
@ -52,7 +52,7 @@ func (k *keyFilter) Move(dst, src, span int) {
func FilterKeys(acl acl.ACL, keys []string) ([]string, error) {
kf := keyFilter{acl: acl, keys: keys}
filteredKeys := keys[:FilterEntries(&kf)]
if len(filteredKeys) == 0 {
if len(keys) > 0 && len(filteredKeys) == 0 {
return nil, errPermissionDenied
}
return filteredKeys, nil
@ -84,7 +84,7 @@ func (t *txnResultsFilter) Move(dst, src, span int) {
func FilterTxnResults(acl acl.ACL, results structs.TxnResults) (structs.TxnResults, error) {
rf := txnResultsFilter{acl: acl, results: results}
filtered := results[:FilterEntries(&rf)]
if len(filtered) == 0 {
if len(results) > 0 && len(filtered) == 0 {
return nil, errPermissionDenied
}
return filtered, nil

12
agent/consul/filter_test.go
View File

@ -32,6 +32,10 @@ func TestFilter_DirEnt(t *testing.T) {
in: []string{"abe", "foo/1", "foo/2", "foo/3", "nope"},
out: []string{"foo/1", "foo/2", "foo/3"},
},
tcase{
in: []string{},
out: nil,
},
}
for _, tc := range cases {
@ -78,6 +82,10 @@ func TestFilter_Keys(t *testing.T) {
in: []string{"abe", "foo/1", "foo/2", "foo/3", "nope"},
out: []string{"foo/1", "foo/2", "foo/3"},
},
tcase{
in: []string{},
out: []string{},
},
}
for _, tc := range cases {
@ -116,6 +124,10 @@ func TestFilter_TxnResults(t *testing.T) {
in: []string{"abe", "foo/1", "foo/2", "foo/3", "nope"},
out: []string{"foo/1", "foo/2", "foo/3"},
},
tcase{
in: []string{},
out: nil,
},
}
for _, tc := range cases {