From 33b4a6c231175b40196be6d9cb1d934571781473 Mon Sep 17 00:00:00 2001 From: Oliver Gorwits Date: Mon, 26 Jun 2023 19:31:54 +0100 Subject: [PATCH] fix op:and not working for prop:value ACL rules --- lib/App/Netdisco/Util/Permission.pm | 3 ++- xt/20-checkacl.t | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/App/Netdisco/Util/Permission.pm b/lib/App/Netdisco/Util/Permission.pm index e12dd0af..865fd606 100644 --- a/lib/App/Netdisco/Util/Permission.pm +++ b/lib/App/Netdisco/Util/Permission.pm @@ -254,7 +254,7 @@ sub check_acl { } } - return false if $all; + return false if $all and not $found; next RULE; } @@ -317,6 +317,7 @@ sub check_acl { else { return false if $all; } + next RULE; } diff --git a/xt/20-checkacl.t b/xt/20-checkacl.t index 226b5014..523ed96e 100644 --- a/xt/20-checkacl.t +++ b/xt/20-checkacl.t @@ -131,6 +131,9 @@ ok(acl_matches($dip, ['!ip:'. $conf[23]]), '1obj negated instance named property is(acl_matches($dip, ['port:'.$conf[2]]), 0, '1obj failed instance named property deviceport:ip'); ok(acl_matches($dip, ['port:.*GigabitEthernet.*']), '1obj instance named property regexp deviceport:port'); +# AND device properties +ok(acl_matches($dip, ['ip:'.$conf[2], '!ip:'. $conf[23], $conf[20]]), 'AND of 1obj instance and negated instance named property deviceport:ip'); + # DeviceIp no longer has DevicePort slot accessors #ok(acl_matches($dip, ['type:l3ipvlan']), '1obj related item field match'); #ok(acl_matches($dip, ['remote_ip:']), '1obj related item field empty');