135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix op:and not working for prop:value ACL rules

Browse Source
This commit is contained in:
Oliver Gorwits
2023-06-26 19:31:54 +01:00
parent 2da15f9c33
commit 33b4a6c231
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/App/Netdisco/Util/Permission.pm
View File

@@ -254,7 +254,7 @@ sub check_acl {
}
}
return false if $all;
return false if $all and not $found;
next RULE;
}
@@ -317,6 +317,7 @@ sub check_acl {
else {
return false if $all;
}
next RULE;
}

3
xt/20-checkacl.t
View File

@@ -131,6 +131,9 @@ ok(acl_matches($dip, ['!ip:'. $conf[23]]), '1obj negated instance named property
is(acl_matches($dip, ['port:'.$conf[2]]), 0, '1obj failed instance named property deviceport:ip');
ok(acl_matches($dip, ['port:.*GigabitEthernet.*']), '1obj instance named property regexp deviceport:port');
# AND device properties
ok(acl_matches($dip, ['ip:'.$conf[2], '!ip:'. $conf[23], $conf[20]]), 'AND of 1obj instance and negated instance named property deviceport:ip');
# DeviceIp no longer has DevicePort slot accessors
#ok(acl_matches($dip, ['type:l3ipvlan']), '1obj related item field match');
#ok(acl_matches($dip, ['remote_ip:']), '1obj related item field empty');