ACL does not intercept messages with no key_expr

zenoh/src/net/routing/interceptor/access_control.rs

@@ -162,22 +162,22 @@ impl InterceptorTrait for IngressAclEnforcer {
                     None
                 }
             })
-            .or_else(|| ctx.full_expr())?;
+            .or_else(|| ctx.full_expr());
 
         match &ctx.msg.body {
             NetworkBody::Push(Push {
                 payload: PushBody::Put(_),
                 ..
             }) => {
-                if self.action(Action::Put, "Put (ingress)", key_expr) == Permission::Deny {
+                if self.action(Action::Put, "Put (ingress)", key_expr?) == Permission::Deny {
                     return None;
                 }
             }
             NetworkBody::Request(Request {
                 payload: RequestBody::Query(_),
                 ..
             }) => {
-                if self.action(Action::Get, "Get (ingress)", key_expr) == Permission::Deny {
+                if self.action(Action::Get, "Get (ingress)", key_expr?) == Permission::Deny {
                     return None;
                 }
             }
@@ -188,7 +188,7 @@ impl InterceptorTrait for IngressAclEnforcer {
                 if self.action(
                     Action::DeclareSubscriber,
                     "Declare Subscriber (ingress)",
-                    key_expr,
+                    key_expr?,
                 ) == Permission::Deny
                 {
                     return None;
@@ -201,7 +201,7 @@ impl InterceptorTrait for IngressAclEnforcer {
                 if self.action(
                     Action::DeclareQueryable,
                     "Declare Queryable (ingress)",
-                    key_expr,
+                    key_expr?,
                 ) == Permission::Deny
                 {
                     return None;
@@ -222,6 +222,7 @@ impl InterceptorTrait for EgressAclEnforcer {
         ctx: RoutingContext<NetworkMessage>,
         cache: Option<&Box<dyn Any + Send + Sync>>,
     ) -> Option<RoutingContext<NetworkMessage>> {
+        tracing::debug!("EGRESS INTERCEPT {:?}", ctx.msg);
         let key_expr = cache
             .and_then(|i| match i.downcast_ref::<String>() {
                 Some(e) => Some(e.as_str()),
@@ -230,22 +231,22 @@ impl InterceptorTrait for EgressAclEnforcer {
                     None
                 }
             })
-            .or_else(|| ctx.full_expr())?;
+            .or_else(|| ctx.full_expr());
 
         match &ctx.msg.body {
             NetworkBody::Push(Push {
                 payload: PushBody::Put(_),
                 ..
             }) => {
-                if self.action(Action::Put, "Put (egress)", key_expr) == Permission::Deny {
+                if self.action(Action::Put, "Put (egress)", key_expr?) == Permission::Deny {
                     return None;
                 }
             }
             NetworkBody::Request(Request {
                 payload: RequestBody::Query(_),
                 ..
             }) => {
-                if self.action(Action::Get, "Get (egress)", key_expr) == Permission::Deny {
+                if self.action(Action::Get, "Get (egress)", key_expr?) == Permission::Deny {
                     return None;
                 }
             }
@@ -256,7 +257,7 @@ impl InterceptorTrait for EgressAclEnforcer {
                 if self.action(
                     Action::DeclareSubscriber,
                     "Declare Subscriber (egress)",
-                    key_expr,
+                    key_expr?,
                 ) == Permission::Deny
                 {
                     return None;
@@ -269,7 +270,7 @@ impl InterceptorTrait for EgressAclEnforcer {
                 if self.action(
                     Action::DeclareQueryable,
                     "Declare Queryable (egress)",
-                    key_expr,
+                    key_expr?,
                 ) == Permission::Deny
                 {
                     return None;