final tunings

treeverse · Nov 10, 2024 · 7992c4b · 7992c4b
1 parent 7b304cc
commit 7992c4b
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 14 deletions.
diff --git a/pkg/api/controller_test.go b/pkg/api/controller_test.go
@@ -5388,7 +5388,7 @@ func TestCheckPermissions_UnpermittedRequests(t *testing.T) {
 				},
 			},
 			expected: "denied permission to fs:DeleteRepository",
-		}, /////////////////////////////////////////////////////////////////
+		},
 		{
 			name: "deny multiple actions, one concerning the request",
 			node: permissions.Node{
@@ -5411,8 +5411,7 @@ func TestCheckPermissions_UnpermittedRequests(t *testing.T) {
 				},
 			},
 			expected: "denied permission to fs:DeleteRepository",
-		}, /////////////////////////////////////////////////////////////////
-		{
+		}, {
 			name: "neutral action",
 			node: permissions.Node{
 				Type: permissions.NodeTypeNode,
@@ -5433,9 +5432,8 @@ func TestCheckPermissions_UnpermittedRequests(t *testing.T) {
 					},
 				},
 			},
-			expected: "missing permission to fs:ReadRepository",
-		}, /////////////////////////////////////////////////////////////////
-		{
+			expected: "not allowed to fs:ReadRepository",
+		}, {
 			name: "nodeAnd no policy, returns first missing one",
 			node: permissions.Node{
 				Type: permissions.NodeTypeAnd,
@@ -5457,9 +5455,8 @@ func TestCheckPermissions_UnpermittedRequests(t *testing.T) {
 				},
 			},
 			username: "user1",
-			expected: "missing permission to fs:CreateRepository",
-		},
-		{
+			expected: "not allowed to fs:CreateRepository",
+		}, {
 			name: "nodeAnd one policy, returns first missing policy",
 			node: permissions.Node{
 				Type: permissions.NodeTypeAnd,
@@ -5492,7 +5489,7 @@ func TestCheckPermissions_UnpermittedRequests(t *testing.T) {
 					},
 				},
 			},
-			expected: "missing permission to fs:AttachStorageNamespace",
+			expected: "not allowed to fs:AttachStorageNamespace",
 		},
 	}
 	for _, tc := range testCases {

diff --git a/pkg/auth/service.go b/pkg/auth/service.go
@@ -1160,7 +1160,7 @@ func (n *MissingPermissions) String() string {
 		return fmt.Sprintf("denied permission to %s", strings.Join(n.Denied, ","))
 	}
 	if len(n.Unauthorized) != 0 {
-		return fmt.Sprintf("missing permission to %s", strings.Join(n.Unauthorized, ","))
+		return fmt.Sprintf("not allowed to %s", strings.Join(n.Unauthorized, ","))
 	}
 	return UserNotAllowed
 }
@@ -1186,10 +1186,10 @@ func CheckPermissions(ctx context.Context, node permissions.Node, username strin
 						// this is a "Deny" and it takes precedence
 						permAudit.Denied = append(permAudit.Denied, action)
 						return CheckDeny
-					} else {
-						hasPermission = true
-						allowed = CheckAllow
 					}
+					hasPermission = true
+					allowed = CheckAllow
+
 				}
 			}
 		}