dir: always return complete access file

See upspin/upspin#677
vvanpo · Jan 21, 2025 · fde47cb · fde47cb
1 parent 28daf7c
commit fde47cb
Showing 1 changed file with 7 additions and 31 deletions.
diff --git a/dirserver/whichaccess.go b/dirserver/whichaccess.go
@@ -2,7 +2,6 @@ package dirserver
 
 import (
 	"context"
-	"log/slog"
 
 	"upspin.io/access"
 	"upspin.io/errors"
@@ -16,7 +15,6 @@ If the WhichAccess path...
 - look for the nearest directory entry on the path (including the final element) that contains an entry named Access, regardless of whether the path or some of its ancestors exist, and..
   - if no Access file is found and the user is the owner of the tree, return nil, else errors.Private
   - if an Access file is found, and the user has any access right described within, return the entry for the Access file, else errors.Private
-    - if the user has no read rights, return the entry without blocks or packdata and marked as incomplete
 
 TODO snapshot trees; always return nil
 TODO if a request with a non-existent path contains an ancestor element that is a file instead of a directory, what should be returned?
@@ -38,7 +36,7 @@ func (d *dialed) WhichAccess(name upspin.PathName) (*upspin.DirEntry, error) {
 	}
 
 	e := es[len(es)-1]
-	ae, err := d.accessFor(ctx, e)
+	ae, err := d.accessFor(ctx, p, e.Attr == upspin.AttrDirectory)
 	if err != nil {
 		return nil, d.internalErr(ctx, op, name, err)
 	}
@@ -54,9 +52,7 @@ func (d *dialed) WhichAccess(name upspin.PathName) (*upspin.DirEntry, error) {
 			d.log.ErrorContext(
 				ctx,
 				"access file cannot be retrieved or parsed",
-				slog.String("op", string(op)),
-				slog.String("name", string(name)),
-				slog.Any("err", err),
+				"err", err,
 			)
 		}
 	}
@@ -73,10 +69,8 @@ func (d *dialed) WhichAccess(name upspin.PathName) (*upspin.DirEntry, error) {
 		d.log.ErrorContext(
 			ctx,
 			"access check failed",
-			slog.String("right", access.AnyRight.String()),
-			slog.String("op", string(op)),
-			slog.String("name", string(name)),
-			slog.Any("err", err),
+			"right", access.AnyRight.String(),
+			"err", err,
 		)
 	} else if !granted {
 		return nil, errors.E(op, name, errors.Private)
@@ -86,31 +80,13 @@ func (d *dialed) WhichAccess(name upspin.PathName) (*upspin.DirEntry, error) {
 		return e, upspin.ErrFollowLink
 	}
 
-	if ae == nil {
-		return nil, nil
-	}
-
-	if canRead, err := a.Can(d.requester, access.Read, ae.Name, getGroup); err != nil {
-		d.log.ErrorContext(
-			ctx,
-			"access check failed",
-			slog.String("right", access.Read.String()),
-			slog.String("op", string(op)),
-			slog.String("name", string(name)),
-			slog.Any("err", err),
-		)
-	} else if !canRead {
-		ae.MarkIncomplete()
-	}
-
 	return ae, nil
 }
 
-// Returns the access file entry defining access rules for the passed entry.
+// Returns the access file entry defining access rules for the path.
 // Does not follow links.
-func (s *server) accessFor(ctx context.Context, e *upspin.DirEntry) (*upspin.DirEntry, error) {
-	p, _ := path.Parse(e.Name)
-	if e.Attr != upspin.AttrDirectory {
+func (s *server) accessFor(ctx context.Context, p path.Parsed, isDir bool) (*upspin.DirEntry, error) {
+	if !isDir {
 		p = p.Drop(1)
 	}