Add quotes only if closing parenthesis exists.

2023-01-11 11:06:24 -08:00 · 2023-01-11 11:06:24 -08:00 · 49e747a929
parent 2b48b49387
commit 49e747a929
2 changed files with 28 additions and 2 deletions
--- a/src/acl.c
+++ b/src/acl.c
@ -781,6 +781,18 @@ sds ACLDescribeSelector(aclSelector *selector) {
    return res;
 }

+int selectorContainsClosingParanthesis(const sds s) {
+    size_t len = sdslen(s);
+    const char *p = s;
+
+    while (len--) {
+        if (*p == ')') return 1;
+        p++;
+    }
+
+    return 0;
+}
+
 /* This is similar to ACLDescribeSelectorCommandRules(), however instead of
 * describing just the user command rules, everything is described: user
 * flags, keys, passwords and finally the command rules obtained via
@ -822,7 +834,11 @@ robj *ACLDescribeUser(user *u) {
        if (selector->flags & SELECTOR_FLAG_ROOT) {
            res = sdscatfmt(res, "%s", default_perm);
        } else {
-            res = sdscatfmt(res, " \"(%s)\"", default_perm);
+            if (selectorContainsClosingParanthesis(default_perm)) {
+                res = sdscatfmt(res, " \"(%s)\"", default_perm);
+            } else {
+                res = sdscatfmt(res, " (%s)", default_perm);
+            }
        }
        sdsfree(default_perm);
    }
--- a/tests/unit/acl-v2.tcl
+++ b/tests/unit/acl-v2.tcl
@ -492,11 +492,21 @@ start_server [list overrides [list "dir" $server_path "aclfile" "user.acl"] tags

    test {Test selectors with closing parenthesis} {
        r ACL SETUSER selector-store ON NOPASS +@all "(+@all ~bar))"
+        r ACL SETUSER selector-wo-parenthesis ON NOPASS +@all "(+@all ~bar)"

+        # Verify selector is wrapped in quote if parenthesis exists.
+        set response [lindex [r ACL LIST] [lsearch [r ACL LIST] "user selector-store*"]]
+        assert_equal "user selector-store on nopass sanitize-payload resetchannels +@all \"(~bar) resetchannels +@all)\"" $response
+        
+        # Verify selector is not wrapped in quote if parenthesis doesn't exists.
+        set response [lindex [r ACL LIST] [lsearch [r ACL LIST] "user selector-wo-parenthesis*"]]
+        assert_equal "user selector-wo-parenthesis on nopass sanitize-payload resetchannels +@all (~bar resetchannels +@all)" $response
+
+        # Verify the key permissions
        assert_equal "OK" [r ACL DRYRUN selector-store SET bar) world]
        assert_equal "OK" [r ACL DRYRUN selector-store GET bar)]
        assert_match {*has no permissions to access the 'bar))' key*} [r ACL DRYRUN selector-store SET bar)) world]
-    }
+    }   

    test {Test ACL SAVE/LOAD with selectors containing closing parenthesis} {
        set users_before_load [r ACL LIST]