From 49a767179c42d9ca0822d444cda38679c251a06a Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Thu, 27 Apr 2023 15:38:45 +1000
Subject: [PATCH] Cleanup incorrect log errors of denied entries (#1577)

---
 server/lib/src/server/access/mod.rs | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/server/lib/src/server/access/mod.rs b/server/lib/src/server/access/mod.rs
index 8fc63081e..5a1ca85a6 100644
--- a/server/lib/src/server/access/mod.rs
+++ b/server/lib/src/server/access/mod.rs
@@ -210,6 +210,7 @@ pub trait AccessControlsTransaction<'a> {
         let related_acp: Vec<(&AccessControlSearch, _)> = self.search_related_acp(&se.ident);
 
         // For each entry.
+        let entries_is_empty = entries.is_empty();
         let allowed_entries: Vec<_> = entries
             .into_iter()
             .filter(|e| {
@@ -233,7 +234,9 @@ pub trait AccessControlsTransaction<'a> {
             .collect();
 
         if allowed_entries.is_empty() {
-            security_access!("denied ❌ - no entries were released");
+            if !entries_is_empty {
+                security_access!("denied ❌ - no entries were released");
+            }
         } else {
             security_access!("allowed {} entries ✅", allowed_entries.len());
         }
@@ -272,6 +275,7 @@ pub trait AccessControlsTransaction<'a> {
         };
 
         // For each entry.
+        let entries_is_empty = entries.is_empty();
         let allowed_entries: Vec<_> = entries
             .into_iter()
             .filter_map(|e| {
@@ -321,7 +325,9 @@ pub trait AccessControlsTransaction<'a> {
             .collect();
 
         if allowed_entries.is_empty() {
-            security_access!("reduced to empty set on all entries ❌");
+            if !entries_is_empty {
+                security_access!("reduced to empty set on all entries ❌");
+            }
         } else {
             security_access!(
                 "attribute set reduced on {} entries ✅",