Session token can be presented `Put`, `Delete` and `SetEACL` notification
events. IR should consider this case as issuing a power of attorney to a
third party. Thus, checking the eligibility for an operation should be
complicated:
- token owner should be the owner of the related container;
- the intent must be signed with a session key;
- the power of attorney must be signed by the owner of the container.
Omitted checks (TBD):
- session token should have container session context;
- the verb of the context should correspond to the operation.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Approved eACL table should be stored in sidechain along with related session
token.
Forward session token from `SetEACL` event to `Wrapper.PutEACL` method.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
`SetEACL` method of latest `Container` contract accepts binary session token
as an argument.
Provide `SetEACLArgs.SetSessionToken` method. Accept session token as a
`[]byte` in `Wrapper.PutEACL` method and attach it to `SetEACLArgs`. Marshal
session token from container in `wrapper.PutEACL` function and pass it to
the method.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make `Get` method of the wrapper over Container contract's client to
accept binary container ID. Create `Get` function similar to the previous
`Get` variation. Use this function in Container service server in the place
where `Get` method was used.
Additionally implement `AsContainerSource` function which allows
to simply compose container Source interface from the wrapper.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Use NeoFS ID contract client to check if public key from notification event
is tied to the owner of the container for which the eACL is being changed.
Approve changes coming from the owner of the container only.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Add signature check to `checkSetEACL` method of the `setEACL` notification
handler in Container processor.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Implement `handleSetEACL` method similar to other handling methods in
Container processor. To begin with, the validation logic is skipped, and all
tables will be sent to the contract. In the future, the necessary checks
will be implemented. Listening for events in the IR node will also be added.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
