From 807c0a1321456ae3896c7ae0d6edf6711c4c6799 Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Mon, 10 Oct 2022 19:53:04 +0400 Subject: [PATCH] [#1859] services/object: Do not session check relation in PUT It doesn't make sense to check object relation in session check of `ObjectService.Put` RPC which has been spawned by `ObjectService.Delete` with session. Session issuer can't predict identifier of the tombstone object to be created. Signed-off-by: Leonard Lyubich --- pkg/services/object/acl/v2/service.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/pkg/services/object/acl/v2/service.go b/pkg/services/object/acl/v2/service.go index 756422c901..0680c4187b 100644 --- a/pkg/services/object/acl/v2/service.go +++ b/pkg/services/object/acl/v2/service.go @@ -488,7 +488,15 @@ func (p putStreamBasicChecker) Send(request *objectV2.PutRequest) error { return fmt.Errorf("invalid session token: %w", err) } - err = assertSessionRelation(*sTok, cnr, obj) + if sTok.AssertVerb(sessionSDK.VerbObjectDelete) { + // if session relates to object's removal, we don't check + // relation of the tombstone to the session here since user + // can't predict tomb's ID. + err = assertSessionRelation(*sTok, cnr, nil) + } else { + err = assertSessionRelation(*sTok, cnr, obj) + } + if err != nil { return err }