Commit graph

5 commits

Author SHA1 Message Date
Leonard Lyubich
d38377793a [#32] acl: Remove gogoproto from typedef
There is a need to remove gogoproto usage from NeoFS API since this plugin
is not cross-language. This commit removes usage from acl package.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-08-06 23:34:03 +03:00
Leonard Lyubich
fccd753a5d [#31] refs: Use ContainerID message in all services
Change the type of all fields for the container identifier to refs.ContainerID.
This will allow to follow a single format and not duplicate its description.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-08-06 22:00:01 +03:00
Alex Vanin
27171ef753 [#21] Add container id into EACLTable message
EACLTable message and signature stored in blockchain storage.
If owner has several containers, malicious node can return
correct EACLTable of the container other than client actually
requested. With container id field in the EACLTable, this
malicious behaviour can be detected.

ContainerID has id 1, so contract can easily cut container id
from byte sequence.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-08-03 18:03:34 +03:00
Leonard Lyubich
089c6f1928 acl: Define EACLTable message for the table of extended ACL rules 2020-07-08 10:22:07 +03:00
alexvanin
afd55ac90b acl: Define target of access control rules
Basic NeoFS ACL applies access rules to request sender. Request
senders are combined in groups that calls `targets`.

Basic ACL rules may be applied to these targets:

  1. User - request sender is the owner of the container,
     used in the request.

  2. System - request sender is the storage node
     within the container used in the request or
     inner ring node.

  3. Others - request sender is none of the above.

 Extended ACL rules may be applied for targets, provided with
 extra information.

  4. PubKey - request sender has provided public key.
2020-04-01 21:02:46 +03:00