2022-02-11 12:25:05 +00:00
|
|
|
package v2
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
2022-03-17 08:25:33 +00:00
|
|
|
|
2023-03-07 13:38:26 +00:00
|
|
|
apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
|
2022-02-11 12:25:05 +00:00
|
|
|
)
|
|
|
|
|
2022-11-10 17:46:52 +00:00
|
|
|
const invalidRequestMessage = "malformed request"
|
|
|
|
|
|
|
|
func malformedRequestError(reason string) error {
|
|
|
|
return fmt.Errorf("%s: %s", invalidRequestMessage, reason)
|
|
|
|
}
|
|
|
|
|
2022-02-11 12:25:05 +00:00
|
|
|
var (
|
2022-11-10 17:46:52 +00:00
|
|
|
errEmptyBody = malformedRequestError("empty body")
|
|
|
|
errEmptyVerificationHeader = malformedRequestError("empty verification header")
|
|
|
|
errEmptyBodySig = malformedRequestError("empty at body signature")
|
|
|
|
errInvalidSessionSig = malformedRequestError("invalid session token signature")
|
|
|
|
errInvalidSessionOwner = malformedRequestError("invalid session token owner")
|
|
|
|
errInvalidVerb = malformedRequestError("session token verb is invalid")
|
2022-02-11 12:25:05 +00:00
|
|
|
)
|
|
|
|
|
2023-10-31 11:56:55 +00:00
|
|
|
const (
|
|
|
|
accessDeniedACLReasonFmt = "access to operation %s is denied by basic ACL check"
|
|
|
|
accessDeniedEACLReasonFmt = "access to operation %s is denied by extended ACL check: %v"
|
|
|
|
)
|
2022-02-11 12:25:05 +00:00
|
|
|
|
2022-03-18 11:04:32 +00:00
|
|
|
func eACLErr(info RequestInfo, err error) error {
|
2023-08-01 13:21:34 +00:00
|
|
|
errAccessDenied := &apistatus.ObjectAccessDenied{}
|
2022-03-18 11:04:32 +00:00
|
|
|
errAccessDenied.WriteReason(fmt.Sprintf(accessDeniedEACLReasonFmt, info.operation, err))
|
2022-03-17 08:25:33 +00:00
|
|
|
|
|
|
|
return errAccessDenied
|
2022-02-11 12:25:05 +00:00
|
|
|
}
|