From 11347602719a764179a74382076de4430936d7ad Mon Sep 17 00:00:00 2001
From: Evgenii Stratonikov <e.stratonikov@yadro.com>
Date: Wed, 9 Oct 2024 10:55:48 +0300
Subject: [PATCH] [#1425] services/tree: Remove eACL mentions from bearer token
 parsing errors

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
---
 pkg/services/tree/signature.go | 30 ++++++------------------------
 1 file changed, 6 insertions(+), 24 deletions(-)

diff --git a/pkg/services/tree/signature.go b/pkg/services/tree/signature.go
index 305adf2d7..20a629fcc 100644
--- a/pkg/services/tree/signature.go
+++ b/pkg/services/tree/signature.go
@@ -15,7 +15,6 @@ import (
 	cidSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
 	frostfsecdsa "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto/ecdsa"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 )
@@ -27,10 +26,6 @@ type message interface {
 	SetSignature(*Signature)
 }
 
-func eACLErr(op eacl.Operation, err error) error {
-	return fmt.Errorf("access to operation %s is denied by extended ACL check: %w", op, err)
-}
-
 var (
 	errBearerWrongContainer = errors.New("bearer token is created for another container")
 	errBearerSignature      = errors.New("invalid bearer token signature")
@@ -57,11 +52,9 @@ func (s *Service) verifyClient(ctx context.Context, req message, cid cidSDK.ID,
 		return fmt.Errorf("can't get container %s: %w", cid, err)
 	}
 
-	eaclOp := eACLOp(op)
-
-	bt, err := parseBearer(rawBearer, cid, eaclOp)
+	bt, err := parseBearer(rawBearer, cid)
 	if err != nil {
-		return err
+		return fmt.Errorf("access to operation %s is denied: %w", op, err)
 	}
 
 	role, pubKey, err := roleAndPubKeyFromReq(cnr, req, bt)
@@ -93,20 +86,20 @@ func (s *Service) isAuthorized(req message, op acl.Op) (bool, error) {
 	return false, nil
 }
 
-func parseBearer(rawBearer []byte, cid cidSDK.ID, eaclOp eacl.Operation) (*bearer.Token, error) {
+func parseBearer(rawBearer []byte, cid cidSDK.ID) (*bearer.Token, error) {
 	if len(rawBearer) == 0 {
 		return nil, nil
 	}
 
 	bt := new(bearer.Token)
 	if err := bt.Unmarshal(rawBearer); err != nil {
-		return nil, eACLErr(eaclOp, fmt.Errorf("invalid bearer token: %w", err))
+		return nil, fmt.Errorf("invalid bearer token: %w", err)
 	}
 	if !bt.AssertContainer(cid) {
-		return nil, eACLErr(eaclOp, errBearerWrongContainer)
+		return nil, errBearerWrongContainer
 	}
 	if !bt.VerifySignature() {
-		return nil, eACLErr(eaclOp, errBearerSignature)
+		return nil, errBearerSignature
 	}
 	return bt, nil
 }
@@ -184,14 +177,3 @@ func roleAndPubKeyFromReq(cnr *core.Container, req message, bt *bearer.Token) (a
 
 	return role, pub, nil
 }
-
-func eACLOp(op acl.Op) eacl.Operation {
-	switch op {
-	case acl.OpObjectGet:
-		return eacl.OperationGet
-	case acl.OpObjectPut:
-		return eacl.OperationPut
-	default:
-		panic(fmt.Sprintf("unexpected tree service ACL operation: %s", op))
-	}
-}