From 2ffcd02ac31ad10b7bc8f4901b4e756f7f007443 Mon Sep 17 00:00:00 2001 From: Pavel Karpy Date: Mon, 12 Sep 2022 14:10:32 +0300 Subject: [PATCH] [#1628] tree: Document ACL checks in tree service Signed-off-by: Pavel Karpy --- pkg/services/tree/service.proto | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/pkg/services/tree/service.proto b/pkg/services/tree/service.proto index 43aba82c4..e1f8d678c 100644 --- a/pkg/services/tree/service.proto +++ b/pkg/services/tree/service.proto @@ -12,6 +12,21 @@ option go_package = "github.com/nspcc-dev/neofs-node/pkg/services/tree"; service TreeService { /* Client API */ + // Client methods are mapped to the object RPC: + // [ Add, AddByPath, Remove, Move ] -> PUT; + // [ GetNodeByPath, GetSubTree ] -> GET. + // One of the following must be true: + // - a signer passes non-extended basic ACL; + // - a signer passes extended basic ACL AND bearer token is + // attached AND the basic ACL allows attaching bearer token + // to the GET/PUT operation AND eACL table in the bearer contains + // an explicit allowing the signer's key (or its role) rule + // for the GET/PUT operation; + // - a signer passes extended basic ACL AND the extension + // contains an explicit allowing the signer's key (or its role) + // rule for GET/PUT operation. + // Otherwise, a request is denied. + // Add adds new node to the tree. Invoked by a client. rpc Add (AddRequest) returns (AddResponse); // AddByPath adds new node to the tree by path. Invoked by a client.