[#1628] tree: Document ACL checks in tree service
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
This commit is contained in:
parent
8d0906c6ab
commit
2ffcd02ac3
1 changed files with 15 additions and 0 deletions
|
@ -12,6 +12,21 @@ option go_package = "github.com/nspcc-dev/neofs-node/pkg/services/tree";
|
||||||
service TreeService {
|
service TreeService {
|
||||||
/* Client API */
|
/* Client API */
|
||||||
|
|
||||||
|
// Client methods are mapped to the object RPC:
|
||||||
|
// [ Add, AddByPath, Remove, Move ] -> PUT;
|
||||||
|
// [ GetNodeByPath, GetSubTree ] -> GET.
|
||||||
|
// One of the following must be true:
|
||||||
|
// - a signer passes non-extended basic ACL;
|
||||||
|
// - a signer passes extended basic ACL AND bearer token is
|
||||||
|
// attached AND the basic ACL allows attaching bearer token
|
||||||
|
// to the GET/PUT operation AND eACL table in the bearer contains
|
||||||
|
// an explicit allowing the signer's key (or its role) rule
|
||||||
|
// for the GET/PUT operation;
|
||||||
|
// - a signer passes extended basic ACL AND the extension
|
||||||
|
// contains an explicit allowing the signer's key (or its role)
|
||||||
|
// rule for GET/PUT operation.
|
||||||
|
// Otherwise, a request is denied.
|
||||||
|
|
||||||
// Add adds new node to the tree. Invoked by a client.
|
// Add adds new node to the tree. Invoked by a client.
|
||||||
rpc Add (AddRequest) returns (AddResponse);
|
rpc Add (AddRequest) returns (AddResponse);
|
||||||
// AddByPath adds new node to the tree by path. Invoked by a client.
|
// AddByPath adds new node to the tree by path. Invoked by a client.
|
||||||
|
|
Loading…
Reference in a new issue