[#1247] object/acl: Return `ObjectAccessDenied` status error

Return `apistatus.ObjectAccessDenied` error on access violation from ACL service. Write reason in format of the errors from the previous implementation. These errors are returned by storage node's server as NeoFS API statuses. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-03-17 11:25:33 +03:00 · 2022-03-17 11:25:33 +03:00 · 459bdcf04b
parent 967650f2ed
commit 459bdcf04b
1 changed files with 11 additions and 17 deletions
--- a/pkg/services/object/acl/v2/errors.go
+++ b/pkg/services/object/acl/v2/errors.go
@ -3,6 +3,8 @@ package v2
 import (
 	"errors"
 	"fmt"
+
+	apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
 )

 var (
@ -15,26 +17,18 @@ var (
 	ErrInvalidVerb = errors.New("session token verb is invalid")
 )

-type accessErr struct {
-	RequestInfo
-
-	failedCheckTyp string
-}
-
-func (a *accessErr) Error() string {
-	return fmt.Sprintf("access to operation %v is denied by %s check", a.operation, a.failedCheckTyp)
-}
+const accessDeniedReasonFmt = "access to operation %v is denied by %s check"

 func basicACLErr(info RequestInfo) error {
-	return &accessErr{
-		RequestInfo:    info,
-		failedCheckTyp: "basic ACL",
-	}
+	var errAccessDenied apistatus.ObjectAccessDenied
+	errAccessDenied.WriteReason(fmt.Sprintf(accessDeniedReasonFmt, info.operation, "basic ACL"))
+
+	return errAccessDenied
 }

 func eACLErr(info RequestInfo) error {
-	return &accessErr{
-		RequestInfo:    info,
-		failedCheckTyp: "extended ACL",
-	}
+	var errAccessDenied apistatus.ObjectAccessDenied
+	errAccessDenied.WriteReason(fmt.Sprintf(accessDeniedReasonFmt, info.operation, "extended ACL"))
+
+	return errAccessDenied
 }