From 459bdcf04b28491b9ff954600fbff7a1c123f838 Mon Sep 17 00:00:00 2001
From: Leonard Lyubich <leonard@nspcc.ru>
Date: Thu, 17 Mar 2022 11:25:33 +0300
Subject: [PATCH] [#1247] object/acl: Return `ObjectAccessDenied` status error

Return `apistatus.ObjectAccessDenied` error on access violation from ACL
service. Write reason in format of the errors from the previous
implementation. These errors are returned by storage node's server as
NeoFS API statuses.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
---
 pkg/services/object/acl/v2/errors.go | 28 +++++++++++-----------------
 1 file changed, 11 insertions(+), 17 deletions(-)

diff --git a/pkg/services/object/acl/v2/errors.go b/pkg/services/object/acl/v2/errors.go
index 5db87fe7..3baaff46 100644
--- a/pkg/services/object/acl/v2/errors.go
+++ b/pkg/services/object/acl/v2/errors.go
@@ -3,6 +3,8 @@ package v2
 import (
 	"errors"
 	"fmt"
+
+	apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
 )
 
 var (
@@ -15,26 +17,18 @@ var (
 	ErrInvalidVerb = errors.New("session token verb is invalid")
 )
 
-type accessErr struct {
-	RequestInfo
-
-	failedCheckTyp string
-}
-
-func (a *accessErr) Error() string {
-	return fmt.Sprintf("access to operation %v is denied by %s check", a.operation, a.failedCheckTyp)
-}
+const accessDeniedReasonFmt = "access to operation %v is denied by %s check"
 
 func basicACLErr(info RequestInfo) error {
-	return &accessErr{
-		RequestInfo:    info,
-		failedCheckTyp: "basic ACL",
-	}
+	var errAccessDenied apistatus.ObjectAccessDenied
+	errAccessDenied.WriteReason(fmt.Sprintf(accessDeniedReasonFmt, info.operation, "basic ACL"))
+
+	return errAccessDenied
 }
 
 func eACLErr(info RequestInfo) error {
-	return &accessErr{
-		RequestInfo:    info,
-		failedCheckTyp: "extended ACL",
-	}
+	var errAccessDenied apistatus.ObjectAccessDenied
+	errAccessDenied.WriteReason(fmt.Sprintf(accessDeniedReasonFmt, info.operation, "extended ACL"))
+
+	return errAccessDenied
 }