From a025e6250e74342ca1309eea675c161616fc360b Mon Sep 17 00:00:00 2001
From: Alex Vanin <alexey@nspcc.ru>
Date: Wed, 26 May 2021 19:51:24 +0300
Subject: [PATCH] [#561] acl: Fetch session token from original request meta
 header

As it explained in previous commit, session token also should
be presented in original meta header but can be omitted in higher
layers.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
---
 pkg/services/object/acl/acl.go | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/pkg/services/object/acl/acl.go b/pkg/services/object/acl/acl.go
index 9f834206d..f1a0e888e 100644
--- a/pkg/services/object/acl/acl.go
+++ b/pkg/services/object/acl/acl.go
@@ -144,7 +144,7 @@ func (b Service) Get(request *object.GetRequest, stream objectSvc.GetObjectStrea
 		return err
 	}
 
-	sTok := request.GetMetaHeader().GetSessionToken()
+	sTok := originalSessionToken(request.GetMetaHeader())
 
 	req := metaWithToken{
 		vheader: request.GetVerificationHeader(),
@@ -192,7 +192,7 @@ func (b Service) Head(
 		return nil, err
 	}
 
-	sTok := request.GetMetaHeader().GetSessionToken()
+	sTok := originalSessionToken(request.GetMetaHeader())
 
 	req := metaWithToken{
 		vheader: request.GetVerificationHeader(),
@@ -235,7 +235,7 @@ func (b Service) Search(request *object.SearchRequest, stream objectSvc.SearchSt
 
 	req := metaWithToken{
 		vheader: request.GetVerificationHeader(),
-		token:   request.GetMetaHeader().GetSessionToken(),
+		token:   originalSessionToken(request.GetMetaHeader()),
 		bearer:  originalBearerToken(request.GetMetaHeader()),
 		src:     request,
 	}
@@ -268,7 +268,7 @@ func (b Service) Delete(
 		return nil, err
 	}
 
-	sTok := request.GetMetaHeader().GetSessionToken()
+	sTok := originalSessionToken(request.GetMetaHeader())
 
 	req := metaWithToken{
 		vheader: request.GetVerificationHeader(),
@@ -300,7 +300,7 @@ func (b Service) GetRange(request *object.GetRangeRequest, stream objectSvc.GetO
 		return err
 	}
 
-	sTok := request.GetMetaHeader().GetSessionToken()
+	sTok := originalSessionToken(request.GetMetaHeader())
 
 	req := metaWithToken{
 		vheader: request.GetVerificationHeader(),
@@ -338,7 +338,7 @@ func (b Service) GetRangeHash(
 		return nil, err
 	}
 
-	sTok := request.GetMetaHeader().GetSessionToken()
+	sTok := originalSessionToken(request.GetMetaHeader())
 
 	req := metaWithToken{
 		vheader: request.GetVerificationHeader(),
@@ -781,3 +781,13 @@ func originalBearerToken(header *session.RequestMetaHeader) *bearer.BearerToken
 
 	return header.GetBearerToken()
 }
+
+// originalSessionToken goes down to original request meta header and fetches
+// session token from there.
+func originalSessionToken(header *session.RequestMetaHeader) *session.SessionToken {
+	for header.GetOrigin() != nil {
+		header = header.GetOrigin()
+	}
+
+	return header.GetSessionToken()
+}