[#1563] tree: Wrap only ChainRouterError erros with ObjectAccessDenied
All checks were successful
Pre-commit hooks / Pre-commit (pull_request) Successful in 3m28s
Vulncheck / Vulncheck (pull_request) Successful in 3m52s
Tests and linters / Run gofumpt (pull_request) Successful in 5m18s
Tests and linters / Lint (pull_request) Successful in 5m37s
DCO action / DCO (pull_request) Successful in 5m42s
Tests and linters / gopls check (pull_request) Successful in 5m47s
Tests and linters / Staticcheck (pull_request) Successful in 7m39s
Build / Build Components (pull_request) Successful in 7m52s
Tests and linters / Tests (pull_request) Successful in 7m51s
Tests and linters / Tests with -race (pull_request) Successful in 9m5s
All checks were successful
Pre-commit hooks / Pre-commit (pull_request) Successful in 3m28s
Vulncheck / Vulncheck (pull_request) Successful in 3m52s
Tests and linters / Run gofumpt (pull_request) Successful in 5m18s
Tests and linters / Lint (pull_request) Successful in 5m37s
DCO action / DCO (pull_request) Successful in 5m42s
Tests and linters / gopls check (pull_request) Successful in 5m47s
Tests and linters / Staticcheck (pull_request) Successful in 7m39s
Build / Build Components (pull_request) Successful in 7m52s
Tests and linters / Tests (pull_request) Successful in 7m51s
Tests and linters / Tests with -race (pull_request) Successful in 9m5s
* Such wrapping helps to differentiate logical check errors and server internal errors. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
This commit is contained in:
parent
76e127fca7
commit
c78546c7b5
1 changed files with 18 additions and 1 deletions
|
|
@ -9,8 +9,10 @@ import (
|
|||
"fmt"
|
||||
|
||||
core "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/container"
|
||||
checkercore "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/common/ape"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/refs"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
|
||||
apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl"
|
||||
cidSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
||||
frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
|
||||
|
|
@ -62,7 +64,22 @@ func (s *Service) verifyClient(ctx context.Context, req message, cid cidSDK.ID,
|
|||
return fmt.Errorf("can't get request role: %w", err)
|
||||
}
|
||||
|
||||
return s.checkAPE(ctx, bt, cnr, cid, op, role, pubKey)
|
||||
if err = s.checkAPE(ctx, bt, cnr, cid, op, role, pubKey); err != nil {
|
||||
return apeErr(err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func apeErr(err error) error {
|
||||
var chRouterErr *checkercore.ChainRouterError
|
||||
if !errors.As(err, &chRouterErr) {
|
||||
errServerInternal := &apistatus.ServerInternal{}
|
||||
apistatus.WriteInternalServerErr(errServerInternal, err)
|
||||
return errServerInternal
|
||||
}
|
||||
errAccessDenied := &apistatus.ObjectAccessDenied{}
|
||||
errAccessDenied.WriteReason(err.Error())
|
||||
return errAccessDenied
|
||||
}
|
||||
|
||||
// Returns true iff the operation is read-only and request was signed
|
||||
|
|
|
|||
Loading…
Reference in a new issue