[#881] acl: Use session token from request at object.Put
Session token can be present in both object header and request meta header. They are the same during initial object placement. At the object replication, storage node puts object without any session tokens attached to the request. If container's eACL denies object.Put for USER role (use bearer to upload), then replication might fail on objects with session tokens of the signed by container owner. It is incorrect, so use session token directly from request meta header. Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
parent
0126f18531
commit
d8f7fed10a
1 changed files with 1 additions and 1 deletions
|
@ -381,7 +381,7 @@ func (p putStreamBasicChecker) Send(request *object.PutRequest) error {
|
|||
return err
|
||||
}
|
||||
|
||||
sTok := part.GetHeader().GetSessionToken()
|
||||
sTok := request.GetMetaHeader().GetSessionToken()
|
||||
|
||||
req := metaWithToken{
|
||||
vheader: request.GetVerificationHeader(),
|
||||
|
|
Loading…
Reference in a new issue