WIP: object: Ignore APE check for PutSingle with tombstone object #1051
1 changed files with 5 additions and 0 deletions
|
@ -77,6 +77,11 @@ func (c *checkerImpl) CheckAPE(ctx context.Context, prm Prm) error {
|
|||
return fmt.Errorf("failed to create ape request: %w", err)
|
||||
}
|
||||
|
||||
if prm.Method == nativeschema.MethodPutObject &&
|
||||
r.Resource().Property(nativeschema.PropertyKeyObjectType) == objectV2.TypeTombstone.String() {
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
status, ruleFound, err := c.chainRouter.IsAllowed(apechain.Ingress,
|
||||
policyengine.NewRequestTarget(prm.Namespace, prm.Container.EncodeToString()), r)
|
||||
if err != nil {
|
||||
|
|
Loading…
Reference in a new issue
So anyone can delete any object?
This approach need to be reconsidered...