WIP: object: Ignore APE check for PutSingle with tombstone object #1051

Closed
aarifullin wants to merge 1 commit from aarifullin/frostfs-node:fix/object_ape_ignore_tombstone into master

View file

@ -77,6 +77,11 @@ func (c *checkerImpl) CheckAPE(ctx context.Context, prm Prm) error {
return fmt.Errorf("failed to create ape request: %w", err) return fmt.Errorf("failed to create ape request: %w", err)
} }
if prm.Method == nativeschema.MethodPutObject &&
r.Resource().Property(nativeschema.PropertyKeyObjectType) == objectV2.TypeTombstone.String() {
Review

So anyone can delete any object?

So anyone can delete any object?
Review

This approach need to be reconsidered...

This approach need to be reconsidered...
return nil
}
status, ruleFound, err := c.chainRouter.IsAllowed(apechain.Ingress, status, ruleFound, err := c.chainRouter.IsAllowed(apechain.Ingress,
policyengine.NewRequestTarget(prm.Namespace, prm.Container.EncodeToString()), r) policyengine.NewRequestTarget(prm.Namespace, prm.Container.EncodeToString()), r)
if err != nil { if err != nil {