20b3ff84b3
In previous implementation IR incorrectly verified `SetEACL` event of `Container` contract. The incorrect behavior could be reproduced in two ways: 1. Create container using session, and perform `SetEACL` operation with a key that is different from the session one. 2. Create container using session, and perform `SetEACL` w/o a session, but sign it using session key from the `Put` operation. The problem was in the `checkSetEACL` validation method of IR container processor. It always used session token used for container creation during session ownership check. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> |
||
---|---|---|
.. | ||
common.go | ||
handlers.go | ||
process_container.go | ||
process_eacl.go | ||
processor.go |