[#360] Reuse single target during policy check

Policy engine library is able to manage multiple targets and resolve different status results. Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-04-10 16:26:39 +03:00 · 2024-04-10 16:26:39 +03:00 · 65a8e2dadc
commit 65a8e2dadc
parent b7e15402a1
1 changed files with 10 additions and 16 deletions
--- a/api/middleware/policy.go
+++ b/api/middleware/policy.go
@ -74,25 +74,19 @@ func policyCheck(r *http.Request, cfg PolicyConfig) error {
 	}

 	reqInfo := GetReqInfo(r.Context())
-	targets := []engine.RequestTarget{
-		engine.NewRequestTargetWithNamespace(reqInfo.Namespace),
-	}
+	target := engine.NewRequestTargetWithNamespace(reqInfo.Namespace)
 	if bktInfo != nil {
-		targets = append(targets, engine.NewRequestTargetWithContainer(bktInfo.CID.EncodeToString()))
+		cnrTarget := engine.ContainerTarget(bktInfo.CID.EncodeToString())
+		target.Container = &cnrTarget
 	}

-	st := chain.NoRuleFound
-	for _, target := range targets {
-		status, found, err := cfg.Storage.IsAllowed(chain.S3, target, req)
+	st, found, err := cfg.Storage.IsAllowed(chain.S3, target, req)
 	if err != nil {
 		return err
 	}
-		if found {
-			st = status
-			if status != chain.Allow {
-				break
-			}
-		}
+
+	if !found {
+		st = chain.NoRuleFound
 	}

 	switch {