@startuml

participant User
participant "S3-GW"
collections "FrostFS Storage"

User -> "S3-GW": Request

group signed request

    "S3-GW" -> "FrostFS Storage": Find Access Box
    "FrostFS Storage" -> "FrostFS Storage": Check request

    alt #pink Check failure
        "FrostFS Storage" -->> "S3-GW": Access Denied
        "S3-GW" -->> User: Access Denied
    end

    "FrostFS Storage" -->> "S3-GW": Access Box
    "S3-GW" -> "S3-GW": Check sign

    alt #pink Check failure
        "S3-GW" -->> User: Access Denied
    end

    "S3-GW" -> "frostfsid contract": Find user
    "frostfsid contract" -->> "S3-GW": User info
    "S3-GW" -> "S3-GW": Check user info

    alt #pink Check failure
        "S3-GW" -->> User: Access Denied
    end

end

"S3-GW" -> "policy contract": Get policies
"policy contract" -->> "S3-GW": Policies
"S3-GW" -> "S3-GW": Check policy

alt #pink Check failure
    "S3-GW" -->> User: Access Denied
end

"S3-GW" -> "FrostFS Storage": User Request
"FrostFS Storage" -> "FrostFS Storage": Check request

alt #pink Check failure
    "FrostFS Storage" -->> "S3-GW": Access Denied
    "S3-GW" -->> User: Access Denied
end

"FrostFS Storage" -->> "S3-GW": Response
"S3-GW" -->> User: Response

box "Neo Go"
    participant "frostfsid contract"
    participant "policy contract"
end box

@enduml