From 4abd71f99b1830b4f58f45e10daddf9f3538a1ad Mon Sep 17 00:00:00 2001
From: alexvanin <alexey@nspcc.ru>
Date: Thu, 2 Apr 2020 14:38:34 +0300
Subject: [PATCH 1/7] object: Define RequestType for object service requests

---
 object/types.go | 45 ++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 44 insertions(+), 1 deletion(-)

diff --git a/object/types.go b/object/types.go
index de909a8..cde1f25 100644
--- a/object/types.go
+++ b/object/types.go
@@ -28,7 +28,10 @@ type (
 		PRead(ctx context.Context, addr refs.Address, rng Range) ([]byte, error)
 	}
 
-	headerType int
+	// RequestType of the object service requests.
+	RequestType int
+
+	headerType  int
 )
 
 const (
@@ -71,12 +74,52 @@ const (
 	PublicKeyHdr
 )
 
+const (
+	_ RequestType = iota
+	// RequestPut is a type for object put request.
+	RequestPut
+	// RequestGet is a type for object get request.
+	RequestGet
+	// RequestHead is a type for object head request.
+	RequestHead
+	// RequestSearch is a type for object search request.
+	RequestSearch
+	// RequestRange is a type for object range request.
+	RequestRange
+	// RequestRangeHash is a type for object hash range request.
+	RequestRangeHash
+	// RequestDelete is a type for object delete request.
+	RequestDelete
+)
+
 var (
 	_ internal.Custom = (*Object)(nil)
 
 	emptyObject = new(Object).Bytes()
 )
 
+// String returns printable name of the request type.
+func (s RequestType) String() string {
+	switch s {
+	case RequestPut:
+		return "PUT"
+	case RequestGet:
+		return "GET"
+	case RequestHead:
+		return "HEAD"
+	case RequestSearch:
+		return "SEARCH"
+	case RequestRange:
+		return "RANGE"
+	case RequestRangeHash:
+		return "RANGE_HASH"
+	case RequestDelete:
+		return "DELETE"
+	default:
+		return "UNKNOWN"
+	}
+}
+
 // Bytes returns marshaled object in a binary format.
 func (m Object) Bytes() []byte { data, _ := m.Marshal(); return data }
 

From 1e513625f1564c1c0d21878057cabcd46b154207 Mon Sep 17 00:00:00 2001
From: alexvanin <alexey@nspcc.ru>
Date: Thu, 2 Apr 2020 14:52:08 +0300
Subject: [PATCH 2/7] object: Add `Type()` in `Request` interface

BasicACL have set of rules for every request type. ACL will be
processed before any request specific handlers. Therefore
we need to determine request type in generic request interface,
which is used in pre-processors of object service
implementation.
---
 object/service.go | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/object/service.go b/object/service.go
index 589bd95..3a2ca08 100644
--- a/object/service.go
+++ b/object/service.go
@@ -28,12 +28,13 @@ type (
 	Token = session.Token
 
 	// Request defines object rpc requests.
-	// All object operations must have TTL, Epoch, Container ID and
+	// All object operations must have TTL, Epoch, Type, Container ID and
 	// permission of usage previous network map.
 	Request interface {
 		service.MetaHeader
 
 		CID() CID
+		Type() RequestType
 		AllowPreviousNetMap() bool
 	}
 )
@@ -169,3 +170,24 @@ func (m *GetRangeRequest) AllowPreviousNetMap() bool { return false }
 
 // AllowPreviousNetMap returns permission to use previous network map in object get range hash request.
 func (m *GetRangeHashRequest) AllowPreviousNetMap() bool { return false }
+
+// Type returns type of the object put request.
+func (m *PutRequest) Type() RequestType { return RequestPut }
+
+// Type returns type of the object get request.
+func (m *GetRequest) Type() RequestType { return RequestGet }
+
+// Type returns type of the object head request.
+func (m *HeadRequest) Type() RequestType { return RequestHead }
+
+// Type returns type of the object search request.
+func (m *SearchRequest) Type() RequestType { return RequestSearch }
+
+// Type returns type of the object delete request.
+func (m *DeleteRequest) Type() RequestType { return RequestDelete }
+
+// Type returns type of the object get range request.
+func (m *GetRangeRequest) Type() RequestType { return RequestRange }
+
+// Type returns type of the object get range hash request.
+func (m *GetRangeHashRequest) Type() RequestType { return RequestRangeHash }

From 55b75a0dae7dfa1ab610b1f9af70d5ec0db8d324 Mon Sep 17 00:00:00 2001
From: alexvanin <alexey@nspcc.ru>
Date: Thu, 2 Apr 2020 15:05:48 +0300
Subject: [PATCH 3/7] object: Add test for object request type

---
 object/service_test.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/object/service_test.go b/object/service_test.go
index f06e557..46213e2 100644
--- a/object/service_test.go
+++ b/object/service_test.go
@@ -18,11 +18,22 @@ func TestRequest(t *testing.T) {
 		&GetRangeHashRequest{},
 	}
 
+	types := []RequestType{
+		RequestPut,
+		RequestGet,
+		RequestHead,
+		RequestSearch,
+		RequestDelete,
+		RequestRange,
+		RequestRangeHash,
+	}
+
 	for i := range cases {
 		v := cases[i]
 
 		t.Run(fmt.Sprintf("%T", v), func(t *testing.T) {
 			require.NotPanics(t, func() { v.CID() })
+			require.Equal(t, types[i], v.Type())
 		})
 	}
 }

From 48c55886509ced36c53916ebf29eb32c47b07ea6 Mon Sep 17 00:00:00 2001
From: alexvanin <alexey@nspcc.ru>
Date: Thu, 2 Apr 2020 15:15:59 +0300
Subject: [PATCH 4/7] proto: Update proto library to v0.6.0

---
 Makefile                |   2 +-
 acl/types.pb.go         | Bin 0 -> 3241 bytes
 acl/types.proto         |  27 +++++++++++++++++++++++++++
 container/service.pb.go | Bin 61145 -> 60767 bytes
 container/service.proto |   4 ++--
 container/types.pb.go   | Bin 23558 -> 13077 bytes
 container/types.proto   |  17 +++--------------
 7 files changed, 33 insertions(+), 17 deletions(-)
 create mode 100644 acl/types.pb.go
 create mode 100644 acl/types.proto

diff --git a/Makefile b/Makefile
index 84583ff..9b02a6e 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-PROTO_VERSION=v0.5.0
+PROTO_VERSION=v0.6.0
 PROTO_URL=https://github.com/nspcc-dev/neofs-api/archive/$(PROTO_VERSION).tar.gz
 
 B=\033[0;1m
diff --git a/acl/types.pb.go b/acl/types.pb.go
new file mode 100644
index 0000000000000000000000000000000000000000..bcbd1998e272c6b48d814cc10e11139b235079c4
GIT binary patch
literal 3241
zcma)7O>f&s3_VA`g7C=(Qd=LkV+ZJ=XuCkMyKT{C_fiDGNE+EfWJwr}TDwL6`;w3H
zM_cS>bC_s2B;VsBXFQwH%O<z9v9)!^+nmw^wXX3^_Ka=MHqEA)(yMp$_T3%5e)Z;V
z8q8+YHNDI1Et#yE`9o{FDMEsvHQA%tSUCuSa@RJ_(>S;)cAiGOjDo8N8f{9y?bB)2
z>}HaFhS;<(u)~J^@c$>@%G8^)_tA4_{FX+tj)F-b^gh_aI$LL!ltM?op{{RRXS<H9
zbB*h$EXZ%|fsC_MH=Y{axi4jBsqbt)4L%!35A<BcnEq*8w>8zt%Ee4yOQPar5(d*Z
zbpZ-@+mazVGQ?%JWo4iFa>u%Kopru!YGGvSu4iz+HJ%rCJ~yG@2&sgP5^sE&R+hf7
za6(!+(NXNui(hKXdUHg}$!ttncOLC}F_<|GBcpygVpe5ssVX0Bb)cO!bw>woE(f#+
zY9NvD&~6+7Yio08nzC4JE@LwdvWDR<6nig2^j_!TP4~BT9fKz%$tr6^=62%@kKQi@
zses09EO!MIc%Cw89b<UcROEVAqpW{6SEUpz14(xpUe-Q|gMk|lBBTFRKi16`ZU8*4
zDYu2`D^H(I)!S)srI8Ouw;|DU3N@PhH-ru>xW{c<m3(t}qB>jW?7;1isu+ehLkYs2
zTVmY>h9o-yL;(1B=)B$iZ-~w}PA*(6mssY5RbgnPIw4ZSlxpGPWJbjIOkw~$(TEZI
zj+5{u@hYS0{V$cu<>4#Cg*xgk*`G0nY$uEa81MV^cfNp6Vr)%EZJ$<UMvv^zv-r8p
zMeiDE?B0v&IlXxK#~E@+euA9K+aPyZEf2Nf>-d~@ru~E=x$nG)^DVdvZ)r4ie{>yO
zMY84c<U8hX)k}5>@3b=6&3UJwy!-wG7Dj6TQ<!^TGS~^}mO@UVNVmj)k!%MrHpH?W
z(0H53c7WsU9FRp{XEfdqB~IugN*Yf{L5cC4^}VZyN9}dp@7}Tw;|oo$SysL?<NahJ
zRcJ~*pO6H+vR&rNmgkNWk3Zd~2XC+GlT<XhK#&*g?E0`ymx(EgMUj|fVUu`>_!fRY
zp_Fy$IVF?CYcu^|H+-M16VUO9e^I7NV|0Dl!_x*LpE)114W%BF{l>JA?DBVuGd@9g
zLPJNN@Z%<{B3uQ(HF31$-&1cpc?1k?zLssvgDND>+Tfw&vD-(*HHG_CDr>mH8vf_X
zDu(+4Q5N62&S9Bna++~(!hJ5o6z*djn6;Q<9M1t0=WtrW4)_@M%)o-E3{laISe5{r
zBlQVJ0M-!_=`oUK2v#snp{eHzsh)sTrs|(BB#+ji7XB81;TSAJteNsfz#6MT9V<||
z0qdp82)=6-7M?5%!<a-?yHEgC4aX4@t-*1Du=QMA*GRNbad4W!o@vDzt6=b1gXlU3
zfNmC$MH9tZ2RO!9hjd_<X*wmL=|FLSS741@X$5LR*bt0578(XY^jj-iYaQAH6$%-&
z$p!36ddaU0_rTy-#fbnD!YM)U3To!6vg!+;Ie>G>q7$gy3Q^fGjTQjvq_RW^(8)=V
zZUM^;0Aj5b0;<IVUgt1E#cEMn^BVx%0CR=o1OWq#)&ZC~QV(|p{wXR@NQ3^RN&<B!
zD(o5n2^hsFJk|0QOm73$1oi~q29u*Rrm-nV=r}AuQSFINk<O0>t1ODY1h94`LYOjD
z|0P<TLcj%TO~GB~a0&mF{0woEk?8V3Mbk?kL68V3wAD-S&GhQ&6#cU5OU0`Iq(IBT
SD1>%;V{-@+{us=^5&r<c3&e#0

literal 0
HcmV?d00001

diff --git a/acl/types.proto b/acl/types.proto
new file mode 100644
index 0000000..f20423f
--- /dev/null
+++ b/acl/types.proto
@@ -0,0 +1,27 @@
+syntax = "proto3";
+package acl;
+option go_package = "github.com/nspcc-dev/neofs-api-go/acl";
+option csharp_namespace = "NeoFS.API.Acl";
+
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+option (gogoproto.stable_marshaler_all) = true;
+
+// Target of the access control rule in access control list.
+enum Target {
+    // Unknown target, default value.
+    Unknown = 0;
+
+    // User target rule is applied if sender is the owner of the container.
+    User    = 1;
+
+    // System target rule is applied if sender is the storage node within the
+    // container or inner ring node.
+    System  = 2;
+
+    // Others target rule is applied if sender is not user or system target.
+    Others  = 3;
+
+    // PubKey target rule is applied if sender has public key provided in
+    // extended ACL.
+    PubKey  = 4;
+}
diff --git a/container/service.pb.go b/container/service.pb.go
index 8698925e12e03846e5fd1ce69e02c366e9fb3876..61312544df1ea6372eb29365f4944017c1401917 100644
GIT binary patch
delta 3912
zcmYk9O^aMb6oyd~V>d)p2x35OvoQmc<bHJD?hXcw3KDRmTZ!g=;si1iCmk6v;fi9&
z+IHg)(6uo53(QWzbp*-Uh58q)dY;>HHbr&aI_Ev-Js)-Y;h#@E`s1mercd{8mA7{4
z%WuCo+3O~&PufYnx4SBLcH8~)<I&@9w|90|c{aIrbANBOSKaO|p82fY4`<u6?Y*0;
z?cMT5dueldn@jnb$@N=%yBE(qKHj^rvubbLTz!7#+IV!~!sLVY)7$N>!>d~#Ke_(>
z+2iZy#wXTSPQ7?|dUX2O^BbwNTNAO@U!HyW)aG<Nx;q~2x2xOxyOZSbtCPpKo+#G$
zi+g>&Jsu?o>2!ON9JFm*bN5S5nz&YrxOVL4UEHUf%*wbgShG6rmuXz5MO<fSTg(8M
zR$S#$%B2jkzUIdQiRla-d0ZDFWN}|&OVAYdHRntA(<Gi083_42{+Me3MlMiPDuz=9
zCplKM?E4ag3R@F!YJ?MXr+h6cN#aroLXAID3D7G97Mv#-slhq;trl@dd?EV`&$9-E
ziti=*8VO*{v9&?R96yzwbKY@MD~md<n-j1arvfH%M#U7dSv0jjD3F_j(@F*s1t$sC
zXZXAXXNh$sT(q#dV4bEQ%+Ot9MtX#>f=e=7U>I%&e6;GVpG}4a;SS`&1Sml$_+Z9*
zNi&8^xRc?C0g(CxDXH&J2lM?wOAI07AZw4X)NpIa41<B|6$Z~W39m9vDtulTB=Bo}
zW-maS2!N5ZKtmrg8cnq!MnX+9@sUnptV1k;60JxHPlH_|FLa^d!xXWIlN>afiqaev
zv0?&#g~c^G5);a+Ah!qvyQ7Lta>rDX+>)y~uA8^1`GG*nT4)~oIV!Yhss9=_1;+xd
z>>1{-ZATpynye_Z-c<5@hR<S73Af!q8xw4_O@$hYF3c9&eQ?XlnW1|M8B3(ij1EfX
z5)CD#HA&u>O3{-*4^j)b4PA$NBQwmvIRFW(##bfyb2QofDro39$xS7YZFn}z!M6g0
z5?T|kTFMsd0vt;z!{Clk*{wA=bo%Ij#fQf9Wfd)ySoFaH?Jz@q=1MKyxU0bp^ek{;
zC}NOp7WM?49V#Z>?nxzV%^=#mUP=SLncZ4kL$NjKI^&M|7KFj{7!W#KXi!}f3<Ywo
zPLn<c&I*(twRU(?Kt{-t7+mwyJzsP0<RJKTrd+D{pgV@!!m%q?5azzi!MDk!pqa8u
zLb5>7+&~u+y~(a%(vmFkp%mXYwUh>IDXlj`Wqr1=pz-Yz{D2w5(2+!f+DvAq3_8s2
z1Zn$<L|b)<IYb~+??6?7&hX$w0H5NeJ;q@4{BSy0f-}^w=Y+dM>(H~%=LBJ3TBO3u
z6%iE9aM$SBQ96vNP--u$A+PR{u2}65vQVJn$U|`uT5Uv-^b|9OdBF_CRJA%IWl*9z
z`**`lNi|8@o+$bHhH)w)I0RTrLuR5o$4E<4Pb^udFzd#=wQ)2inytiSu<hlT;Y`tc
zH-#DP>&Qb3#CdLJtO!GcKHH&ajs>>#@Rmdu?3}JfRi`A+Q6R^uUh1vxp~>Or&_4_V
zn8OR<3+l6^Cx*eHMjD*ahIWKHgV9hKwnJU$OMEi`P6wfL5@_TkdJbbLW|%%=`kFYx
znTJzK)@He6Z=3Xy8^$8XNlfkI%n@qY>Ygc0uzXWZme2yi9a}?=6;5aN5?i{1SD3=W
z&Cp$<3sT}UIus~;I?pq__6Md<3xaj%5MX|2MMk>ox$Ql~Ga~pn8)%<sU9kDtYOHt3
zv!HZ=slFfnGWbLuy&48A5P&YpPmS^I99|sB<BpH^FwSy5{3n4h_fAlzVQ_Oi3iFTi
zq_%d*nVP<G!_ZCt2(win*LGwAnrLBO3FkgCw))KE8J=iT%rVQ^!M{fFVS6_WQb#@~
zB!K@tT<ssO&X9&)hC`J^lJflUw|5@CdUB_m+&I7a%eQ{iO<&vm*xDM8Mmy)ug|)f7
zy8PkJ)ybt`bGBIjQ@wP!+y48?xA%@ev$?(g`RmtDZhl13yX(L2|8;oho9n06Kd#^W
p|K809r^ZJRPk#673mdV?olBcPqVIqI#^JFCznnPy=!Y+^{0Hcd^XUKp

delta 3832
zcmYk9O^X~=6owgNqBAnO5F$d1LskYxsp_igt_moI1hR22Dnjb3K`}F7W&$IU)It$A
zqS%}K0T=Fs{sV%$Y;-3PB>D%;Qrvm(^ISu3YHpvZd(L~_^PY3>Jo^32!#~daSe|?L
z+Tp=T`_aL8w0HH|J8$f4-#9wFb9?V<-;c+~u5aExIy^b-?kuld>OMUgkN2zn!`mnO
z2kou#O}^OYgW}TO$H#{US1w^&-@N?EQ>#bMpIyJST|fOIw%0Ci`d!`JedQwdo$b3j
z+ehQcouh-z4?erQ{%-f|<*jCQfBxl^?eA=7r+K-*mz|D7d={=7EM0tdEzdqa>v?<@
zBWo<PDz1lFeD-|VvTKQ@t_d*1b%`l$sN;sI%i^CoKXP_gd9=(n*1<=xR7A_bH3Q=U
zEd5A?C8imsiVY<$3bysaE~29h@IsxMWi%~8kpXhXx&y_?w!9#MG>rJm$;6KmJhmBm
z#@i)vG8`>{y<~66vjW{TcUxlwzSZme|KtL^&SESg)DEu&P$jSDZAZ>C(y4gcv+mh7
zq&k}qpF+cQswc}@`5H(Ia?tlk1o<q9pW{NQ%n?A~B`V2u6ZM2{NvakwpJq}RRWhB<
zi8JDF!RwN3GqX|##9Sz)h9b6>5~!tK`E(#@m7GW?z?}F4B9UNHm`-yx48#xIk^?_X
zQ7x;Ik!XR+s2HeHs|so$tDd(xZ*`i|!4eR~01W|#0C)<W!<*7hV{J(Wk{-#k!(Nj~
z!Iws^Ebc~bfeRvFQl$%AEP0M>uqVm@HN@9ngKslYVzqI|rv&gEhI_lg{>dqB#*2})
z#Mn^kv!y(i%`$WZ>jI*fKbt$)Ti~K-$w2}dUM~StK!bJ%L<X?dtXNkjLbeUxFE>cC
zJVCLLH11EKlsTc*xGW7sn<Ex|k7nrD!QTQ)#@aX)1(UoGGe#)PhXC`9FgcWr74h}$
zJaBDpwK-5pr%tR`z-wRI(T-HLy2Pu>u%QMlo21(}1@@r4n14%zmfQ;YB>!O`hXpC-
zv|~~_FdFQR1N+KR<KTJ{Ap}riH69%PA_~QrB1=6bE8(ga0I8d9MY@$SEiQm(fE;<-
zVCl$86fzQo83Q<iQae%xX_$=@y=>~luUOX`F&+Ds+g>i^0!INwjF1DS;)Ru5poX50
zZ0M4tRAWY%z97D*j01P(2Hfd%zBB^xHfN)UX6C0TU8-782r^A>oX)ZLP$klKAbuFZ
zh?O^jaezyMz31du;7P5Rryb*kKtwH_F%Zp@FbvKZz}B#;@|jPdSMSDgXghE%XlHrw
zXG4v$$J1^IC`bW{Yp7BmUOa3ci{7)%ZY(D9Sy1jAL3_;*o>&I#VY<Z#&OjSJR3@m~
zfuqEhfK=(3%_?E6)A7$PZ%4z#k4(ASZ+1unF*PD`1bMQWl~hTw9ca-TqNP4i5)>nq
zUah8+9oLh`tTOfK6+(eZy`^syH2s;l#j->;rVt7fNlG;#w<i-fQYFLKYu1w!%KKaz
zzHsOX-ja_c@v;#tF@pEG1l92YVK%?ocLdnJc1gp4@Y-m|$p*39au}u+5%^Zgct=q(
zi7H}BYfW)y<l~9w`7U@Po2G|+xE#a)RV;eAe}G#ld4&+MUQ-u?rQ=HnVF5{UYYHtW
zdQm&}N-KlOKFHJ_7LM-e)Pd(U!#*^th6ssa9GSUOG~6I!4i?eWo#Kv<5vYT*wkL3*
zKE*{RO{ey<8=Na8!cBLv62x|0YI}PeyLSg^vtt%SwxPp?F^J9!gsq(JOH2Tcw{ZWE
z#PmOlMRXsC?KGbrj`~)s8BE&Cc4@k9+k5Fh6CkM!*-Nby+ULD+I3Xn!=;TQ4Lw9-N
zI!k;mts&3wuS6_^gT;GRK?-HJesKNatE;c?KD+w2d+sd%5U&2ZcVYF`cyFs+J?_r0
zFOH8duKxb&TzdKE=dXufyXz0XxPE^1)B5dX{^i@3*V+Alw$jh7A3j(g{`T`Ts|zpe
QuHS#~XlwoJ_ut(357a*Dv;Y7A

diff --git a/container/service.proto b/container/service.proto
index bccf924..7df2c66 100644
--- a/container/service.proto
+++ b/container/service.proto
@@ -42,8 +42,8 @@ message PutRequest {
     // Rules define storage policy for the object inside the container.
     netmap.PlacementRule rules               = 4 [(gogoproto.nullable) = false];
 
-    // Container ACL.
-    AccessGroup Group                        = 5 [(gogoproto.nullable) = false];
+    // BasicACL of the container.
+    uint32 BasicACL                          = 5;
 
     // RequestMetaHeader contains information about request meta headers (should be embedded into message)
     service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
diff --git a/container/types.pb.go b/container/types.pb.go
index bfb7fa7a30a5427a6e83ac90ad186be550260a38..391656c8350df1f0d2c5f44517307336005e832a 100644
GIT binary patch
delta 2317
zcmZ8i&yN&E6b>8NI30<^Wc9+KvZ4u_Ua0QrpAZPE#z;a87f%Lbb#*ngFx_i+FARw=
z2_fjcRSsUbc{P~>TsZh=_-FVZSoM7~%)~v^zIpZD``(Z5RX=}y>bL5zpHDA7Q+=(E
zKEEj**27()v^IS&blVJFdtY=X_f0RVwiE5c#&o{uAN7No`Jx@}nyweBDZR<1OXApc
zv%2r=wh=`=(4#P_Go2XPd!})Q!psNLl%^CG?V>j!@OKt@`|qS~hG}Ru-ye7F&=x1v
z<^2b$vsyp)+vCA+)XZF6C+)*%x-Wj{+vf8ATXj3DZJNi!qw(L<`{TLYgYnsW2g|3s
zU%d0~+Gf0d_S3!f4{!3=n{;M4=^7!&S9`a{7a#t*6U5`;M|Tz`^o5)UIHS_Z+Tg6*
z85X`bk@F~rN^j1nz%?97IEQdhunb`tWm`50WO_lbmD4P&n?um>3sR?JN?GJ&2@j$r
zuu-woC$P*BHGyT0Gla%43s{;I0QR2?4N%H~yI#zR8Pc0Zz*LB&7<(%!otXvkO#}o&
z2Q)>A46PV+D;zCzr(eviw@r+uQQ+hP8uoluNeBcscQqxnJHn}PmcWrb*=Wc)+Q4!$
z0HkP7B7rY4?mPp6gl!Bfg^QF8Ks`D18Df`Hq|HdEjkmdrI$!ky_yz1!&Y93LLML_@
z3puAByTsTMm<k9I<XXwV$xv;8+X`}qEK+i{f`bGD3nXAjXc%d@kz1LSEk61%r$dMe
z*@cje;XF~5=Ad)L=E_J!Ww`~6rl42=XN9&=L#~vtiE+B&x%!c02$c=twjl!oTN!Ne
zBZFy*8WOH75~iF&lOSQThb(0~3wYUfI)JzRT-af8y8<M@+PKTyE6r^MF#^;UlM;|~
zM2#VH>vcc`B%=|OZLk*>EWwk(byLcB_@rz_a-nkaBVw1x6@*(=sDP00f+<1fF!=10
z<O;^ad9oZwI=gNR9RWW?ZLD*OYAqS@D4|e3M;eJSMuai&2@1eKBFDfaT11%-B(md#
z2~cty!hGSfsSw+;%gP}dIwe^d1N%ePuO15|nE-i8s&Mr1O`)mCBsL>M0x3GI5j0uB
z06&8&WK?7vFe5mSxH-^Rp&};tEruJp$_FY(!Z|P%+p~2VG6p@5H1IWtO9xb5;j|OR
z7?4Ja!Lbs_#8?&dwp_;~j+M>`DuKqm$)TCTm&1^jdJchpd`wm+O5}4HBUciN-vb#e
ze;3KlnYt3Qi|fzqc<p?6e*NRZ1#dE`4-f5G9t}s|*0;q~H{HyBjF&%s{Ay?U^6-QI
z2lzvN;%x#fZ-;-M8Q)yFzWJ)(y0Le51Lz`plkvx|55|`_UU-{}@z1ZmT)uzvpHs^x
I-~6)sAB3A+?EnA(

literal 23558
zcmeHPYj4{|*8VL0ig^umSK7$3uD&%XkZsaMfVL^xWKqEIoANT0*@&c;q#V0x{`-5*
zbB5$lqGYR%gH2xh11*u~K4+debD<6n)VGPR)lA1ab#m=1_gXE|Bu~73y0<?|W=UT?
zd#QeW`AR*1_Tp8)eQ=<%WSM&URC!69J0Wo%<kt(G^}*O~FC6c!Gt<@Mb~}s~Nt&xp
zyA?#a+M~-}yY)ux&BFX*>Gr)OI$%`?kl-!@e8U%_!~Yf9xf9PS>Vh)XdE_i=q;a<J
zynSC^9>_zI7ba>iOz1=8<QHm>ujb1eH_S7+bHE?>+TAug{Id>ps$)+paU@fDqO#>;
zk?Jf{I!%)_Q(>U;3w^DeRI512RYKp=cVVX0GShy)ed(m?jd~*C?f>AU*@ZJN?@~zm
z&sk7V-eSZ0FX8|uyt)WUMW!4IYqSXGdOr^%t(+{=X&xpqTcqP`Ny_sJC#MS$SIrs_
z2YW&{ncvAncdpet3O^eyHmRcF!kp<`9mcalo3ET1HFcIF0iK%MB!)D@e^uz5Q$nbD
z_*T!aRivFbQ`eL(#IU$l2|~nnNShW4W37F})TLl8d``rEo3bm*t%&`^Y59}n){E@l
zI?YJ=Sh29Vb~wz7S?W+SuQ_A_s43S?!YYc|Wk~Jm>mZCncB9|sB(_QNbm`^leY-^}
zUcRF=fALIO;GHv{>s&d$&+XrDw~D95|KH#q<?-pBd!6g7H|!;gycau>eqv~PAQ|_(
zWtJxqt1h1Gso%3CKHW2fd%wYeUz|Bw#i88dL=2KtE#vS%ORJx$&{v)__m*=s3>gNl
z*RRR&HIqh_NlevX5AzkqFp06`TZfu0%&#SOno=@KmNDgfps3{>Nk7ktDS;IEmJ+Ch
zl%AAjC0?kGpXe<9dycLFU*hClmkch2FT*%LoY-bl|Dk)mab<TwY-}%VEpI1LnCobf
zUmMGRUe3u}G`X0@D78rDp?3`%*v7>DT~n)5s)r_(N~_5{kswIY|7q@cI?{2@cWq0h
z%_o(iU|X>g_ll5~dHM9)?@7(~A!YvR-&4<{Y~vJ8lQ}5X+H_i}WP%lqe2W$S`s=T6
zeoS7+Z}qkIzo!tT&YW6`v;F;tO6zZuhWiD}GETLZ%;NA5YEk|>J7-5L2BlV6GNSby
zkHTvHr~${L;tT#;EFaqKU>SR=6RCfcJ+({Vo9VpMExF#Se?$bMB?a01p^@>IoDyb6
zoa7rr*?X1he3`}qKK*YQ2fh52zRC?{)Ga011^{?|px9Hoh#l_>g*MqUoq1`vpo}M?
zjs&MiK_Z{Kj3P!kBXLFgW;hv-^mOF719v*sV{JIz4?eUDCG~J{>%ER689q9$X@#yq
z;Yv@`x2U>Xgqe}36xE|1LOBr;E@pY?DK|;xmP0^$IOI|*xM!!Hv*@_p^L8ulu@UO@
ziHeHh?N#y%r^`Q=0S%x;MT2huqW^iK;&9GkDdIw3!QXCuC}Ty^<MSR<ZnIyf)Gk@-
znRYcT1rx8XuHHn_ax{=8Z_1?U{{XJ2r-*S|bl84sPijP~4Wqu?-eT3WF!P+$r(Q<L
z7Lx>Wb+a`q)Dc^RI$$G<arQ+_O%*$H<1{<j+>8FD^8y#i7=x~46SYUA)>|X$7u0rp
z4A`uuK1$MoXC%529JeU~qphV$0`<7fsu|cw^EyCoQ_D=Y)-`TXiK0NB{VPqD3j>tg
zoKzObEeFV~BC4bbyoLA&E~`1rgm)HBn?cN~2P*OvxV9dw4rHP>(veG55UG4k<&4}b
zQIg?#V>vSFrFtRdNXcrnZz)Jh(qcr|GKg5Pj`3#8;IT@&Wzeul?QD=pApjeP3yY>c
zU|0{j>P|yOP13eOqefVb1(d>f9yW%xVWXz#?gPh~xX*6rSodIu!NX$SJbYM0UBw~4
z^#HQQxiTm;4j~p(e}#VYAYw7yY8bKTyNaM*zB9s^p@cAQ8`M_xHsE3~vEbFNY^h?a
z=3b1{JiBlNW@ik;jC#0l0Ukb{om<x0$XiUrO5|hq70BgVw*WU*WI@qQ0M|sm1>{!9
z*MZIo)D3WFQ8s~|_4uPeUrpZ409YgcxG*?sfWex&j|GNnLO)YTT=!#VV6;Ts1dkT!
zUjoTB{uSuk0+kl)u7GK=?f{z>7r>J-hG4UfQ`^v!8Eo8?*^rdsymm#xh#kvG{h#%W
zsCD{^){{CNYj)Zpu5M55dBsWtO@GZ=*dEQw8o4bX?XL4%Pj8T5M_`j2i-x2Xm{+)G
z!d-ax9ZjJ-l`Hn@^IlKgFu~?IKBiVT(9z^p=I~PKk59(5Hco4K7>U&Ek8rV|br3eC
zf-YcQyEV8P20b;nI(GRwIL39b^*Z9G0l1DP{P|?a*NM;9L&(vfnGAYR;PC_Rkgr1!
z9pmZ>sa&Dh1)B!_NUpTVK%$}GL?nQ6jHicFC^$NTf)l<T!Xh7cCL#`&x)9{z>14{3
z8iK^{3GO?%PT~EL!!*YyP@u>B<wSx5D-I!gB%i@1pGWZQ2+B^tC7+K$DW8YnJ%(9h
z9}0|XU^|3s6L{l-XadC^?ueyRi1rYc0HVjZdLk50h4=7CJiudVw1I>LaX*Ib0|dmw
z{QyFRW{4n6C9rrp#M7yG0CT-D6dX%%Kq}6T!0h6VkFW%wkzh)EB~OI%M7&4z#S{&r
zr-xAB;lTv1NyB=QAyD8-Mu9<W7oj3zBBG)G2p(wh4AMp;D462$2?F9FAmYA=7(%p0
z(8h581UV+b@#T&L1QNy&?Z7z7EA9s;@W27vK=QZ90m`m{L{>rswnO;D%WTvGpg@{b
ziwBV7Ld}UQZ6G0nrN?+6SwDcY(pL{b<HJT5_k9>48R)>jL-7@ABwW69G#^&`uu;-Z
zf^!U^qQJq^V^9upokD@!m#!zNOhU;sAIeTVcp#A-!sP+j0?8r}xezB{Ft9Spk^YQ;
zn1qG|No5bdQUJLPq<?C}S29YvyI{@~3LJz^`icwBq)U2GAnl={(t&Xf+GZgAK$v}b
z04pTl9SH~&3wQ;vO90Uzl_-$=P%MT@B21+x3ouAbU05NhCa9tj7U?BoqqLS7A!;NB
z9-3N$Gm;dLHV|MMz!pJP85JDl12q&ink4a5l)+x<j1v(AFOOiHgf~El909utG)s5$
zAVTs-LMK2X9dHDd(z!+mh^Wy}Ie;3<eKJT8$v1E<n#BWg6IaO`0cvRvNz*X|$)GfX
zXwzEAx&YF|h$HD}65k_a`Uu%FMT1Mw0$3V|Vo5}pA_I<eH|cs)Q3iT}6EcX?^bq1i
zga)%fnBa-@5+eculu<7bkI_OW@aa(C1PUZ^{UH?CXe#-8Y@vz_GL+F2Sr<YjL&Qsi
zKWI{o1~<t9kIjH1NqGqO$I=_1fF83@+>yrg@c9IS1g}OA6bLUoFg+Ze9Z6Lo9epfO
zhNXg_p0GiUC=L(`X;>)?1V|)Y0`dcdNUqfLxeWvW46>u4WXuxlsPrH|WT+{b%VKb4
zTd0_5(W06EG=FM}HQ9ow_9%FsEjtpj4%2Rdn6@aKx4K+yV=AhGZ`{CO-m_DtKHqgK
zLs+ZbjK*bj<I}6ec8MIMWn?&(q^R}Roick%8}?mlW*4<}b2#f8Hi(r}!RuCp9M`#y
zVJn4$&o+eZ79Vq%^L~lknadVKpC{b4MPO^sAyoS!DOw{Vxh+0A03~PPDeVR|649O!
z)#)vcjI|5JQ>W&wC<#f(&DgLdRqRPo0#hmx35jpPN>+f+Pw2FTM=N0e#;!Eaw=&q+
zQ(@0+uXLEWOB#qf+~1efI}6V#PBdsbjTU1w<iFMAk!j0fYl!!a20Zzs*xV)_)us|h
zMPh>fSOjHwj9?WlX*w<)Jt+3uSQF(+(F%cjW3@J)QK&*!W=!|%)g8wT&3hXcwl(RH
z;!`)>Y{1;g`hvEO0i5!m%mGSC10-d)R{NaK_L2kRhBf!^sxJnJo4opDP~5Ei7ebI?
z_x!U0W7<~c9HK)A#nxn3ePh6ak1mBj`p>V50i;H?uZCZn$KMdVn9uwBz!~%}fq4Ok
zQv4Yto>yJ14i)sR4i;;Sx9WH0X@zoRkg<W4?E)W$3!_4-4uJ$BJYevcL0j{E$qVcz
z?~Jw;?*_aTxZS1CTkCXRT+eUv?GyL^W)nVt6yQQ^D*y<=ZTr48=rd!{_scH48nCld
zsq}yXd`8JCK3m)RbX9A7ydF-Ytm)u4cf95rvz+TBK|p8YxY+KgOH*~0XO+xDb|JZx
z0`;=nZn=C^mMV97+-@-%Un+vy;p4|g09n+=@|bH?KE!g|x%}JU>L^fuQt5g;ATcfC
zA*LhxB&3fX0koQ#iNQF_>S;>Xbcl#sjn6>D><}h8IGprk?WouQn${;8bFwz-7lo9F
zqgkDLM9!&4G%I;jg+fk1b>@tW!iVzl_Dn$M^-8$ZRtDW@su#Zm@1j)-{@be+E=+80
z&jeey&A?!_4A`q=6dy9yv|e1Bjn`@xvE~k~w{f`J64LqzCu8Q;x`XEnoc$@iKcFdD
z$}&L83y!X~YKT(x#@w;T>ebNMFmsm(*G7ep5oZa}Iw-G3hbjL10#o*^s}k}o%rKeS
z;kPI7K1ct19Uo3QSAPz>1OSI!bwH?P5GYIj5M<mYs?=wCa_34teym8^{}vN{UZ7zW
zG{k+Q4#!>kD>SSuvs7ntYvnu^tT@v1q9*3Y)b+|bnJ}-an;#RF@l2E6KY0=R8ih0{
z8JB7O<y}axfrzzqhxxLLFvwXp-|Y-&O8K?9N8l*1&-JE|5w6qGdsa}6jnC8cMV!C9
z)M+qJ-XUiEn0j1``NT}(6T3>bFyWV4UdQ@sL8t1q|NP~5C7a9UV7QRd9in(zz#~bk
z1t0ztgDJKyk3ZjaIr1>lD0bCjj7Y{>H`UJDLIWEYgnI7(xQtjAc|IO>AeWkHOwolB
zcE&uGhkql9NBoo=V`>o4C}cun60CY*r?ZFc^V8}``YHHw7OZ1m;lz@8%Yojh;`2+q
zWsc~Pj?%`*#d1mkx7&4u^cKp@nXBBHsjqw`#zW~>es_;I!o~L<tSJ;`^wN)aQ9eZA
zJgy0br({yiXR4BLu#0YQcKThK(AoMbPHYNi9JCkj&5$((1=}Hc!<ouk>eN4Fz3}#_
z+MKI}l^c>(v^J(|!MPz{4QErvN)MHkZ57^7+HyB*%2`&wlC-TdYei4dsS0V7;SHVf
z(wT=og>IH#aDrxKSQkl_*HM9B&&V<@T#@W3n~bk`zuBd?6DNTj_p_=(tAn9b@u#Ky
zrgg8Pok&#auV4?oS6BE=Pms`~`$%Z65+AaeM-y&<his--L3r8uo>O_;l*%ip&@fnR
z$L3=4(wNTGbcIS{Dn34YY_=TQURB&OrvWjOrgpjOn29N2W25kh8D+Ei7c*cQXFkq&
zX@u=Kq?N-4YCtSYKQck)tgnrDJBqIH{^ik9RtWAHV5awx$UJ>~$m5+y$}cpJv1WCD
zX-uzmJIi@4d5mt%KeZt9WA4b=TRO3OU9KGSSJcgBpO`sltJQRQE>&x5#Ag0et2=4B
z44FIy-K9V$Sm;R6O6!r3K-1d0i`WTZ)(=t8Fz?Wj=GdoAyVZp(dL@`ozQE{HTpx+y
z=ly<PVkW>zYt3+o!br0iI%>lBDZUownMgLyw1~$%UU}uWw$fP7A+s26y#W2NhVmJ&
zp;#?_kE<v(EuUf?Wd$I1uGOoB?#2PNwom+})a#Yc%2e#Me0PU6mHS&1D0dMW8|Pu2
zOO}%VU#xR+V_z1_o?K1Xdra04Tc!-{+}c$K7RbtnXEfET9irJEp5NnI!$S?FcG$pJ
zuaiE58mhLJ_)tl455;<W)7rjNx}WQAlnkF%d*6FKRnzq;s;axLv^^|PRGX={T=rzL
zFKB@x>f?-qH8At{p7|{y{G`nL4{PHy)0m-|KXxBRWdYHLl@0oJx!bR7@LEZ=230O(
z$YB;)siFlZ^U}|@RSjP+=!ZP1bZk5&!X+tAJ$%#?A#?)z`CmH}LY$2;+HEB6h&S}3
zata4Fc0U_ZoJeRs{9(>Xltes-!3=VMCC1wxs$slbKUGsKb8QZybSP{2tU6m`F>i=t
z!OV+t=4b+$QLW(-Ue(XdG)>LmtT_}?tnSf)aeHr_GmB;@bOhn!9^km&ur!r=wPPH{
zC0caggI$|4Y=;5U2wYp_E&SYgmP3|K>4=s{D55Xh!RYm9-uhmopaC6NT3K`wZPsC|
z*nb&dh^rqU0YAU5CQWU&hKdxJ(0zNJXclZqc*CMrQ3RH~=qrC^iG+)9%1v>!3{WK$
z7}F3R!?)^dvAWFG%6m&@CHjU=V}28aexSNhA^#>5|2=7PGNw~ld3Z^`dMsTbpr6C_
zmA}M~jxLLz>ZD&F<wIW$m?@$+il-FRGo7l$9KJJBHnwB4k<0Q79*(5Z&uJCs(7Nsa
E1M>J(8vp<R

diff --git a/container/types.proto b/container/types.proto
index a0d035d..dc79bd3 100644
--- a/container/types.proto
+++ b/container/types.proto
@@ -18,18 +18,7 @@ message Container {
     uint64 Capacity            = 3;
     // Rules define storage policy for the object inside the container.
     netmap.PlacementRule Rules = 4 [(gogoproto.nullable) = false];
-    // Container ACL.
-    AccessControlList List     = 5 [(gogoproto.nullable) = false];
-}
-
-message AccessGroup {
-    // Group access mode.
-    uint32 AccessMode         = 1;
-    // Group members.
-    repeated bytes UserGroup  = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
-}
-
-message AccessControlList {
-    // List of access groups.
-    repeated AccessGroup List = 1 [(gogoproto.nullable) = false];
+    // BasicACL with access control rules for owner, system, others and
+    // permission bits for bearer token and extended ACL.
+    uint32 BasicACL            = 5;
 }

From 9f4636618fbba620452e0e4b5a5ab8e41e1448fb Mon Sep 17 00:00:00 2001
From: alexvanin <alexey@nspcc.ru>
Date: Thu, 2 Apr 2020 15:16:52 +0300
Subject: [PATCH 5/7] docs: Update docs for neofs-api v0.6.0

---
 docs/acl.md       | 62 +++++++++++++++++++++++++++++++++++++++++++++++
 docs/container.md | 29 ++--------------------
 2 files changed, 64 insertions(+), 27 deletions(-)
 create mode 100644 docs/acl.md

diff --git a/docs/acl.md b/docs/acl.md
new file mode 100644
index 0000000..38f328b
--- /dev/null
+++ b/docs/acl.md
@@ -0,0 +1,62 @@
+# Protocol Documentation
+<a name="top"></a>
+
+## Table of Contents
+
+- [acl/types.proto](#acl/types.proto)
+
+
+
+- [Scalar Value Types](#scalar-value-types)
+
+
+
+<a name="acl/types.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## acl/types.proto
+
+
+ <!-- end services -->
+
+ <!-- end messages -->
+
+
+<a name="acl.Target"></a>
+
+### Target
+Target of the access control rule in access control list.
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| Unknown | 0 | Unknown target, default value. |
+| User | 1 | User target rule is applied if sender is the owner of the container. |
+| System | 2 | System target rule is applied if sender is the storage node within the container or inner ring node. |
+| Others | 3 | Others target rule is applied if sender is not user or system target. |
+| PubKey | 4 | PubKey target rule is applied if sender has public key provided in extended ACL. |
+
+
+ <!-- end enums -->
+
+
+
+## Scalar Value Types
+
+| .proto Type | Notes | C++ Type | Java Type | Python Type |
+| ----------- | ----- | -------- | --------- | ----------- |
+| <a name="double" /> double |  | double | double | float |
+| <a name="float" /> float |  | float | float | float |
+| <a name="int32" /> int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int |
+| <a name="int64" /> int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long |
+| <a name="uint32" /> uint32 | Uses variable-length encoding. | uint32 | int | int/long |
+| <a name="uint64" /> uint64 | Uses variable-length encoding. | uint64 | long | int/long |
+| <a name="sint32" /> sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int |
+| <a name="sint64" /> sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long |
+| <a name="fixed32" /> fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int |
+| <a name="fixed64" /> fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long |
+| <a name="sfixed32" /> sfixed32 | Always four bytes. | int32 | int | int |
+| <a name="sfixed64" /> sfixed64 | Always eight bytes. | int64 | long | int/long |
+| <a name="bool" /> bool |  | bool | boolean | boolean |
+| <a name="string" /> string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode |
+| <a name="bytes" /> bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str |
+
diff --git a/docs/container.md b/docs/container.md
index 6693980..f0188ca 100644
--- a/docs/container.md
+++ b/docs/container.md
@@ -21,8 +21,6 @@
 - [container/types.proto](#container/types.proto)
 
   - Messages
-    - [AccessControlList](#container.AccessControlList)
-    - [AccessGroup](#container.AccessGroup)
     - [Container](#container.Container)
     
 
@@ -166,7 +164,7 @@ via consensus in inner ring nodes
 | Capacity | [uint64](#uint64) |  | Capacity defines amount of data that can be stored in the container (doesn't used for now). |
 | OwnerID | [bytes](#bytes) |  | OwnerID is a wallet address |
 | rules | [netmap.PlacementRule](#netmap.PlacementRule) |  | Rules define storage policy for the object inside the container. |
-| Group | [AccessGroup](#container.AccessGroup) |  | Container ACL. |
+| BasicACL | [uint32](#uint32) |  | BasicACL of the container. |
 | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
 | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
 
@@ -196,29 +194,6 @@ via consensus in inner ring nodes
  <!-- end services -->
 
 
-<a name="container.AccessControlList"></a>
-
-### Message AccessControlList
-
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| List | [AccessGroup](#container.AccessGroup) | repeated | List of access groups. |
-
-
-<a name="container.AccessGroup"></a>
-
-### Message AccessGroup
-
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| AccessMode | [uint32](#uint32) |  | Group access mode. |
-| UserGroup | [bytes](#bytes) | repeated | Group members. |
-
-
 <a name="container.Container"></a>
 
 ### Message Container
@@ -231,7 +206,7 @@ The Container service definition.
 | Salt | [bytes](#bytes) |  | Salt is a nonce for unique container id calculation. |
 | Capacity | [uint64](#uint64) |  | Capacity defines amount of data that can be stored in the container (doesn't used for now). |
 | Rules | [netmap.PlacementRule](#netmap.PlacementRule) |  | Rules define storage policy for the object inside the container. |
-| List | [AccessControlList](#container.AccessControlList) |  | Container ACL. |
+| BasicACL | [uint32](#uint32) |  | BasicACL with access control rules for owner, system, others and permission bits for bearer token and extended ACL. |
 
  <!-- end messages -->
 

From 2fb36f85887cd8e2b9036c150813c43a913fc18f Mon Sep 17 00:00:00 2001
From: alexvanin <alexey@nspcc.ru>
Date: Thu, 2 Apr 2020 15:44:18 +0300
Subject: [PATCH 6/7] container: Support new `BasicACL` field

---
 container/service.go    |  4 ++++
 container/types.go      | 20 ++++----------------
 container/types_test.go | 22 +---------------------
 3 files changed, 9 insertions(+), 37 deletions(-)

diff --git a/container/service.go b/container/service.go
index 8eb9ba6..2f36dc1 100644
--- a/container/service.go
+++ b/container/service.go
@@ -31,9 +31,11 @@ func (m *PutRequest) PrepareData() ([]byte, error) {
 		err      error
 		buf      = new(bytes.Buffer)
 		capBytes = make([]byte, 8)
+		aclBytes = make([]byte, 4)
 	)
 
 	binary.BigEndian.PutUint64(capBytes, m.Capacity)
+	binary.BigEndian.PutUint32(capBytes, m.BasicACL)
 
 	if _, err = buf.Write(m.MessageID.Bytes()); err != nil {
 		return nil, errors.Wrap(err, "could not write message id")
@@ -45,6 +47,8 @@ func (m *PutRequest) PrepareData() ([]byte, error) {
 		return nil, errors.Wrap(err, "could not marshal placement")
 	} else if _, err = buf.Write(data); err != nil {
 		return nil, errors.Wrap(err, "could not write placement")
+	} else if _, err = buf.Write(aclBytes); err != nil {
+		return nil, errors.Wrap(err, "could not write basic acl")
 	}
 
 	return buf.Bytes(), nil
diff --git a/container/types.go b/container/types.go
index 21fc0d1..e358e6d 100644
--- a/container/types.go
+++ b/container/types.go
@@ -11,19 +11,6 @@ import (
 	"github.com/pkg/errors"
 )
 
-// AccessMode is a container access mode type.
-type AccessMode uint32
-
-const (
-	// AccessModeRead is a read access mode.
-	AccessModeRead AccessMode = 1 << iota
-	// AccessModeWrite is a write access mode.
-	AccessModeWrite
-)
-
-// AccessModeReadWrite is a read/write container access mode.
-const AccessModeReadWrite = AccessModeRead | AccessModeWrite
-
 var (
 	_ internal.Custom = (*Container)(nil)
 
@@ -31,8 +18,8 @@ var (
 	emptyOwner = (OwnerID{}).Bytes()
 )
 
-// New creates new user container based on capacity, OwnerID and PlacementRules.
-func New(cap uint64, owner OwnerID, rules netmap.PlacementRule) (*Container, error) {
+// New creates new user container based on capacity, OwnerID, ACL and PlacementRules.
+func New(cap uint64, owner OwnerID, acl uint32, rules netmap.PlacementRule) (*Container, error) {
 	if bytes.Equal(owner[:], emptyOwner) {
 		return nil, refs.ErrEmptyOwner
 	} else if cap == 0 {
@@ -49,6 +36,7 @@ func New(cap uint64, owner OwnerID, rules netmap.PlacementRule) (*Container, err
 		Salt:     UUID(salt),
 		Capacity: cap,
 		Rules:    rules,
+		BasicACL: acl,
 	}, nil
 }
 
@@ -90,7 +78,7 @@ func NewTestContainer() (*Container, error) {
 	if err != nil {
 		return nil, err
 	}
-	return New(100, owner, netmap.PlacementRule{
+	return New(100, owner, 0xFFFFFFFF, netmap.PlacementRule{
 		ReplFactor: 2,
 		SFGroups: []netmap.SFGroup{
 			{
diff --git a/container/types_test.go b/container/types_test.go
index 1ccc00b..fddccb3 100644
--- a/container/types_test.go
+++ b/container/types_test.go
@@ -36,7 +36,7 @@ func TestCID(t *testing.T) {
 		owner, err := refs.NewOwnerID(&key.PublicKey)
 		require.NoError(t, err)
 
-		c1, err := New(10, owner, rules)
+		c1, err := New(10, owner, 0xDEADBEEF, rules)
 		require.NoError(t, err)
 
 		data, err := proto.Marshal(c1)
@@ -55,23 +55,3 @@ func TestCID(t *testing.T) {
 		require.Equal(t, cid1, cid2)
 	})
 }
-
-func TestAccessMode(t *testing.T) {
-	t.Run("read access to read/write mode", func(t *testing.T) {
-		require.Equal(t, AccessModeRead, AccessModeReadWrite&AccessModeRead)
-	})
-
-	t.Run("write access to read/write mode", func(t *testing.T) {
-		require.Equal(t, AccessModeWrite, AccessModeReadWrite&AccessModeWrite)
-	})
-
-	t.Run("read(write) access to write(read) mode", func(t *testing.T) {
-		require.Zero(t, AccessModeRead&AccessModeWrite)
-	})
-
-	t.Run("access to same mode", func(t *testing.T) {
-		require.Equal(t, AccessModeWrite, AccessModeWrite&AccessModeWrite)
-		require.Equal(t, AccessModeRead, AccessModeRead&AccessModeRead)
-		require.Equal(t, AccessModeReadWrite, AccessModeReadWrite&AccessModeReadWrite)
-	})
-}

From 72c61002aa6effd0c1c3cb1a6b7b4fe00629f3e7 Mon Sep 17 00:00:00 2001
From: alexvanin <alexey@nspcc.ru>
Date: Fri, 3 Apr 2020 10:30:48 +0300
Subject: [PATCH 7/7] Update changelog for v0.6.0

---
 CHANGELOG.md | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 02254ab..1e9d098 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,16 @@
 # Changelog
-This is the changelog for NeoFS API
+This is the changelog for NeoFS-API-Go
+
+## [0.6.0] - 2020-04-03
+
+### Added
+
+- `RequestType` for object service requests
+- `Type()` function in `Request` interface
+
+### Changed
+
+- Synced proto files with `neofs-api v0.6.0`
 
 ## [0.5.0] - 2020-03-31
 
@@ -217,3 +228,4 @@ Initial public release
 [0.4.1]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.4.0...v0.4.1
 [0.4.2]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.4.1...v0.4.2
 [0.5.0]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.4.2...v0.5.0
+[0.6.0]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.5.0...v0.6.0