[#1247] object/acl: Return ObjectAccessDenied status error

Return `apistatus.ObjectAccessDenied` error on access violation from ACL service. Write reason in format of the errors from the previous implementation. These errors are returned by storage node's server as NeoFS API statuses. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-03-17 11:25:33 +03:00 · 2022-03-17 11:25:33 +03:00 · 459bdcf04b
commit 459bdcf04b
parent 967650f2ed
1 changed files with 11 additions and 17 deletions
--- a/pkg/services/object/acl/v2/errors.go
+++ b/pkg/services/object/acl/v2/errors.go
@ -3,6 +3,8 @@ package v2
 import (
 	"errors"
 	"fmt"
 	apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
 )
 var (
@ -15,26 +17,18 @@ var (
 	ErrInvalidVerb = errors.New("session token verb is invalid")
 )
-type accessErr struct {
+const accessDeniedReasonFmt = "access to operation %v is denied by %s check"
 	RequestInfo
 	failedCheckTyp string
 }
 func (a *accessErr) Error() string {
 	return fmt.Sprintf("access to operation %v is denied by %s check", a.operation, a.failedCheckTyp)
 }
 func basicACLErr(info RequestInfo) error {
-	return &accessErr{
+	var errAccessDenied apistatus.ObjectAccessDenied
-		RequestInfo:    info,
+	errAccessDenied.WriteReason(fmt.Sprintf(accessDeniedReasonFmt, info.operation, "basic ACL"))
-		failedCheckTyp: "basic ACL",
+
-	}
+	return errAccessDenied
 }
 func eACLErr(info RequestInfo) error {
-	return &accessErr{
+	var errAccessDenied apistatus.ObjectAccessDenied
-		RequestInfo:    info,
+	errAccessDenied.WriteReason(fmt.Sprintf(accessDeniedReasonFmt, info.operation, "extended ACL"))
-		failedCheckTyp: "extended ACL",
+
-	}
+	return errAccessDenied
 }