forked from TrueCloudLab/frostfs-node
[#1247] object/acl: Return ObjectAccessDenied
status error
Return `apistatus.ObjectAccessDenied` error on access violation from ACL service. Write reason in format of the errors from the previous implementation. These errors are returned by storage node's server as NeoFS API statuses. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
parent
967650f2ed
commit
459bdcf04b
1 changed files with 11 additions and 17 deletions
|
@ -3,6 +3,8 @@ package v2
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
|
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
@ -15,26 +17,18 @@ var (
|
||||||
ErrInvalidVerb = errors.New("session token verb is invalid")
|
ErrInvalidVerb = errors.New("session token verb is invalid")
|
||||||
)
|
)
|
||||||
|
|
||||||
type accessErr struct {
|
const accessDeniedReasonFmt = "access to operation %v is denied by %s check"
|
||||||
RequestInfo
|
|
||||||
|
|
||||||
failedCheckTyp string
|
|
||||||
}
|
|
||||||
|
|
||||||
func (a *accessErr) Error() string {
|
|
||||||
return fmt.Sprintf("access to operation %v is denied by %s check", a.operation, a.failedCheckTyp)
|
|
||||||
}
|
|
||||||
|
|
||||||
func basicACLErr(info RequestInfo) error {
|
func basicACLErr(info RequestInfo) error {
|
||||||
return &accessErr{
|
var errAccessDenied apistatus.ObjectAccessDenied
|
||||||
RequestInfo: info,
|
errAccessDenied.WriteReason(fmt.Sprintf(accessDeniedReasonFmt, info.operation, "basic ACL"))
|
||||||
failedCheckTyp: "basic ACL",
|
|
||||||
}
|
return errAccessDenied
|
||||||
}
|
}
|
||||||
|
|
||||||
func eACLErr(info RequestInfo) error {
|
func eACLErr(info RequestInfo) error {
|
||||||
return &accessErr{
|
var errAccessDenied apistatus.ObjectAccessDenied
|
||||||
RequestInfo: info,
|
errAccessDenied.WriteReason(fmt.Sprintf(accessDeniedReasonFmt, info.operation, "extended ACL"))
|
||||||
failedCheckTyp: "extended ACL",
|
|
||||||
}
|
return errAccessDenied
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue