forked from TrueCloudLab/frostfs-node
[#106] Ignore bearer token if basic ACL restrict it
There is a bit to allow or deny bearer token check for each object service method. If this bit is not set then ignore bearer token and use extended ACL table from sidechain. Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
parent
89cd2ad463
commit
bb455af05f
1 changed files with 5 additions and 0 deletions
|
@ -515,6 +515,11 @@ func eACLCheck(msg interface{}, reqInfo requestInfo, cfg *eACLCfg) bool {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// if bearer token is not allowed, then ignore it
|
||||||
|
if !reqInfo.basicACL.BearerAllowed(reqInfo.operation) {
|
||||||
|
reqInfo.bearer = nil
|
||||||
|
}
|
||||||
|
|
||||||
// if bearer token is not present, isValidBearer returns true
|
// if bearer token is not present, isValidBearer returns true
|
||||||
if !isValidBearer(reqInfo) {
|
if !isValidBearer(reqInfo) {
|
||||||
return false
|
return false
|
||||||
|
|
Loading…
Reference in a new issue