forked from TrueCloudLab/frostfs-node
[#1524] tree: Make check APE error get wrapped to api status
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
This commit is contained in:
parent
fa2e46a65a
commit
d831ffc695
1 changed files with 11 additions and 1 deletions
|
@ -11,6 +11,7 @@ import (
|
||||||
core "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/container"
|
core "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/container"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/refs"
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/refs"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
|
||||||
|
apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl"
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl"
|
||||||
cidSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
cidSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
||||||
frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
|
frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
|
||||||
|
@ -62,7 +63,16 @@ func (s *Service) verifyClient(ctx context.Context, req message, cid cidSDK.ID,
|
||||||
return fmt.Errorf("can't get request role: %w", err)
|
return fmt.Errorf("can't get request role: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return s.checkAPE(ctx, bt, cnr, cid, op, role, pubKey)
|
if err = s.checkAPE(ctx, bt, cnr, cid, op, role, pubKey); err != nil {
|
||||||
|
return apeErr(err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func apeErr(err error) error {
|
||||||
|
errAccessDenied := &apistatus.ObjectAccessDenied{}
|
||||||
|
errAccessDenied.WriteReason(err.Error())
|
||||||
|
return errAccessDenied
|
||||||
}
|
}
|
||||||
|
|
||||||
// Returns true iff the operation is read-only and request was signed
|
// Returns true iff the operation is read-only and request was signed
|
||||||
|
|
Loading…
Reference in a new issue