[#190] Use request sender owner in sticky bit check

Sticky bit checks if object owner and request owner are the
same. Container owner should not used in this check.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
Alex Vanin 2020-11-19 17:26:04 +03:00 committed by Alex Vanin
parent 2148e282ec
commit dbf6c9efef

View file

@ -508,7 +508,7 @@ func basicACLCheck(info requestInfo) bool {
}
func stickyBitCheck(info requestInfo, owner *owner.ID) bool {
if owner == nil || info.cnrOwner == nil {
if owner == nil || len(info.senderKey) == 0 {
return false
}
@ -516,7 +516,9 @@ func stickyBitCheck(info requestInfo, owner *owner.ID) bool {
return true
}
return bytes.Equal(owner.ToV2().GetValue(), info.cnrOwner.ToV2().GetValue())
requestSenderKey := crypto.UnmarshalPublicKey(info.senderKey)
return isOwnerFromKey(owner, requestSenderKey)
}
func eACLCheck(msg interface{}, reqInfo requestInfo, cfg *eACLCfg) bool {