ale64bit/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Issues Pull requests Projects Releases Packages Wiki Activity

[#1628] tree: Document ACL checks in tree service

Browse source 
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
This commit is contained in:
Pavel Karpy 2022-09-12 14:10:32 +03:00 committed by fyrchik
parent 8d0906c6ab
commit 2ffcd02ac3
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
pkg/services/tree/service.proto
View file

@ -12,6 +12,21 @@ option go_package = "github.com/nspcc-dev/neofs-node/pkg/services/tree";
service TreeService { service TreeService {
/* Client API */ /* Client API */
// Client methods are mapped to the object RPC:
// [ Add, AddByPath, Remove, Move ] -> PUT;
// [ GetNodeByPath, GetSubTree ] -> GET.
// One of the following must be true:
// - a signer passes non-extended basic ACL;
// - a signer passes extended basic ACL AND bearer token is
// attached AND the basic ACL allows attaching bearer token
// to the GET/PUT operation AND eACL table in the bearer contains
// an explicit allowing the signer's key (or its role) rule
// for the GET/PUT operation;
// - a signer passes extended basic ACL AND the extension
// contains an explicit allowing the signer's key (or its role)
// rule for GET/PUT operation.
// Otherwise, a request is denied.
// Add adds new node to the tree. Invoked by a client. // Add adds new node to the tree. Invoked by a client.
rpc Add (AddRequest) returns (AddResponse); rpc Add (AddRequest) returns (AddResponse);
// AddByPath adds new node to the tree by path. Invoked by a client. // AddByPath adds new node to the tree by path. Invoked by a client.