frostfs-node/pkg/services/object/acl/v2/errors.go
Leonard Lyubich 459bdcf04b [#1247] object/acl: Return ObjectAccessDenied status error
Return `apistatus.ObjectAccessDenied` error on access violation from ACL
service. Write reason in format of the errors from the previous
implementation. These errors are returned by storage node's server as
NeoFS API statuses.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-03-17 16:34:00 +03:00

34 lines
1 KiB
Go

package v2
import (
"errors"
"fmt"
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
)
var (
// ErrMalformedRequest is returned when request contains
// invalid data.
ErrMalformedRequest = errors.New("malformed request")
// ErrUnknownRole is returned when role of the sender is unknown.
ErrUnknownRole = errors.New("can't classify request sender")
// ErrInvalidVerb is returned when session token verb doesn't include necessary operation.
ErrInvalidVerb = errors.New("session token verb is invalid")
)
const accessDeniedReasonFmt = "access to operation %v is denied by %s check"
func basicACLErr(info RequestInfo) error {
var errAccessDenied apistatus.ObjectAccessDenied
errAccessDenied.WriteReason(fmt.Sprintf(accessDeniedReasonFmt, info.operation, "basic ACL"))
return errAccessDenied
}
func eACLErr(info RequestInfo) error {
var errAccessDenied apistatus.ObjectAccessDenied
errAccessDenied.WriteReason(fmt.Sprintf(accessDeniedReasonFmt, info.operation, "extended ACL"))
return errAccessDenied
}