forked from TrueCloudLab/frostfs-node
459bdcf04b
Return `apistatus.ObjectAccessDenied` error on access violation from ACL service. Write reason in format of the errors from the previous implementation. These errors are returned by storage node's server as NeoFS API statuses. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
34 lines
1 KiB
Go
34 lines
1 KiB
Go
package v2
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
|
|
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
|
|
)
|
|
|
|
var (
|
|
// ErrMalformedRequest is returned when request contains
|
|
// invalid data.
|
|
ErrMalformedRequest = errors.New("malformed request")
|
|
// ErrUnknownRole is returned when role of the sender is unknown.
|
|
ErrUnknownRole = errors.New("can't classify request sender")
|
|
// ErrInvalidVerb is returned when session token verb doesn't include necessary operation.
|
|
ErrInvalidVerb = errors.New("session token verb is invalid")
|
|
)
|
|
|
|
const accessDeniedReasonFmt = "access to operation %v is denied by %s check"
|
|
|
|
func basicACLErr(info RequestInfo) error {
|
|
var errAccessDenied apistatus.ObjectAccessDenied
|
|
errAccessDenied.WriteReason(fmt.Sprintf(accessDeniedReasonFmt, info.operation, "basic ACL"))
|
|
|
|
return errAccessDenied
|
|
}
|
|
|
|
func eACLErr(info RequestInfo) error {
|
|
var errAccessDenied apistatus.ObjectAccessDenied
|
|
errAccessDenied.WriteReason(fmt.Sprintf(accessDeniedReasonFmt, info.operation, "extended ACL"))
|
|
|
|
return errAccessDenied
|
|
}
|