[#1247] object/acl: Return ObjectAccessDenied status error

Return `apistatus.ObjectAccessDenied` error on access violation from ACL
service. Write reason in format of the errors from the previous
implementation. These errors are returned by storage node's server as
NeoFS API statuses.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2022-03-17 11:25:33 +03:00 committed by Alex Vanin
parent 967650f2ed
commit 459bdcf04b

View file

@ -3,6 +3,8 @@ package v2
import (
"errors"
"fmt"
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
)
var (
@ -15,26 +17,18 @@ var (
ErrInvalidVerb = errors.New("session token verb is invalid")
)
type accessErr struct {
RequestInfo
failedCheckTyp string
}
func (a *accessErr) Error() string {
return fmt.Sprintf("access to operation %v is denied by %s check", a.operation, a.failedCheckTyp)
}
const accessDeniedReasonFmt = "access to operation %v is denied by %s check"
func basicACLErr(info RequestInfo) error {
return &accessErr{
RequestInfo: info,
failedCheckTyp: "basic ACL",
}
var errAccessDenied apistatus.ObjectAccessDenied
errAccessDenied.WriteReason(fmt.Sprintf(accessDeniedReasonFmt, info.operation, "basic ACL"))
return errAccessDenied
}
func eACLErr(info RequestInfo) error {
return &accessErr{
RequestInfo: info,
failedCheckTyp: "extended ACL",
}
var errAccessDenied apistatus.ObjectAccessDenied
errAccessDenied.WriteReason(fmt.Sprintf(accessDeniedReasonFmt, info.operation, "extended ACL"))
return errAccessDenied
}