[#1247] object/acl: Return ObjectAccessDenied status error

Return `apistatus.ObjectAccessDenied` error on access violation from ACL
service. Write reason in format of the errors from the previous
implementation. These errors are returned by storage node's server as
NeoFS API statuses.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2022-03-17 11:25:33 +03:00 committed by Alex Vanin
parent 967650f2ed
commit 459bdcf04b

View file

@ -3,6 +3,8 @@ package v2
import ( import (
"errors" "errors"
"fmt" "fmt"
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
) )
var ( var (
@ -15,26 +17,18 @@ var (
ErrInvalidVerb = errors.New("session token verb is invalid") ErrInvalidVerb = errors.New("session token verb is invalid")
) )
type accessErr struct { const accessDeniedReasonFmt = "access to operation %v is denied by %s check"
RequestInfo
failedCheckTyp string
}
func (a *accessErr) Error() string {
return fmt.Sprintf("access to operation %v is denied by %s check", a.operation, a.failedCheckTyp)
}
func basicACLErr(info RequestInfo) error { func basicACLErr(info RequestInfo) error {
return &accessErr{ var errAccessDenied apistatus.ObjectAccessDenied
RequestInfo: info, errAccessDenied.WriteReason(fmt.Sprintf(accessDeniedReasonFmt, info.operation, "basic ACL"))
failedCheckTyp: "basic ACL",
} return errAccessDenied
} }
func eACLErr(info RequestInfo) error { func eACLErr(info RequestInfo) error {
return &accessErr{ var errAccessDenied apistatus.ObjectAccessDenied
RequestInfo: info, errAccessDenied.WriteReason(fmt.Sprintf(accessDeniedReasonFmt, info.operation, "extended ACL"))
failedCheckTyp: "extended ACL",
} return errAccessDenied
} }