dstepanov-yadro/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Issues Pull requests Projects Releases Packages Wiki Activity

[#106] Ignore bearer token if basic ACL restrict it

Browse source 
There is a bit to allow or deny bearer token check for
each object service method. If this bit is not set then
ignore bearer token and use extended ACL table from
sidechain.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
Alex Vanin 2020-10-21 19:08:22 +03:00 committed by Alex Vanin
parent 89cd2ad463
commit bb455af05f
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
pkg/services/object/acl/acl.go
View file

@ -515,6 +515,11 @@ func eACLCheck(msg interface{}, reqInfo requestInfo, cfg *eACLCfg) bool {
return true
}
// if bearer token is not allowed, then ignore it
if !reqInfo.basicACL.BearerAllowed(reqInfo.operation) {
reqInfo.bearer = nil
}
// if bearer token is not present, isValidBearer returns true
if !isValidBearer(reqInfo) {
return false