diff --git a/pkg/core/container/storage.go b/pkg/core/container/storage.go index e1c07ca2a..326c656cc 100644 --- a/pkg/core/container/storage.go +++ b/pkg/core/container/storage.go @@ -22,3 +22,7 @@ type Source interface { // ErrNotFound is the error returned when container was not found in storage. var ErrNotFound = errors.New("container not found") + +// ErrEACLNotFound is returned by eACL storage implementations when +// requested eACL table is not in storage. +var ErrEACLNotFound = errors.New("extended ACL table is not set for this container") diff --git a/pkg/morph/client/container/wrapper/eacl.go b/pkg/morph/client/container/wrapper/eacl.go index 2f11b744b..40c5a31c5 100644 --- a/pkg/morph/client/container/wrapper/eacl.go +++ b/pkg/morph/client/container/wrapper/eacl.go @@ -2,16 +2,15 @@ package wrapper import ( "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl" - "github.com/nspcc-dev/neofs-api-go/pkg/container" + containerSDK "github.com/nspcc-dev/neofs-api-go/pkg/container" + "github.com/nspcc-dev/neofs-node/pkg/core/container" client "github.com/nspcc-dev/neofs-node/pkg/morph/client/container" "github.com/pkg/errors" ) -var ErrEACLNotFound = errors.New("extended ACL table is not set for this container") - // GetEACL reads the extended ACL table from NeoFS system // through Container contract call. -func (w *Wrapper) GetEACL(cid *container.ID) (*eacl.Table, []byte, error) { +func (w *Wrapper) GetEACL(cid *containerSDK.ID) (*eacl.Table, []byte, error) { if cid == nil { return nil, nil, errNilArgument } @@ -34,7 +33,7 @@ func (w *Wrapper) GetEACL(cid *container.ID) (*eacl.Table, []byte, error) { // since unsigned table cannot be approved in the storage by design. sig := rpcAnswer.Signature() if len(sig) == 0 { - return nil, nil, ErrEACLNotFound + return nil, nil, container.ErrEACLNotFound } table := eacl.NewTable() diff --git a/pkg/services/object/acl/eacl/types.go b/pkg/services/object/acl/eacl/types.go index a75bf7bf0..1527ba37b 100644 --- a/pkg/services/object/acl/eacl/types.go +++ b/pkg/services/object/acl/eacl/types.go @@ -13,6 +13,9 @@ type Storage interface { // It returns any error encountered. // // GetEACL must return exactly one non-nil value. + // + // Must return pkg/core/container.ErrEACLNotFound if requested + // eACL table is is not in storage. GetEACL(*container.ID) (*eacl.Table, error) } diff --git a/pkg/services/object/acl/eacl/validator.go b/pkg/services/object/acl/eacl/validator.go index c9cd709ad..8939f06a8 100644 --- a/pkg/services/object/acl/eacl/validator.go +++ b/pkg/services/object/acl/eacl/validator.go @@ -6,7 +6,7 @@ import ( "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl" crypto "github.com/nspcc-dev/neofs-crypto" - "github.com/nspcc-dev/neofs-node/pkg/morph/client/container/wrapper" + "github.com/nspcc-dev/neofs-node/pkg/core/container" "github.com/nspcc-dev/neofs-node/pkg/util/logger" "go.uber.org/zap" ) @@ -68,7 +68,7 @@ func (v *Validator) CalculateAction(unit *ValidationUnit) eacl.Action { // get eACL table by container ID table, err = v.storage.GetEACL(unit.cid) if err != nil { - if errors.Is(err, wrapper.ErrEACLNotFound) { + if errors.Is(err, container.ErrEACLNotFound) { return eacl.ActionAllow }