2022-02-11 12:25:05 +00:00
|
|
|
package v2
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"errors"
|
|
|
|
|
"fmt"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
|
// ErrMalformedRequest is returned when request contains
|
|
|
|
|
// invalid data.
|
|
|
|
|
ErrMalformedRequest = errors.New("malformed request")
|
|
|
|
|
// ErrUnknownRole is returned when role of the sender is unknown.
|
|
|
|
|
ErrUnknownRole = errors.New("can't classify request sender")
|
2022-02-28 12:35:10 +00:00
|
|
|
// ErrInvalidVerb is returned when session token verb doesn't include necessary operation.
|
|
|
|
|
ErrInvalidVerb = errors.New("session token verb is invalid")
|
2022-02-11 12:25:05 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type accessErr struct {
|
|
|
|
|
RequestInfo
|
|
|
|
|
|
|
|
|
|
failedCheckTyp string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (a *accessErr) Error() string {
|
|
|
|
|
return fmt.Sprintf("access to operation %v is denied by %s check", a.operation, a.failedCheckTyp)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func basicACLErr(info RequestInfo) error {
|
|
|
|
|
return &accessErr{
|
|
|
|
|
RequestInfo: info,
|
|
|
|
|
failedCheckTyp: "basic ACL",
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func eACLErr(info RequestInfo) error {
|
|
|
|
|
return &accessErr{
|
|
|
|
|
RequestInfo: info,
|
|
|
|
|
failedCheckTyp: "extended ACL",
|
|
|
|
|
}
|
|
|
|
|
}
|
