[#247] object/eacl: Use object ID from session token context

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-12-14 16:50:45 +03:00 · 2020-12-14 16:50:45 +03:00 · 8654458b19
commit 8654458b19
parent 168dcbdccd
2 changed files with 65 additions and 21 deletions
--- a/pkg/services/object/acl/acl.go
+++ b/pkg/services/object/acl/acl.go
@ -143,9 +143,11 @@ func (b Service) Get(request *object.GetRequest, stream objectSvc.GetObjectStrea
 		return err
 	}
 	sTok := request.GetMetaHeader().GetSessionToken()
 	req := metaWithToken{
 		vheader: request.GetVerificationHeader(),
-		token:   request.GetMetaHeader().GetSessionToken(),
+		token:   sTok,
 		bearer:  request.GetMetaHeader().GetBearerToken(),
 	}
@ -155,6 +157,7 @@ func (b Service) Get(request *object.GetRequest, stream objectSvc.GetObjectStrea
 	}
 	reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
 	useObjectIDFromSession(&reqInfo, sTok)
 	if !basicACLCheck(reqInfo) {
 		return basicACLErr(reqInfo)
@ -188,9 +191,11 @@ func (b Service) Head(
 		return nil, err
 	}
 	sTok := request.GetMetaHeader().GetSessionToken()
 	req := metaWithToken{
 		vheader: request.GetVerificationHeader(),
-		token:   request.GetMetaHeader().GetSessionToken(),
+		token:   sTok,
 		bearer:  request.GetMetaHeader().GetBearerToken(),
 	}
@ -200,6 +205,7 @@ func (b Service) Head(
 	}
 	reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
 	useObjectIDFromSession(&reqInfo, sTok)
 	if !basicACLCheck(reqInfo) {
 		return nil, basicACLErr(reqInfo)
@ -260,9 +266,11 @@ func (b Service) Delete(
 		return nil, err
 	}
 	sTok := request.GetMetaHeader().GetSessionToken()
 	req := metaWithToken{
 		vheader: request.GetVerificationHeader(),
-		token:   request.GetMetaHeader().GetSessionToken(),
+		token:   sTok,
 		bearer:  request.GetMetaHeader().GetBearerToken(),
 	}
@ -272,6 +280,7 @@ func (b Service) Delete(
 	}
 	reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
 	useObjectIDFromSession(&reqInfo, sTok)
 	if !basicACLCheck(reqInfo) {
 		return nil, basicACLErr(reqInfo)
@ -288,9 +297,11 @@ func (b Service) GetRange(request *object.GetRangeRequest, stream objectSvc.GetO
 		return err
 	}
 	sTok := request.GetMetaHeader().GetSessionToken()
 	req := metaWithToken{
 		vheader: request.GetVerificationHeader(),
-		token:   request.GetMetaHeader().GetSessionToken(),
+		token:   sTok,
 		bearer:  request.GetMetaHeader().GetBearerToken(),
 	}
@ -300,6 +311,7 @@ func (b Service) GetRange(request *object.GetRangeRequest, stream objectSvc.GetO
 	}
 	reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
 	useObjectIDFromSession(&reqInfo, sTok)
 	if !basicACLCheck(reqInfo) {
 		return basicACLErr(reqInfo)
@ -323,9 +335,11 @@ func (b Service) GetRangeHash(
 		return nil, err
 	}
 	sTok := request.GetMetaHeader().GetSessionToken()
 	req := metaWithToken{
 		vheader: request.GetVerificationHeader(),
-		token:   request.GetMetaHeader().GetSessionToken(),
+		token:   sTok,
 		bearer:  request.GetMetaHeader().GetBearerToken(),
 	}
@ -335,6 +349,7 @@ func (b Service) GetRangeHash(
 	}
 	reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
 	useObjectIDFromSession(&reqInfo, sTok)
 	if !basicACLCheck(reqInfo) {
 		return nil, basicACLErr(reqInfo)
@ -363,9 +378,11 @@ func (p putStreamBasicChecker) Send(request *object.PutRequest) error {
 			return err
 		}
 		sTok := part.GetHeader().GetSessionToken()
 		req := metaWithToken{
 			vheader: request.GetVerificationHeader(),
-			token:   part.GetHeader().GetSessionToken(),
+			token:   sTok,
 			bearer:  request.GetMetaHeader().GetBearerToken(),
 		}
@ -375,6 +392,7 @@ func (p putStreamBasicChecker) Send(request *object.PutRequest) error {
 		}
 		reqInfo.oid = getObjectIDFromRequestBody(part)
 		useObjectIDFromSession(&reqInfo, sTok)
 		if !basicACLCheck(reqInfo) || !stickyBitCheck(reqInfo, ownerID) {
 			return basicACLErr(reqInfo)
@ -484,6 +502,21 @@ func getContainerIDFromRequest(req interface{}) (id *container.ID, err error) {
 	}
 }
 func useObjectIDFromSession(req *requestInfo, token *session.SessionToken) {
 	if token == nil {
 		return
 	}
 	objCtx, ok := token.GetBody().GetContext().(*session.ObjectSessionContext)
 	if !ok {
 		return
 	}
 	req.oid = objectSDK.NewIDFromV2(
 		objCtx.GetAddress().GetObjectID(),
 	)
 }
 func getObjectIDFromRequestBody(body interface{}) *objectSDK.ID {
 	switch v := body.(type) {
 	default:
--- a/pkg/services/object/acl/eacl/v2/headers.go
+++ b/pkg/services/object/acl/eacl/v2/headers.go
@ -64,7 +64,7 @@ func (h *headerSource) HeadersOfType(typ eaclSDK.FilterHeaderType) ([]eacl.Heade
 	case eaclSDK.HeaderFromRequest:
 		return requestHeaders(h.msg), true
 	case eaclSDK.HeaderFromObject:
-		return h.objectHeaders(), true
+		return h.objectHeaders()
 	}
 }
@ -80,7 +80,7 @@ func requestHeaders(msg xHeaderSource) []eacl.Header {
 	return res
 }
-func (h *headerSource) objectHeaders() []eacl.Header {
+func (h *headerSource) objectHeaders() ([]eacl.Header, bool) {
 	switch m := h.msg.(type) {
 	default:
 		panic(fmt.Sprintf("unexpected message type %T", h.msg))
@ -89,39 +89,50 @@ func (h *headerSource) objectHeaders() []eacl.Header {
 		case *objectV2.GetRequest:
 			return h.localObjectHeaders(req.GetBody().GetAddress())
 		case *objectV2.DeleteRequest:
-			return h.localObjectHeaders(req.GetBody().GetAddress())
+			hs, _ := h.localObjectHeaders(req.GetBody().GetAddress())
 			return hs, true
 		case *objectV2.HeadRequest:
 			return h.localObjectHeaders(req.GetBody().GetAddress())
 		case *objectV2.GetRangeRequest:
-			return h.localObjectHeaders(req.GetBody().GetAddress())
+			hs, _ := h.localObjectHeaders(req.GetBody().GetAddress())
 			return hs, true
 		case *objectV2.GetRangeHashRequest:
-			return h.localObjectHeaders(req.GetBody().GetAddress())
+			hs, _ := h.localObjectHeaders(req.GetBody().GetAddress())
 			return hs, true
 		case *objectV2.PutRequest:
 			if v, ok := req.GetBody().GetObjectPart().(*objectV2.PutObjectPartInit); ok {
 				oV2 := new(objectV2.Object)
 				oV2.SetObjectID(v.GetObjectID())
 				oV2.SetHeader(v.GetHeader())
-				return headersFromObject(object.NewFromV2(oV2))
+				hs := headersFromObject(object.NewFromV2(oV2))
 				if tok := oV2.GetHeader().GetSessionToken(); tok != nil {
 					objCtx, ok := tok.GetBody().GetContext().(*session.ObjectSessionContext)
 					if ok {
 						hs = append(hs, addressHeaders(objectSDK.NewAddressFromV2(objCtx.GetAddress()))...)
 					}
 				}
 				return hs, true
 			}
 		case *objectV2.SearchRequest:
 			return []eacl.Header{cidHeader(
 				container.NewIDFromV2(
 					req.GetBody().GetContainerID()),
-			),
+			)}, true
 			}
 		}
 	case *responseXHeaderSource:
 		switch resp := m.resp.(type) {
 		default:
-			return h.localObjectHeaders(m.addr)
+			hs, _ := h.localObjectHeaders(m.addr)
 			return hs, true
 		case *objectV2.GetResponse:
 			if v, ok := resp.GetBody().GetObjectPart().(*objectV2.GetObjectPartInit); ok {
 				oV2 := new(objectV2.Object)
 				oV2.SetObjectID(v.GetObjectID())
 				oV2.SetHeader(v.GetHeader())
-				return headersFromObject(object.NewFromV2(oV2))
+				return headersFromObject(object.NewFromV2(oV2)), true
 			}
 		case *objectV2.HeadResponse:
 			oV2 := new(objectV2.Object)
@ -147,22 +158,22 @@ func (h *headerSource) objectHeaders() []eacl.Header {
 			return append(
 				headersFromObject(object.NewFromV2(oV2)),
 				oidHeader(objectSDK.NewIDFromV2(m.addr.GetObjectID())),
-			)
+			), true
 		}
 	}
-	return nil
+	return nil, true
 }
-func (h *headerSource) localObjectHeaders(addrV2 *refs.Address) []eacl.Header {
+func (h *headerSource) localObjectHeaders(addrV2 *refs.Address) ([]eacl.Header, bool) {
 	addr := objectSDK.NewAddressFromV2(addrV2)
 	obj, err := h.storage.Head(addr)
 	if err == nil {
-		return headersFromObject(obj)
+		return append(headersFromObject(obj), addressHeaders(addr)...), true
 	}
-	return addressHeaders(addr)
+	return addressHeaders(addr), false
 }
 func cidHeader(cid *container.ID) eacl.Header {