forked from TrueCloudLab/frostfs-node
Airat Arifullin
8e11ef46b8
* Introduce Request type converted from RequestInfo type to implement policy-engine's Request interface * Implement basic ape checker to check if a request is permitted to be performed * Make put handlers use APE checker instead EACL Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
34 lines
1 KiB
Go
34 lines
1 KiB
Go
package v2
|
|
|
|
import (
|
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
|
|
)
|
|
|
|
// ACLChecker is an interface that must provide
|
|
// ACL related checks.
|
|
type ACLChecker interface {
|
|
// CheckBasicACL must return true only if request
|
|
// passes basic ACL validation.
|
|
CheckBasicACL(RequestInfo) bool
|
|
// CheckEACL must return non-nil error if request
|
|
// doesn't pass extended ACL validation.
|
|
CheckEACL(any, RequestInfo) error
|
|
// StickyBitCheck must return true only if sticky bit
|
|
// is disabled or enabled but request contains correct
|
|
// owner field.
|
|
StickyBitCheck(RequestInfo, user.ID) bool
|
|
}
|
|
|
|
// InnerRingFetcher is an interface that must provide
|
|
// Inner Ring information.
|
|
type InnerRingFetcher interface {
|
|
// InnerRingKeys must return list of public keys of
|
|
// the actual inner ring.
|
|
InnerRingKeys() ([][]byte, error)
|
|
}
|
|
|
|
// APEChainChecker is the interface that provides methods to
|
|
// check if the access policy engine permits to perform the request.
|
|
type APEChainChecker interface {
|
|
CheckIfRequestPermitted(RequestInfo) error
|
|
}
|