forked from TrueCloudLab/frostfs-rest-gw
[#69] Forbid SetEACL operation if basic acl final
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
parent
09e8196ed4
commit
630547d488
1 changed files with 24 additions and 2 deletions
|
@ -90,6 +90,11 @@ func (a *API) PutContainerEACL(params operations.PutContainerEACLParams, princip
|
||||||
return operations.NewPutContainerEACLBadRequest().WithPayload(resp)
|
return operations.NewPutContainerEACLBadRequest().WithPayload(resp)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if err = checkContainerExtendable(params.HTTPRequest.Context(), a.pool, cnrID); err != nil {
|
||||||
|
resp := a.logAndGetErrorResponse("check acl allowance", err)
|
||||||
|
return operations.NewPutContainerEACLBadRequest().WithPayload(resp)
|
||||||
|
}
|
||||||
|
|
||||||
st, err := formSessionTokenFromHeaders(principal, params.XBearerSignature, params.XBearerSignatureKey, sessionv2.ContainerVerbSetEACL)
|
st, err := formSessionTokenFromHeaders(principal, params.XBearerSignature, params.XBearerSignatureKey, sessionv2.ContainerVerbSetEACL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
resp := a.logAndGetErrorResponse("invalid session token headers", err)
|
resp := a.logAndGetErrorResponse("invalid session token headers", err)
|
||||||
|
@ -220,11 +225,28 @@ func (a *API) DeleteContainer(params operations.DeleteContainerParams, principal
|
||||||
WithAccessControlAllowOrigin("*")
|
WithAccessControlAllowOrigin("*")
|
||||||
}
|
}
|
||||||
|
|
||||||
func getContainerInfo(ctx context.Context, p *pool.Pool, cnrID cid.ID) (*models.ContainerInfo, error) {
|
func checkContainerExtendable(ctx context.Context, p *pool.Pool, cnrID cid.ID) error {
|
||||||
|
cnr, err := getContainer(ctx, p, cnrID)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("get container: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !cnr.BasicACL().Extendable() {
|
||||||
|
return fmt.Errorf("container acl isn't extendable")
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func getContainer(ctx context.Context, p *pool.Pool, cnrID cid.ID) (container.Container, error) {
|
||||||
var prm pool.PrmContainerGet
|
var prm pool.PrmContainerGet
|
||||||
prm.SetContainerID(cnrID)
|
prm.SetContainerID(cnrID)
|
||||||
|
|
||||||
cnr, err := p.GetContainer(ctx, prm)
|
return p.GetContainer(ctx, prm)
|
||||||
|
}
|
||||||
|
|
||||||
|
func getContainerInfo(ctx context.Context, p *pool.Pool, cnrID cid.ID) (*models.ContainerInfo, error) {
|
||||||
|
cnr, err := getContainer(ctx, p, cnrID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue