realloc/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Releases Packages Activity

[#1191] object/acl: check session token verb

Browse source 
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
This commit is contained in:
Evgenii Stratonikov 2022-02-28 15:35:10 +03:00 committed by Alex Vanin
parent 5e90d85020
commit 0bf59522f7
4 changed files with 68 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

5
pkg/services/object/acl/v2/service.go
View file

@ -425,7 +425,10 @@ func (b Service) findRequestInfo(
}
// find verb from token if it is present
verb := sourceVerbOfRequest(req, op)
verb, isUnknown := sourceVerbOfRequest(req.token, op)
if !isUnknown && verb != op && !isVerbCompatible(verb, op) {
return info, ErrInvalidVerb
}
info.basicACL = cnr.BasicACL()
info.requestRole = res.role