realloc/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Releases Packages Activity

[#180] Make separate basic ACL check for inner ring requests

Browse source 
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
Alex Vanin 2020-11-18 10:46:26 +03:00 committed by Alex Vanin
parent badfd1b6e5
commit 6f841e319d
2 changed files with 19 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
pkg/services/object/acl/acl.go
View file

@ -53,6 +53,7 @@ type (
requestInfo struct {
basicACL basicACLHelper
requestRole acl.Role
isInnerRing bool
operation acl.Operation // put, get, head, etc.
owner *owner.ID // container owner
@ -491,6 +492,9 @@ func basicACLCheck(info requestInfo) bool {
checkFn = info.basicACL.UserAllowed
case acl.RoleSystem:
checkFn = info.basicACL.SystemAllowed
if info.isInnerRing {
checkFn = info.basicACL.InnerRingAllowed
}
case acl.RoleOthers:
checkFn = info.basicACL.OthersAllowed
default: