realloc/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Releases Packages Activity

[#247] object/eacl: Use object ID from session token context

Browse source 
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2020-12-14 16:50:45 +03:00 committed by Leonard Lyubich
parent 168dcbdccd
commit 8654458b19
2 changed files with 65 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

45
pkg/services/object/acl/acl.go
View file

@ -143,9 +143,11 @@ func (b Service) Get(request *object.GetRequest, stream objectSvc.GetObjectStrea
return err
}
sTok := request.GetMetaHeader().GetSessionToken()
req := metaWithToken{
vheader: request.GetVerificationHeader(),
token: request.GetMetaHeader().GetSessionToken(),
token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(),
}
@ -155,6 +157,7 @@ func (b Service) Get(request *object.GetRequest, stream objectSvc.GetObjectStrea
}
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
useObjectIDFromSession(&reqInfo, sTok)
if !basicACLCheck(reqInfo) {
return basicACLErr(reqInfo)
@ -188,9 +191,11 @@ func (b Service) Head(
return nil, err
}
sTok := request.GetMetaHeader().GetSessionToken()
req := metaWithToken{
vheader: request.GetVerificationHeader(),
token: request.GetMetaHeader().GetSessionToken(),
token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(),
}
@ -200,6 +205,7 @@ func (b Service) Head(
}
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
useObjectIDFromSession(&reqInfo, sTok)
if !basicACLCheck(reqInfo) {
return nil, basicACLErr(reqInfo)
@ -260,9 +266,11 @@ func (b Service) Delete(
return nil, err
}
sTok := request.GetMetaHeader().GetSessionToken()
req := metaWithToken{
vheader: request.GetVerificationHeader(),
token: request.GetMetaHeader().GetSessionToken(),
token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(),
}
@ -272,6 +280,7 @@ func (b Service) Delete(
}
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
useObjectIDFromSession(&reqInfo, sTok)
if !basicACLCheck(reqInfo) {
return nil, basicACLErr(reqInfo)
@ -288,9 +297,11 @@ func (b Service) GetRange(request *object.GetRangeRequest, stream objectSvc.GetO
return err
}
sTok := request.GetMetaHeader().GetSessionToken()
req := metaWithToken{
vheader: request.GetVerificationHeader(),
token: request.GetMetaHeader().GetSessionToken(),
token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(),
}
@ -300,6 +311,7 @@ func (b Service) GetRange(request *object.GetRangeRequest, stream objectSvc.GetO
}
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
useObjectIDFromSession(&reqInfo, sTok)
if !basicACLCheck(reqInfo) {
return basicACLErr(reqInfo)
@ -323,9 +335,11 @@ func (b Service) GetRangeHash(
return nil, err
}
sTok := request.GetMetaHeader().GetSessionToken()
req := metaWithToken{
vheader: request.GetVerificationHeader(),
token: request.GetMetaHeader().GetSessionToken(),
token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(),
}
@ -335,6 +349,7 @@ func (b Service) GetRangeHash(
}
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
useObjectIDFromSession(&reqInfo, sTok)
if !basicACLCheck(reqInfo) {
return nil, basicACLErr(reqInfo)
@ -363,9 +378,11 @@ func (p putStreamBasicChecker) Send(request *object.PutRequest) error {
return err
}
sTok := part.GetHeader().GetSessionToken()
req := metaWithToken{
vheader: request.GetVerificationHeader(),
token: part.GetHeader().GetSessionToken(),
token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(),
}
@ -375,6 +392,7 @@ func (p putStreamBasicChecker) Send(request *object.PutRequest) error {
}
reqInfo.oid = getObjectIDFromRequestBody(part)
useObjectIDFromSession(&reqInfo, sTok)
if !basicACLCheck(reqInfo) || !stickyBitCheck(reqInfo, ownerID) {
return basicACLErr(reqInfo)
@ -484,6 +502,21 @@ func getContainerIDFromRequest(req interface{}) (id *container.ID, err error) {
}
}
func useObjectIDFromSession(req *requestInfo, token *session.SessionToken) {
if token == nil {
return
}
objCtx, ok := token.GetBody().GetContext().(*session.ObjectSessionContext)
if !ok {
return
}
req.oid = objectSDK.NewIDFromV2(
objCtx.GetAddress().GetObjectID(),
)
}
func getObjectIDFromRequestBody(body interface{}) *objectSDK.ID {
switch v := body.(type) {
default: