realloc/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Releases Packages Activity

[#106] Process bearer token in ACL service

Browse source 
If bearer token is presented in the request then check
if it is a valid one and then use it to process extended
ACL checks.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
Alex Vanin 2020-10-21 16:11:18 +03:00 committed by Alex Vanin
parent 094248690b
commit 89cd2ad463
4 changed files with 107 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

23
pkg/services/object/acl/eacl/validator.go
View file

@ -55,14 +55,23 @@ func NewValidator(opts ...Option) *Validator {
//
// If no matching table entry is found, ActionAllow is returned.
func (v *Validator) CalculateAction(unit *ValidationUnit) eacl.Action {
// get eACL table by container ID
table, err := v.storage.GetEACL(unit.cid)
if err != nil {
v.logger.Error("could not get eACL table",
zap.String("error", err.Error()),
)
var (
err error
table *eacl.Table
)
return eacl.ActionUnknown
if unit.bearer != nil {
table = eacl.NewTableFromV2(unit.bearer.GetBody().GetEACL())
} else {
// get eACL table by container ID
table, err = v.storage.GetEACL(unit.cid)
if err != nil {
v.logger.Error("could not get eACL table",
zap.String("error", err.Error()),
)
return eacl.ActionUnknown
}
}
return tableAction(unit, table)