[#505] Handle access denied from tree service

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-09-13 13:35:30 +03:00 · 2022-09-13 13:35:30 +03:00 · 3d08562843
commit 3d08562843
parent 80beedf13e
5 changed files with 79 additions and 44 deletions
--- a/api/handler/util.go
+++ b/api/handler/util.go
@ -2,6 +2,7 @@ package handler

 import (
 	"context"
+	errorsStd "errors"
 	"net/http"
 	"strconv"
 	"strings"
@ -23,7 +24,20 @@ func (h *handler) logAndSendError(w http.ResponseWriter, logText string, reqInfo
 	fields = append(fields, additional...)

 	h.log.Error(logText, fields...)
-	api.WriteErrorResponse(w, reqInfo, err)
+	api.WriteErrorResponse(w, reqInfo, transformToS3Error(err))
+}
+
+func transformToS3Error(err error) error {
+	if _, ok := err.(errors.Error); ok {
+		return err
+	}
+
+	if errorsStd.Is(err, layer.ErrAccessDenied) ||
+		errorsStd.Is(err, layer.ErrNodeAccessDenied) {
+		return errors.GetAPIError(errors.ErrAccessDenied)
+	}
+
+	return errors.GetAPIError(errors.ErrInternalError)
 }

 func (h *handler) getBucketAndCheckOwner(r *http.Request, bucket string, header ...string) (*data.BucketInfo, error) {