Open cthulhu-rider opened 2 years ago
cthulhu-rider
commented
2 years ago Discussed with @realloc @fyrchik @carpawell
2nd looks attractive. We need to make object list in object session context repeated (backward compatible change). We also need to provide iteration over object split-chain similar to the assembly of an object.
With this approach we will tighten authorization and access control of generated requests.
Cc: @anatoly-bogatyrev @alexvanin
alexvanin
commented
2 years ago From the service side, the cost of 2nd option is to have one/two extra requests. Is it possible to take advantage of https://github.com/nspcc-dev/neofs-api/issues/220 in trusted environment and avoid setting object.IDs?
To issue session token we need to find all children, if they exist. Probably the fastest way is to find linking object and get info from there. It will be nice to have search filter to that.
Another option is to get SplitInfoError. In this case, if I remember correctly, app should send object.Head request to the container node. Don't think that it is a good idea to work with placements and network map manually.
roman-khimov
commented
9 months ago Related to #2667.
roman-khimov
commented
3 weeks ago I think this is solved now. @cthulhu-rider?
In current implementation ACL service uses object ID from session token context for access control. As I remember, this was done in order to grant access to parties which assemble the object (request generation). However, storage node does not check the relationship between the object from the token and the explicitly requested object. This gives rise to potential access control violations in the system when a token issued to another object is used to obtain an object.
I propose to discuss possible approaches to fix this problem. Here are some solutions from my mind: