object/acl: check session token verb

[fyrchik]

Close #1191 .
Signed-off-by: Evgenii Stratonikov [email protected]

[codecov]

Codecov Report

Merging #1203 (423e219) into master (03b601b) will increase coverage by 0.03%.
The diff coverage is 52.38%.

@@            Coverage Diff             @@
##           master    #1203      +/-   ##
==========================================
+ Coverage   35.64%   35.68%   +0.03%     
==========================================
  Files         288      288              
  Lines       18131    18144      +13     
==========================================
+ Hits         6463     6474      +11     
- Misses      11177    11179       +2     
  Partials      491      491              

Impacted Files	Coverage Δ
pkg/services/object/acl/v2/errors.go	0.00% <ø> (ø)
pkg/services/object/acl/v2/service.go	0.00% <0.00%> (ø)
pkg/services/object/acl/v2/util.go	16.23% <61.11%> (+8.69%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 03b601b...423e219. Read the comment docs.

[alexvanin]

Unfortunately, we can't simply compare op and value from token. One request type can produce requests of other type. During the tests, I logged such errors:

token: DELETE  op: PUT
token: DELETE  op: HEAD
token: GETRANGEHASH  op: GETRANGE

We also have this table in spec of produced request types.

Base/Gen	PUT	DELETE	HEAD	RANGE	GET	HASH	SEARCH
PUT	+	-	-	-	-	-	-
DELETE	+	-	+	-	-	-	+
HEAD	-	-	+	-	-	-	-
RANGE	-	-	+	+	-	-	-
GET	-	-	+	-	+	-	-
HASH	-	-	+	+	-	-	-
SEARCH	-	-	-	-	-	-	+

[fyrchik]

Fixed.

[alexvanin]

Also, can you fix API spec and mention such behavior there?