NSFS | NC | Add condition in authorize_request_policy

Signed-off-by: shirady <[email protected]>

src/cmd/nsfs.js

@@ -206,6 +206,7 @@ class NsfsObjectSDK extends ObjectSDK {
             },
             system_owner: new SensitiveString('nsfs'),
             bucket_owner: new SensitiveString('nsfs'),
+            owner_account: new SensitiveString('nsfs-id'), // temp
         };
     }
 }

src/endpoint/s3/s3_rest.js

@@ -214,7 +214,7 @@ async function authorize_request_policy(req) {
     if (!req.params.bucket) return;
     if (req.op_name === 'put_bucket') return;
 
-    const { s3_policy, system_owner, bucket_owner } = await req.object_sdk.read_bucket_sdk_policy_info(req.params.bucket);
+    const { s3_policy, system_owner, bucket_owner, owner_account } = await req.object_sdk.read_bucket_sdk_policy_info(req.params.bucket);
     const auth_token = req.object_sdk.get_auth_token();
     const arn_path = _get_arn_from_req_path(req);
     const method = _get_method_from_req(req);
@@ -234,6 +234,7 @@ async function authorize_request_policy(req) {
 
     const is_owner = (function() {
         if (account.bucket_claim_owner && account.bucket_claim_owner.unwrap() === req.params.bucket) return true;
+        if (req.object_sdk.nsfs_config_root && account._id === owner_account.id) return true; // NC NSFS case
         if (account_identifier === bucket_owner.unwrap()) return true;
         return false;
     }());

src/sdk/object_sdk.js

@@ -196,6 +196,7 @@ class ObjectSDK {
             s3_policy: bucket.s3_policy,
             system_owner: bucket.system_owner,
             bucket_owner: bucket.bucket_owner,
+            owner_account: bucket.owner_account, // in NC NSFS this is the account id that owns the bucket
         };
         return policy_info;
     }