From a9f2f89f61a0013b593410d27da339b5b8c06b3e Mon Sep 17 00:00:00 2001
From: shirady <57721533+shirady@users.noreply.github.com>
Date: Tue, 28 May 2024 14:40:22 +0300
Subject: [PATCH] NSFS | NC | Add condition in authorize_request_policy

Signed-off-by: shirady <57721533+shirady@users.noreply.github.com>
---
 src/cmd/nsfs.js            | 1 +
 src/endpoint/s3/s3_rest.js | 3 ++-
 src/sdk/object_sdk.js      | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/cmd/nsfs.js b/src/cmd/nsfs.js
index 94f049a1d4..cf112333b8 100644
--- a/src/cmd/nsfs.js
+++ b/src/cmd/nsfs.js
@@ -206,6 +206,7 @@ class NsfsObjectSDK extends ObjectSDK {
             },
             system_owner: new SensitiveString('nsfs'),
             bucket_owner: new SensitiveString('nsfs'),
+            owner_account: new SensitiveString('nsfs-id'), // temp
         };
     }
 }
diff --git a/src/endpoint/s3/s3_rest.js b/src/endpoint/s3/s3_rest.js
index 5f61a5d43e..dd61814f43 100755
--- a/src/endpoint/s3/s3_rest.js
+++ b/src/endpoint/s3/s3_rest.js
@@ -214,7 +214,7 @@ async function authorize_request_policy(req) {
     if (!req.params.bucket) return;
     if (req.op_name === 'put_bucket') return;
 
-    const { s3_policy, system_owner, bucket_owner } = await req.object_sdk.read_bucket_sdk_policy_info(req.params.bucket);
+    const { s3_policy, system_owner, bucket_owner, owner_account } = await req.object_sdk.read_bucket_sdk_policy_info(req.params.bucket);
     const auth_token = req.object_sdk.get_auth_token();
     const arn_path = _get_arn_from_req_path(req);
     const method = _get_method_from_req(req);
@@ -234,6 +234,7 @@ async function authorize_request_policy(req) {
 
     const is_owner = (function() {
         if (account.bucket_claim_owner && account.bucket_claim_owner.unwrap() === req.params.bucket) return true;
+        if (req.object_sdk.nsfs_config_root && account._id === owner_account.id) return true; // NC NSFS case
         if (account_identifier === bucket_owner.unwrap()) return true;
         return false;
     }());
diff --git a/src/sdk/object_sdk.js b/src/sdk/object_sdk.js
index c933abb43b..b07f68b991 100644
--- a/src/sdk/object_sdk.js
+++ b/src/sdk/object_sdk.js
@@ -196,6 +196,7 @@ class ObjectSDK {
             s3_policy: bucket.s3_policy,
             system_owner: bucket.system_owner,
             bucket_owner: bucket.bucket_owner,
+            owner_account: bucket.owner_account, // in NC NSFS this is the account id that owns the bucket
         };
         return policy_info;
     }