fix: fix verify permission bug

go.mod

@@ -4,9 +4,7 @@ go 1.18
 
 replace (
 	cosmossdk.io/math => github.com/bnb-chain/greenfield-cosmos-sdk/math v0.0.0-20230228075616-68ac309b432c
-	// TODO: upgrade github.com/bnb-chain/greenfield and github.com/bnb-chain/greenfield, github.com/cosmos/cosmos-sdk to official release
-	github.com/bnb-chain/greenfield => github.com/bnb-chain/greenfield v0.0.0-20230317064252-2f6792df78ab
-
+	github.com/bnb-chain/greenfield => github.com/bnb-chain/greenfield v0.0.9
 	github.com/confio/ics23/go => github.com/cosmos/cosmos-sdk/ics23/go v0.8.0
 	github.com/cosmos/cosmos-sdk => github.com/bnb-chain/greenfield-cosmos-sdk v0.0.2-0.20230316090342-debd6c0c82a7
 	github.com/forbole/juno/v4 => github.com/bnb-chain/juno/v4 v4.0.0-20230315120403-3093b5ed5267
@@ -23,6 +21,7 @@ require (
 	github.com/bytedance/gopkg v0.0.0-20221122125632-68358b8ecec6
 	github.com/cloudflare/cfssl v1.6.3
 	github.com/cosmos/cosmos-sdk v0.46.7
+	github.com/cosmos/gogoproto v1.4.6
 	github.com/ethereum/go-ethereum v1.10.19
 	github.com/forbole/juno/v4 v4.0.0-00010101000000-000000000000
 	github.com/gin-gonic/gin v1.8.2
@@ -69,7 +68,6 @@ require (
 	github.com/cosmos/btcutil v1.0.5 // indirect
 	github.com/cosmos/cosmos-proto v1.0.0-beta.1 // indirect
 	github.com/cosmos/go-bip39 v1.0.0 // indirect
-	github.com/cosmos/gogoproto v1.4.6 // indirect
 	github.com/cosmos/gorocksdb v1.2.0 // indirect
 	github.com/cosmos/iavl v0.19.4 // indirect
 	github.com/cosmos/ibc-go/v5 v5.2.0 // indirect

go.sum

@@ -206,8 +206,8 @@ github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAw
 github.com/bmizerany/pat v0.0.0-20170815010413-6226ea591a40/go.mod h1:8rLXio+WjiTceGBHIoTvn60HIbs7Hm7bcHjyrSqYB9c=
 github.com/bnb-chain/gnfd-tendermint v0.0.2 h1:2Oy7B5A7W/55teZNhlrFR9SamYNjCXAQNjwsbt534jM=
 github.com/bnb-chain/gnfd-tendermint v0.0.2/go.mod h1:/v9z9F6cq0+f7EGG92lYSLBcPYQDILoK91X8YM28hWo=
-github.com/bnb-chain/greenfield v0.0.0-20230317064252-2f6792df78ab h1:YBXDiYS195VY2lEzp278XPkoVh5Zl7OIQMJR8Ts+CwY=
-github.com/bnb-chain/greenfield v0.0.0-20230317064252-2f6792df78ab/go.mod h1:JmVWL7A6Lh8wHXDVzC6A5KLmpfROgPGAfCaLZVTLJ3o=
+github.com/bnb-chain/greenfield v0.0.9 h1:nU3TgGloyysyyrbW/t9X2gdEvllxfIBudhuOdZTljV4=
+github.com/bnb-chain/greenfield v0.0.9/go.mod h1:uH3iyy7RfTaO+qM34AF1XN4CrCPcoUSTJs3zvaIWIf4=
 github.com/bnb-chain/greenfield-common/go v0.0.0-20230310033112-2d379fdc2987 h1:+SOlI4dfp5y/2srTBdAEOujoJboMx+m22zvj5xuBLgU=
 github.com/bnb-chain/greenfield-common/go v0.0.0-20230310033112-2d379fdc2987/go.mod h1:Nzpqn+BK8P1Ub3Tgn300bHmWMUk9R6cBwvmasVY25J8=
 github.com/bnb-chain/greenfield-cosmos-sdk v0.0.2-0.20230316090342-debd6c0c82a7 h1:CRZHHzInXLUvulik180alYKa2omtu+rCwk2q+J2h02w=

pkg/greenfield/query_service.go

@@ -154,6 +154,7 @@ func (greenfield *Greenfield) VerifyGetObjectPermission(ctx context.Context, acc
 		Operator:   account,
 		BucketName: bucket,
 		ObjectName: object,
+		ActionType: permissiontypes.ACTION_GET_OBJECT,
 	})
 	if err != nil {
 		log.Errorw("failed to verify get object permission", "account", account, "error", err)
@@ -164,3 +165,22 @@ func (greenfield *Greenfield) VerifyGetObjectPermission(ctx context.Context, acc
 	}
 	return false, err
 }
+
+// VerifyPutObjectPermission verify put object permission.
+func (greenfield *Greenfield) VerifyPutObjectPermission(ctx context.Context, account, bucket, object string) (bool, error) {
+	client := greenfield.getCurrentClient().GnfdCompositeClient()
+	resp, err := client.VerifyPermission(ctx, &storagetypes.QueryVerifyPermissionRequest{
+		Operator:   account,
+		BucketName: bucket,
+		ObjectName: object,
+		ActionType: permissiontypes.ACTION_CREATE_OBJECT,
+	})
+	if err != nil {
+		log.Errorw("failed to verify put object permission", "account", account, "error", err)
+		return false, err
+	}
+	if resp.GetEffect() == permissiontypes.EFFECT_ALLOW {
+		return true, err
+	}
+	return false, err
+}

service/gateway/request_util.go

@@ -259,10 +259,10 @@ func (g *Gateway) checkAuthorization(reqContext *requestContext, addr sdk.AccAdd
 				"object_status", reqContext.objectInfo.GetObjectStatus())
 			return errors.ErrCheckObjectCreated
 		}
-		if reqContext.objectInfo.GetOwner() != addr.String() {
-			log.Errorw("failed to auth due to account is not equal to object owner",
-				"object_owner", reqContext.objectInfo.GetOwner(),
-				"request_address", addr.String())
+		if isAllow, err := g.chain.VerifyPutObjectPermission(context.Background(), addr.String(),
+			reqContext.bucketName, reqContext.objectName); !isAllow || err != nil {
+			log.Errorw("failed to auth due to verify permission",
+				"is_allow", isAllow, "error", err)
 			return errors.ErrNoPermission
 		}
 		if reqContext.bucketInfo.GetPrimarySpAddress() != g.config.SpOperatorAddress {