satellite/metainfo: return permission denied when limits are 0

Change-Id: I1e87124d33526dca30ca6b972c4126584017de8b

satellite/console/accountfreezes_test.go

@@ -579,12 +579,12 @@ func TestFreezeEffects(t *testing.T) {
 			// Should not be able to list.
 			_, err := uplink1.ListObjects(ctx, sat, bucketName)
 			require.Error(testT, err)
-			require.ErrorIs(testT, err, uplink.ErrTooManyRequests)
+			require.ErrorIs(testT, err, uplink.ErrPermissionDenied)
 
 			// Should not be able to delete.
 			err = uplink1.DeleteObject(ctx, sat, bucketName, path)
 			require.Error(testT, err)
-			require.ErrorIs(testT, err, uplink.ErrTooManyRequests)
+			require.ErrorIs(testT, err, uplink.ErrPermissionDenied)
 		}
 
 		t.Run("BillingFreeze effect on project owner", func(t *testing.T) {

satellite/metainfo/validation.go

@@ -230,6 +230,9 @@ func (endpoint *Endpoint) checkRate(ctx context.Context, apiKeyInfo *console.API
 	}
 
 	if !limiter.Allow() {
+		if limiter.Burst() == 0 && limiter.Limit() == 0 {
+			return rpcstatus.Error(rpcstatus.PermissionDenied, "All access disabled")
+		}
 		endpoint.log.Warn("too many requests for project",
 			zap.Stringer("Project ID", apiKeyInfo.ProjectID),
 			zap.Float64("rate limit", float64(limiter.Limit())),