diff options
| author | Chris Lu <chrislusf@users.noreply.github.com> | 2021-04-27 10:37:18 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-27 10:37:18 -0700 |
| commit | 4bdb17d0865d7d47f4598f953f1c6f7f988e0f7a (patch) | |
| tree | e99fc1b8148e80878eb2d6234fc734a70f8ed730 | |
| parent | 5861ba46087bc65433c50acaf9b7dc07862868be (diff) | |
| parent | a48785c7df2914f432a75f2e27b33d0701edec49 (diff) | |
| download | seaweedfs-4bdb17d0865d7d47f4598f953f1c6f7f988e0f7a.tar.xz seaweedfs-4bdb17d0865d7d47f4598f953f1c6f7f988e0f7a.zip | |
Merge pull request #2030 from kmlebedev/auth_bucket_wildcards
auth use bucket wild cards
| -rw-r--r-- | weed/s3api/auth_credentials.go | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/weed/s3api/auth_credentials.go b/weed/s3api/auth_credentials.go index b8af6381a..d9d26756f 100644 --- a/weed/s3api/auth_credentials.go +++ b/weed/s3api/auth_credentials.go @@ -3,14 +3,14 @@ package s3api import ( "fmt" "github.com/chrislusf/seaweedfs/weed/filer" - "github.com/chrislusf/seaweedfs/weed/s3api/s3_constants" - "io/ioutil" - "net/http" - "github.com/chrislusf/seaweedfs/weed/glog" "github.com/chrislusf/seaweedfs/weed/pb/iam_pb" xhttp "github.com/chrislusf/seaweedfs/weed/s3api/http" + "github.com/chrislusf/seaweedfs/weed/s3api/s3_constants" "github.com/chrislusf/seaweedfs/weed/s3api/s3err" + "io/ioutil" + "net/http" + "strings" ) type Action string @@ -255,11 +255,21 @@ func (identity *Identity) canDo(action Action, bucket string) bool { limitedByBucket := string(action) + ":" + bucket adminLimitedByBucket := s3_constants.ACTION_ADMIN + ":" + bucket for _, a := range identity.Actions { - if string(a) == limitedByBucket { - return true - } - if string(a) == adminLimitedByBucket { - return true + act := string(a) + if strings.HasSuffix(act, "*") { + if strings.HasPrefix(limitedByBucket, act[:len(act)-1]) { + return true + } + if strings.HasPrefix(adminLimitedByBucket, act[:len(act)-1]) { + return true + } + } else { + if act == limitedByBucket { + return true + } + if act == adminLimitedByBucket { + return true + } } } return false |