diff options
| author | Chris Lu <chris.lu@gmail.com> | 2020-11-12 13:57:54 -0800 |
|---|---|---|
| committer | Chris Lu <chris.lu@gmail.com> | 2020-11-12 13:57:54 -0800 |
| commit | e6333da65ad6774d8c945bc29f686386e0515385 (patch) | |
| tree | 76c679e541e5721fbce38336090966998d80d647 /weed/s3api/auth_credentials.go | |
| parent | 70944924286b85081414e9ce9ee01197c6239209 (diff) | |
| download | seaweedfs-e6333da65ad6774d8c945bc29f686386e0515385.tar.xz seaweedfs-e6333da65ad6774d8c945bc29f686386e0515385.zip | |
enable admin to access all buckets
Diffstat (limited to 'weed/s3api/auth_credentials.go')
| -rw-r--r-- | weed/s3api/auth_credentials.go | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/weed/s3api/auth_credentials.go b/weed/s3api/auth_credentials.go index 02138af8d..c5dae782d 100644 --- a/weed/s3api/auth_credentials.go +++ b/weed/s3api/auth_credentials.go @@ -132,6 +132,9 @@ func (iam *IdentityAccessManagement) Auth(f http.HandlerFunc, action Action) htt if errCode == s3err.ErrNone { if identity != nil && identity.Name != "" { r.Header.Set(xhttp.AmzIdentityId, identity.Name) + if identity.isAdmin() { + r.Header.Set(xhttp.AmzIsAdmin, "true") + } } f(w, r) return @@ -190,10 +193,8 @@ func (iam *IdentityAccessManagement) authRequest(r *http.Request, action Action) } func (identity *Identity) canDo(action Action, bucket string) bool { - for _, a := range identity.Actions { - if a == "Admin" { - return true - } + if identity.isAdmin() { + return true } for _, a := range identity.Actions { if a == action { @@ -211,3 +212,12 @@ func (identity *Identity) canDo(action Action, bucket string) bool { } return false } + +func (identity *Identity) isAdmin() bool { + for _, a := range identity.Actions { + if a == "Admin" { + return true + } + } + return false +} |