Merge pull request #2584 from kmlebedev/fix_s3_admin_target

author: Chris Lu <chrislusf@users.noreply.github.com> 2022-01-12 03:09:43 -0800
committer: GitHub <noreply@github.com> 2022-01-12 03:09:43 -0800
commit: ea8e4ec278325841728e4f152f9a0b67e58a55c3 (patch)
tree: 06990bc778b52b6dd5dcb8c10ff9af32fbab5a1a /weed/s3api/auth_credentials.go
parent: adfd54e7c4e183ccffb90a3355d9ede898d0eb06 (diff)
parent: edb753ab4d3c49287cfb1ec0f0650aad23977b1c (diff)
download: seaweedfs-ea8e4ec278325841728e4f152f9a0b67e58a55c3.tar.xz
seaweedfs-ea8e4ec278325841728e4f152f9a0b67e58a55c3.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/weed/s3api/auth_credentials.go b/weed/s3api/auth_credentials.go
index 5b5075d78..6a7d83919 100644
--- a/weed/s3api/auth_credentials.go
+++ b/weed/s3api/auth_credentials.go
@@ -320,6 +320,7 @@ func (identity *Identity) canDo(action Action, bucket string, objectKey string)
 		return false
 	}
 	target := string(action) + ":" + bucket + objectKey
+	adminTarget := s3_constants.ACTION_ADMIN + ":" + bucket + objectKey
 	limitedByBucket := string(action) + ":" + bucket
 	adminLimitedByBucket := s3_constants.ACTION_ADMIN + ":" + bucket
 	for _, a := range identity.Actions {
@@ -328,6 +329,9 @@ func (identity *Identity) canDo(action Action, bucket string, objectKey string)
 			if strings.HasPrefix(target, act[:len(act)-1]) {
 				return true
 			}
+			if strings.HasPrefix(adminTarget, act[:len(act)-1]) {
+				return true
+			}
 		} else {
 			if act == limitedByBucket {
 				return true
author	Chris Lu <chrislusf@users.noreply.github.com>	2022-01-12 03:09:43 -0800
committer	GitHub <noreply@github.com>	2022-01-12 03:09:43 -0800
commit	ea8e4ec278325841728e4f152f9a0b67e58a55c3 (patch)
tree	06990bc778b52b6dd5dcb8c10ff9af32fbab5a1a /weed/s3api/auth_credentials.go
parent	adfd54e7c4e183ccffb90a3355d9ede898d0eb06 (diff)
parent	edb753ab4d3c49287cfb1ec0f0650aad23977b1c (diff)
download	seaweedfs-ea8e4ec278325841728e4f152f9a0b67e58a55c3.tar.xz seaweedfs-ea8e4ec278325841728e4f152f9a0b67e58a55c3.zip