diff options
| author | Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.com> | 2022-01-12 16:04:59 +0500 |
|---|---|---|
| committer | Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.com> | 2022-01-12 16:04:59 +0500 |
| commit | edb753ab4d3c49287cfb1ec0f0650aad23977b1c (patch) | |
| tree | 06990bc778b52b6dd5dcb8c10ff9af32fbab5a1a /weed/s3api/auth_credentials.go | |
| parent | adfd54e7c4e183ccffb90a3355d9ede898d0eb06 (diff) | |
| download | seaweedfs-edb753ab4d3c49287cfb1ec0f0650aad23977b1c.tar.xz seaweedfs-edb753ab4d3c49287cfb1ec0f0650aad23977b1c.zip | |
https://github.com/chrislusf/seaweedfs/issues/2583
Diffstat (limited to 'weed/s3api/auth_credentials.go')
| -rw-r--r-- | weed/s3api/auth_credentials.go | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/weed/s3api/auth_credentials.go b/weed/s3api/auth_credentials.go index 5b5075d78..6a7d83919 100644 --- a/weed/s3api/auth_credentials.go +++ b/weed/s3api/auth_credentials.go @@ -320,6 +320,7 @@ func (identity *Identity) canDo(action Action, bucket string, objectKey string) return false } target := string(action) + ":" + bucket + objectKey + adminTarget := s3_constants.ACTION_ADMIN + ":" + bucket + objectKey limitedByBucket := string(action) + ":" + bucket adminLimitedByBucket := s3_constants.ACTION_ADMIN + ":" + bucket for _, a := range identity.Actions { @@ -328,6 +329,9 @@ func (identity *Identity) canDo(action Action, bucket string, objectKey string) if strings.HasPrefix(target, act[:len(act)-1]) { return true } + if strings.HasPrefix(adminTarget, act[:len(act)-1]) { + return true + } } else { if act == limitedByBucket { return true |