diff options
| author | Chris Lu <chrislusf@users.noreply.github.com> | 2025-11-13 16:10:46 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-11-13 16:10:46 -0800 |
| commit | 4e73cc778c2624aac4a5a509ca153974a8da3a94 (patch) | |
| tree | 5e3a6a2c73df8321fe7852e4e200913f05f11612 /weed/s3api/auth_credentials.go | |
| parent | 5b9a5263100696c0b597cbac32eec5c9e8c3b5cf (diff) | |
| download | seaweedfs-4e73cc778c2624aac4a5a509ca153974a8da3a94.tar.xz seaweedfs-4e73cc778c2624aac4a5a509ca153974a8da3a94.zip | |
S3: add context aware action resolution (#7479)
* add context aware action resolution
* isAnonymous
* add s3 action resolver
* refactor
* correct action name
* no need for action copy object
* Simplify by removing the method-action mismatch path
* use PUT instead of DELETE action
* refactor
* constants
* versionId vs versions
* address comments
* comment
* adjust messages
* ResolveS3Action
* address comments
* refactor
* simplify
* more checks
* not needed
* simplify
Diffstat (limited to 'weed/s3api/auth_credentials.go')
| -rw-r--r-- | weed/s3api/auth_credentials.go | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/weed/s3api/auth_credentials.go b/weed/s3api/auth_credentials.go index 85002377b..54293e95a 100644 --- a/weed/s3api/auth_credentials.go +++ b/weed/s3api/auth_credentials.go @@ -513,7 +513,8 @@ func (iam *IdentityAccessManagement) authRequest(r *http.Request, action Action) // - No policy or indeterminate → fall through to IAM checks if iam.policyEngine != nil && bucket != "" { principal := buildPrincipalARN(identity) - allowed, evaluated, err := iam.policyEngine.EvaluatePolicy(bucket, object, string(action), principal) + // Use context-aware policy evaluation to get the correct S3 action + allowed, evaluated, err := iam.policyEngine.EvaluatePolicyWithContext(bucket, object, string(action), principal, r) if err != nil { // SECURITY: Fail-close on policy evaluation errors |