[iam] Replace action read/write to readAcp/writeAcp for handlers with acl (#4858)

Replace action read/write to readAcp/writeAcp for handlers with acl query https://github.com/seaweedfs/seaweedfs/issues/4519 Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co>
author: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.com> 2023-09-22 02:07:04 +0500
committer: GitHub <noreply@github.com> 2023-09-21 14:07:04 -0700
commit: 750a0ba1b2677c9b9bc9f0a1073a72a923e9a5f3 (patch)
tree: 8ff63a201d6be6ee8d570f7c4c9b0dc2a9dab120 /weed/s3api/auth_credentials_test.go
parent: 8b2c39f2c06be2ec5c5b3ca93a87f134e46de219 (diff)
download: seaweedfs-750a0ba1b2677c9b9bc9f0a1073a72a923e9a5f3.tar.xz
seaweedfs-750a0ba1b2677c9b9bc9f0a1073a72a923e9a5f3.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/weed/s3api/auth_credentials_test.go b/weed/s3api/auth_credentials_test.go
index 645932aba..0bbcce706 100644
--- a/weed/s3api/auth_credentials_test.go
+++ b/weed/s3api/auth_credentials_test.go
@@ -89,10 +89,13 @@ func TestCanDo(t *testing.T) {
 		Actions: []Action{
 			"Read:bucket1",
 			"Write:bucket1/*",
+			"WriteAcp:bucket1",
 		},
 	}
 	assert.Equal(t, true, ident2.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt"))
 	assert.Equal(t, true, ident2.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt"))
+	assert.Equal(t, true, ident2.canDo(ACTION_WRITE_ACP, "bucket1", ""))
+	assert.Equal(t, false, ident2.canDo(ACTION_READ_ACP, "bucket1", ""))
 	assert.Equal(t, false, ident2.canDo(ACTION_LIST, "bucket1", "/a/b/c/d.txt"))
 
 	// across buckets
@@ -106,15 +109,18 @@ func TestCanDo(t *testing.T) {
 	assert.Equal(t, true, ident3.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt"))
 	assert.Equal(t, true, ident3.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt"))
 	assert.Equal(t, false, ident3.canDo(ACTION_LIST, "bucket1", "/a/b/other/some"))
+	assert.Equal(t, false, ident3.canDo(ACTION_WRITE_ACP, "bucket1", ""))
 
 	// partial buckets
 	ident4 := &Identity{
 		Name: "anything",
 		Actions: []Action{
 			"Read:special_*",
+			"ReadAcp:special_*",
 		},
 	}
 	assert.Equal(t, true, ident4.canDo(ACTION_READ, "special_bucket", "/a/b/c/d.txt"))
+	assert.Equal(t, true, ident4.canDo(ACTION_READ_ACP, "special_bucket", ""))
 	assert.Equal(t, false, ident4.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt"))
 
 	// admin buckets
@@ -125,7 +131,9 @@ func TestCanDo(t *testing.T) {
 		},
 	}
 	assert.Equal(t, true, ident5.canDo(ACTION_READ, "special_bucket", "/a/b/c/d.txt"))
+	assert.Equal(t, true, ident5.canDo(ACTION_READ_ACP, "special_bucket", ""))
 	assert.Equal(t, true, ident5.canDo(ACTION_WRITE, "special_bucket", "/a/b/c/d.txt"))
+	assert.Equal(t, true, ident5.canDo(ACTION_WRITE_ACP, "special_bucket", ""))
 
 	// anonymous buckets
 	ident6 := &Identity{
author	Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.com>	2023-09-22 02:07:04 +0500
committer	GitHub <noreply@github.com>	2023-09-21 14:07:04 -0700
commit	750a0ba1b2677c9b9bc9f0a1073a72a923e9a5f3 (patch)
tree	8ff63a201d6be6ee8d570f7c4c9b0dc2a9dab120 /weed/s3api/auth_credentials_test.go
parent	8b2c39f2c06be2ec5c5b3ca93a87f134e46de219 (diff)
download	seaweedfs-750a0ba1b2677c9b9bc9f0a1073a72a923e9a5f3.tar.xz seaweedfs-750a0ba1b2677c9b9bc9f0a1073a72a923e9a5f3.zip