wildcard prefix to restrict access to directories in s3 bucket

https://github.com/chrislusf/seaweedfs/discussions/2551
author: chrislu <chris.lu@gmail.com> 2022-01-03 15:39:36 -0800
committer: chrislu <chris.lu@gmail.com> 2022-01-03 15:39:36 -0800
commit: a7887166cfad779b693731dbf4fc1d678a2c81d0 (patch)
tree: 2fdee8c395e55e3ec3df7bf5727f5a00664e2dc9 /weed/s3api/chunked_reader_v4.go
parent: 5799a20f7149e8fe8e74ce0a03f138df297e0b9c (diff)
download: seaweedfs-a7887166cfad779b693731dbf4fc1d678a2c81d0.tar.xz
seaweedfs-a7887166cfad779b693731dbf4fc1d678a2c81d0.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/weed/s3api/chunked_reader_v4.go b/weed/s3api/chunked_reader_v4.go
index 5dd0648c6..e683faf22 100644
--- a/weed/s3api/chunked_reader_v4.go
+++ b/weed/s3api/chunked_reader_v4.go
@@ -25,6 +25,7 @@ import (
 	"encoding/hex"
 	"errors"
 	xhttp "github.com/chrislusf/seaweedfs/weed/s3api/http"
+	"github.com/chrislusf/seaweedfs/weed/s3api/s3_constants"
 	"github.com/chrislusf/seaweedfs/weed/s3api/s3err"
 	"hash"
 	"io"
@@ -91,8 +92,8 @@ func (iam *IdentityAccessManagement) calculateSeedSignature(r *http.Request) (cr
 		return nil, "", "", time.Time{}, s3err.ErrInvalidAccessKeyID
 	}
 
-	bucket, _ := xhttp.GetBucketAndObject(r)
-	if !identity.canDo("Write", bucket) {
+	bucket, object := xhttp.GetBucketAndObject(r)
+	if !identity.canDo(s3_constants.ACTION_WRITE, bucket, object) {
 		errCode = s3err.ErrAccessDenied
 		return
 	}
author	chrislu <chris.lu@gmail.com>	2022-01-03 15:39:36 -0800
committer	chrislu <chris.lu@gmail.com>	2022-01-03 15:39:36 -0800
commit	a7887166cfad779b693731dbf4fc1d678a2c81d0 (patch)
tree	2fdee8c395e55e3ec3df7bf5727f5a00664e2dc9 /weed/s3api/chunked_reader_v4.go
parent	5799a20f7149e8fe8e74ce0a03f138df297e0b9c (diff)
download	seaweedfs-a7887166cfad779b693731dbf4fc1d678a2c81d0.tar.xz seaweedfs-a7887166cfad779b693731dbf4fc1d678a2c81d0.zip