fixes

1 files changed, 9 insertions, 0 deletions

diff --git a/weed/s3api/s3api_object_retention.go b/weed/s3api/s3api_object_retention.go
index 10d2a6bba..d69a5f857 100644
--- a/weed/s3api/s3api_object_retention.go
+++ b/weed/s3api/s3api_object_retention.go
@@ -599,6 +599,15 @@ func (s3a *S3ApiServer) checkGovernanceBypassPermission(request *http.Request, b
 
 // checkObjectLockPermissions checks if an object can be deleted or modified
 func (s3a *S3ApiServer) checkObjectLockPermissions(request *http.Request, bucket, object, versionId string, bypassGovernance bool) error {
+	// For delete operations without versionId (which create delete markers),
+	// we should allow the operation even if the object is under retention.
+	// This is because delete markers are logical deletes, not physical deletes.
+	// Only block deletions when a specific versionId is provided.
+	if versionId == "" {
+		// This is a delete marker creation - allow it
+		return nil
+	}
+
 	// Get the object entry once to check both retention and legal hold
 	entry, err := s3a.getObjectEntry(bucket, object, versionId)
 	if err != nil {