aboutsummaryrefslogtreecommitdiff
path: root/weed/s3api/s3api_object_handlers.go
diff options
context:
space:
mode:
Diffstat (limited to 'weed/s3api/s3api_object_handlers.go')
-rw-r--r--weed/s3api/s3api_object_handlers.go28
1 files changed, 2 insertions, 26 deletions
diff --git a/weed/s3api/s3api_object_handlers.go b/weed/s3api/s3api_object_handlers.go
index f42e2f3b5..bdd16195a 100644
--- a/weed/s3api/s3api_object_handlers.go
+++ b/weed/s3api/s3api_object_handlers.go
@@ -642,19 +642,7 @@ func (s3a *S3ApiServer) GetObjectHandler(w http.ResponseWriter, r *http.Request)
}
// Re-check bucket policy with object entry for tag-based conditions (e.g., s3:ExistingObjectTag)
- identityRaw := s3_constants.GetIdentityFromContext(r)
- var identity *Identity
- if identityRaw != nil {
- var ok bool
- identity, ok = identityRaw.(*Identity)
- if !ok {
- glog.Errorf("GetObjectHandler: unexpected identity type in context for %s/%s", bucket, object)
- s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
- return
- }
- }
- principal := buildPrincipalARN(identity)
- if errCode, _ := s3a.checkPolicyWithEntry(r, bucket, object, string(s3_constants.ACTION_READ), principal, objectEntryForSSE.Extended); errCode != s3err.ErrNone {
+ if errCode := s3a.recheckPolicyWithObjectEntry(r, bucket, object, string(s3_constants.ACTION_READ), objectEntryForSSE.Extended, "GetObjectHandler"); errCode != s3err.ErrNone {
s3err.WriteErrorResponse(w, r, errCode)
return
}
@@ -2213,19 +2201,7 @@ func (s3a *S3ApiServer) HeadObjectHandler(w http.ResponseWriter, r *http.Request
}
// Re-check bucket policy with object entry for tag-based conditions (e.g., s3:ExistingObjectTag)
- identityRaw := s3_constants.GetIdentityFromContext(r)
- var identity *Identity
- if identityRaw != nil {
- var ok bool
- identity, ok = identityRaw.(*Identity)
- if !ok {
- glog.Errorf("HeadObjectHandler: unexpected identity type in context for %s/%s", bucket, object)
- s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
- return
- }
- }
- principal := buildPrincipalARN(identity)
- if errCode, _ := s3a.checkPolicyWithEntry(r, bucket, object, string(s3_constants.ACTION_READ), principal, objectEntryForSSE.Extended); errCode != s3err.ErrNone {
+ if errCode := s3a.recheckPolicyWithObjectEntry(r, bucket, object, string(s3_constants.ACTION_READ), objectEntryForSSE.Extended, "HeadObjectHandler"); errCode != s3err.ErrNone {
s3err.WriteErrorResponse(w, r, errCode)
return
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-20 20:26:00 +0000