aboutsummaryrefslogtreecommitdiff
path: root/weed/s3api/s3api_object_handlers_copy_unified.go
diff options
context:
space:
mode:
Diffstat (limited to 'weed/s3api/s3api_object_handlers_copy_unified.go')
-rw-r--r--weed/s3api/s3api_object_handlers_copy_unified.go10
1 files changed, 10 insertions, 0 deletions
diff --git a/weed/s3api/s3api_object_handlers_copy_unified.go b/weed/s3api/s3api_object_handlers_copy_unified.go
index d11594420..255c3eb2d 100644
--- a/weed/s3api/s3api_object_handlers_copy_unified.go
+++ b/weed/s3api/s3api_object_handlers_copy_unified.go
@@ -2,12 +2,14 @@ package s3api
import (
"context"
+ "errors"
"fmt"
"net/http"
"github.com/seaweedfs/seaweedfs/weed/glog"
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
+ weed_server "github.com/seaweedfs/seaweedfs/weed/server"
)
// executeUnifiedCopyStrategy executes the appropriate copy strategy based on encryption state
@@ -76,6 +78,14 @@ func (s3a *S3ApiServer) mapCopyErrorToS3Error(err error) s3err.ErrorCode {
return s3err.ErrNone
}
+ // Check for read-only errors (quota enforcement)
+ // Uses errors.Is() to properly detect wrapped errors
+ if errors.Is(err, weed_server.ErrReadOnly) {
+ // Bucket is read-only due to quota enforcement or other configuration
+ // Return 403 Forbidden per S3 semantics (similar to MinIO's quota enforcement)
+ return s3err.ErrAccessDenied
+ }
+
// Check for KMS errors first
if kmsErr := MapKMSErrorToS3Error(err); kmsErr != s3err.ErrInvalidRequest {
return kmsErr
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 07:31:20 +0000