aboutsummaryrefslogtreecommitdiff
path: root/weed/s3api/s3api_object_retention.go
diff options
context:
space:
mode:
Diffstat (limited to 'weed/s3api/s3api_object_retention.go')
-rw-r--r--weed/s3api/s3api_object_retention.go9
1 files changed, 9 insertions, 0 deletions
diff --git a/weed/s3api/s3api_object_retention.go b/weed/s3api/s3api_object_retention.go
index 10d2a6bba..d69a5f857 100644
--- a/weed/s3api/s3api_object_retention.go
+++ b/weed/s3api/s3api_object_retention.go
@@ -599,6 +599,15 @@ func (s3a *S3ApiServer) checkGovernanceBypassPermission(request *http.Request, b
// checkObjectLockPermissions checks if an object can be deleted or modified
func (s3a *S3ApiServer) checkObjectLockPermissions(request *http.Request, bucket, object, versionId string, bypassGovernance bool) error {
+ // For delete operations without versionId (which create delete markers),
+ // we should allow the operation even if the object is under retention.
+ // This is because delete markers are logical deletes, not physical deletes.
+ // Only block deletions when a specific versionId is provided.
+ if versionId == "" {
+ // This is a delete marker creation - allow it
+ return nil
+ }
+
// Get the object entry once to check both retention and legal hold
entry, err := s3a.getObjectEntry(bucket, object, versionId)
if err != nil {
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 07:25:57 +0000