2022-10-02 02:18:00 +00:00
|
|
|
package s3api
|
|
|
|
|
|
|
|
import (
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
|
2022-10-10 13:44:29 +00:00
|
|
|
"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
|
2022-10-02 02:18:00 +00:00
|
|
|
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
|
|
|
|
"net/http"
|
|
|
|
)
|
|
|
|
|
|
|
|
func getAccountId(r *http.Request) string {
|
|
|
|
id := r.Header.Get(s3_constants.AmzAccountId)
|
|
|
|
if len(id) == 0 {
|
2022-10-10 13:44:29 +00:00
|
|
|
return s3account.AccountAnonymous.Id
|
2022-10-02 02:18:00 +00:00
|
|
|
} else {
|
|
|
|
return id
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s3a *S3ApiServer) checkAccessByOwnership(r *http.Request, bucket string) s3err.ErrorCode {
|
|
|
|
metadata, errCode := s3a.bucketRegistry.GetBucketMetadata(bucket)
|
|
|
|
if errCode != s3err.ErrNone {
|
|
|
|
return errCode
|
|
|
|
}
|
|
|
|
accountId := getAccountId(r)
|
2022-10-10 13:44:29 +00:00
|
|
|
if accountId == s3account.AccountAdmin.Id || accountId == *metadata.Owner.ID {
|
2022-10-02 02:18:00 +00:00
|
|
|
return s3err.ErrNone
|
|
|
|
}
|
|
|
|
return s3err.ErrAccessDenied
|
|
|
|
}
|