mirror of
https://github.com/seaweedfs/seaweedfs.git
synced 2024-01-19 02:48:24 +00:00
Merge pull request #2030 from kmlebedev/auth_bucket_wildcards
auth use bucket wild cards
This commit is contained in:
commit
4bdb17d086
|
@ -3,14 +3,14 @@ package s3api
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/chrislusf/seaweedfs/weed/filer"
|
"github.com/chrislusf/seaweedfs/weed/filer"
|
||||||
"github.com/chrislusf/seaweedfs/weed/s3api/s3_constants"
|
|
||||||
"io/ioutil"
|
|
||||||
"net/http"
|
|
||||||
|
|
||||||
"github.com/chrislusf/seaweedfs/weed/glog"
|
"github.com/chrislusf/seaweedfs/weed/glog"
|
||||||
"github.com/chrislusf/seaweedfs/weed/pb/iam_pb"
|
"github.com/chrislusf/seaweedfs/weed/pb/iam_pb"
|
||||||
xhttp "github.com/chrislusf/seaweedfs/weed/s3api/http"
|
xhttp "github.com/chrislusf/seaweedfs/weed/s3api/http"
|
||||||
|
"github.com/chrislusf/seaweedfs/weed/s3api/s3_constants"
|
||||||
"github.com/chrislusf/seaweedfs/weed/s3api/s3err"
|
"github.com/chrislusf/seaweedfs/weed/s3api/s3err"
|
||||||
|
"io/ioutil"
|
||||||
|
"net/http"
|
||||||
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Action string
|
type Action string
|
||||||
|
@ -255,12 +255,22 @@ func (identity *Identity) canDo(action Action, bucket string) bool {
|
||||||
limitedByBucket := string(action) + ":" + bucket
|
limitedByBucket := string(action) + ":" + bucket
|
||||||
adminLimitedByBucket := s3_constants.ACTION_ADMIN + ":" + bucket
|
adminLimitedByBucket := s3_constants.ACTION_ADMIN + ":" + bucket
|
||||||
for _, a := range identity.Actions {
|
for _, a := range identity.Actions {
|
||||||
if string(a) == limitedByBucket {
|
act := string(a)
|
||||||
|
if strings.HasSuffix(act, "*") {
|
||||||
|
if strings.HasPrefix(limitedByBucket, act[:len(act)-1]) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
if string(a) == adminLimitedByBucket {
|
if strings.HasPrefix(adminLimitedByBucket, act[:len(act)-1]) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
if act == limitedByBucket {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
if act == adminLimitedByBucket {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue