Merge pull request #2030 from kmlebedev/auth_bucket_wildcards

auth use bucket wild cards
This commit is contained in:
Chris Lu 2021-04-27 10:37:18 -07:00 committed by GitHub
commit 4bdb17d086
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -3,14 +3,14 @@ package s3api
import ( import (
"fmt" "fmt"
"github.com/chrislusf/seaweedfs/weed/filer" "github.com/chrislusf/seaweedfs/weed/filer"
"github.com/chrislusf/seaweedfs/weed/s3api/s3_constants"
"io/ioutil"
"net/http"
"github.com/chrislusf/seaweedfs/weed/glog" "github.com/chrislusf/seaweedfs/weed/glog"
"github.com/chrislusf/seaweedfs/weed/pb/iam_pb" "github.com/chrislusf/seaweedfs/weed/pb/iam_pb"
xhttp "github.com/chrislusf/seaweedfs/weed/s3api/http" xhttp "github.com/chrislusf/seaweedfs/weed/s3api/http"
"github.com/chrislusf/seaweedfs/weed/s3api/s3_constants"
"github.com/chrislusf/seaweedfs/weed/s3api/s3err" "github.com/chrislusf/seaweedfs/weed/s3api/s3err"
"io/ioutil"
"net/http"
"strings"
) )
type Action string type Action string
@ -255,11 +255,21 @@ func (identity *Identity) canDo(action Action, bucket string) bool {
limitedByBucket := string(action) + ":" + bucket limitedByBucket := string(action) + ":" + bucket
adminLimitedByBucket := s3_constants.ACTION_ADMIN + ":" + bucket adminLimitedByBucket := s3_constants.ACTION_ADMIN + ":" + bucket
for _, a := range identity.Actions { for _, a := range identity.Actions {
if string(a) == limitedByBucket { act := string(a)
return true if strings.HasSuffix(act, "*") {
} if strings.HasPrefix(limitedByBucket, act[:len(act)-1]) {
if string(a) == adminLimitedByBucket { return true
return true }
if strings.HasPrefix(adminLimitedByBucket, act[:len(act)-1]) {
return true
}
} else {
if act == limitedByBucket {
return true
}
if act == adminLimitedByBucket {
return true
}
} }
} }
return false return false