From 9e7a2772b19869e209f188585a117b7b69263843 Mon Sep 17 00:00:00 2001 From: Chris Lu Date: Thu, 8 Oct 2020 10:11:41 -0700 Subject: [PATCH] s3: only admin can list all buckets --- weed/s3api/s3api_server.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/weed/s3api/s3api_server.go b/weed/s3api/s3api_server.go index 0123edfff..1ab80c3ee 100644 --- a/weed/s3api/s3api_server.go +++ b/weed/s3api/s3api_server.go @@ -119,7 +119,7 @@ func (s3a *S3ApiServer) registerRouter(router *mux.Router) { } // ListBuckets - apiRouter.Methods("GET").Path("/").HandlerFunc(track(s3a.iam.Auth(s3a.ListBucketsHandler, ACTION_LIST), "LIST")) + apiRouter.Methods("GET").Path("/").HandlerFunc(track(s3a.iam.Auth(s3a.ListBucketsHandler, ACTION_ADMIN), "LIST")) // NotFound apiRouter.NotFoundHandler = http.HandlerFunc(notFoundHandler)