mirror of
https://github.com/seaweedfs/seaweedfs.git
synced 2024-01-19 02:48:24 +00:00
auth use bucket wild cards
This commit is contained in:
parent
5861ba4608
commit
a48785c7df
|
@ -3,14 +3,14 @@ package s3api
|
|||
import (
|
||||
"fmt"
|
||||
"github.com/chrislusf/seaweedfs/weed/filer"
|
||||
"github.com/chrislusf/seaweedfs/weed/s3api/s3_constants"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
|
||||
"github.com/chrislusf/seaweedfs/weed/glog"
|
||||
"github.com/chrislusf/seaweedfs/weed/pb/iam_pb"
|
||||
xhttp "github.com/chrislusf/seaweedfs/weed/s3api/http"
|
||||
"github.com/chrislusf/seaweedfs/weed/s3api/s3_constants"
|
||||
"github.com/chrislusf/seaweedfs/weed/s3api/s3err"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"strings"
|
||||
)
|
||||
|
||||
type Action string
|
||||
|
@ -255,12 +255,22 @@ func (identity *Identity) canDo(action Action, bucket string) bool {
|
|||
limitedByBucket := string(action) + ":" + bucket
|
||||
adminLimitedByBucket := s3_constants.ACTION_ADMIN + ":" + bucket
|
||||
for _, a := range identity.Actions {
|
||||
if string(a) == limitedByBucket {
|
||||
act := string(a)
|
||||
if strings.HasSuffix(act, "*") {
|
||||
if strings.HasPrefix(limitedByBucket, act[:len(act)-1]) {
|
||||
return true
|
||||
}
|
||||
if string(a) == adminLimitedByBucket {
|
||||
if strings.HasPrefix(adminLimitedByBucket, act[:len(act)-1]) {
|
||||
return true
|
||||
}
|
||||
} else {
|
||||
if act == limitedByBucket {
|
||||
return true
|
||||
}
|
||||
if act == adminLimitedByBucket {
|
||||
return true
|
||||
}
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue