gitlab-com-seaweedfs/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2024-01-19 02:48:24 +00:00
Code Issues Projects Releases Wiki Activity

adjust check bucket if exist or has access.

Browse source
This commit is contained in:
ruitao.liu 2020-11-13 17:13:20 +08:00
parent e6333da65a
commit a9990a1dc6
1 changed files with 18 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
weed/s3api/s3api_bucket_handlers.go
View file

@ -118,18 +118,12 @@ func (s3a *S3ApiServer) DeleteBucketHandler(w http.ResponseWriter, r *http.Reque
bucket, _ := getBucketAndObject(r) bucket, _ := getBucketAndObject(r)
entry, err := s3a.getEntry(s3a.option.BucketsPath, bucket) if err := s3a.checkBucket(r, bucket); err != s3err.ErrNone {
if entry == nil || err == filer_pb.ErrNotFound { writeErrorResponse(w, err, r.URL)
writeErrorResponse(w, s3err.ErrNoSuchBucket, r.URL)
return return
} }
if !s3a.hasAccess(r, entry) { err := s3a.WithFilerClient(func(client filer_pb.SeaweedFilerClient) error {
writeErrorResponse(w, s3err.ErrAccessDenied, r.URL)
return
}
err = s3a.WithFilerClient(func(client filer_pb.SeaweedFilerClient) error {
// delete collection // delete collection
deleteCollectionRequest := &filer_pb.DeleteCollectionRequest{ deleteCollectionRequest := &filer_pb.DeleteCollectionRequest{
@ -158,20 +152,26 @@ func (s3a *S3ApiServer) HeadBucketHandler(w http.ResponseWriter, r *http.Request
bucket, _ := getBucketAndObject(r) bucket, _ := getBucketAndObject(r)
entry, err := s3a.getEntry(s3a.option.BucketsPath, bucket) if err := s3a.checkBucket(r, bucket); err != s3err.ErrNone {
if entry == nil || err == filer_pb.ErrNotFound { writeErrorResponse(w, err, r.URL)
writeErrorResponse(w, s3err.ErrNoSuchBucket, r.URL)
return
}
if !s3a.hasAccess(r, entry) {
writeErrorResponse(w, s3err.ErrAccessDenied, r.URL)
return return
} }
writeSuccessResponseEmpty(w) writeSuccessResponseEmpty(w)
} }
func (s3a *S3ApiServer) checkBucket(r *http.Request, bucket string) s3err.ErrorCode {
entry, err := s3a.getEntry(s3a.option.BucketsPath, bucket)
if entry == nil || err == filer_pb.ErrNotFound {
return s3err.ErrNoSuchBucket
}
if !s3a.hasAccess(r, entry) {
return s3err.ErrAccessDenied
}
return s3err.ErrNone
}
func (s3a *S3ApiServer) hasAccess(r *http.Request, entry *filer_pb.Entry) bool { func (s3a *S3ApiServer) hasAccess(r *http.Request, entry *filer_pb.Entry) bool {
isAdmin := r.Header.Get(xhttp.AmzIsAdmin) != "" isAdmin := r.Header.Get(xhttp.AmzIsAdmin) != ""
if isAdmin { if isAdmin {
@ -188,4 +188,4 @@ func (s3a *S3ApiServer) hasAccess(r *http.Request, entry *filer_pb.Entry) bool {
} }
} }
return true return true
} }