mirror of
https://github.com/seaweedfs/seaweedfs.git
synced 2024-01-19 02:48:24 +00:00
check permission for bucket delete/head.
This commit is contained in:
parent
d7cc0498e0
commit
e06676f007
|
@ -7,6 +7,7 @@ import (
|
||||||
|
|
||||||
"github.com/chrislusf/seaweedfs/weed/glog"
|
"github.com/chrislusf/seaweedfs/weed/glog"
|
||||||
"github.com/chrislusf/seaweedfs/weed/pb/filer_pb"
|
"github.com/chrislusf/seaweedfs/weed/pb/filer_pb"
|
||||||
|
"github.com/chrislusf/seaweedfs/weed/util"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (s3a *S3ApiServer) mkdir(parentDirectoryPath string, dirName string, fn func(entry *filer_pb.Entry)) error {
|
func (s3a *S3ApiServer) mkdir(parentDirectoryPath string, dirName string, fn func(entry *filer_pb.Entry)) error {
|
||||||
|
@ -75,6 +76,11 @@ func (s3a *S3ApiServer) exists(parentDirectoryPath string, entryName string, isD
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s3a *S3ApiServer) get(parentDirectoryPath, entryName string) (entry *filer_pb.Entry, err error) {
|
||||||
|
fullPath := util.NewFullPath(parentDirectoryPath, entryName)
|
||||||
|
return filer_pb.GetEntry(s3a, fullPath)
|
||||||
|
}
|
||||||
|
|
||||||
func objectKey(key *string) *string {
|
func objectKey(key *string) *string {
|
||||||
if strings.HasPrefix(*key, "/") {
|
if strings.HasPrefix(*key, "/") {
|
||||||
t := (*key)[1:]
|
t := (*key)[1:]
|
||||||
|
|
|
@ -120,6 +120,15 @@ func (s3a *S3ApiServer) DeleteBucketHandler(w http.ResponseWriter, r *http.Reque
|
||||||
|
|
||||||
bucket, _ := getBucketAndObject(r)
|
bucket, _ := getBucketAndObject(r)
|
||||||
|
|
||||||
|
if entry, err := s3a.get(s3a.option.BucketsPath, bucket); entry != nil && err == nil {
|
||||||
|
if id, ok := entry.Extended[xhttp.AmzIdentityId]; ok {
|
||||||
|
if string(id) != r.Header.Get(xhttp.AmzIdentityId) {
|
||||||
|
writeErrorResponse(w, s3err.ErrAccessDenied, r.URL)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
err := s3a.WithFilerClient(func(client filer_pb.SeaweedFilerClient) error {
|
err := s3a.WithFilerClient(func(client filer_pb.SeaweedFilerClient) error {
|
||||||
|
|
||||||
// delete collection
|
// delete collection
|
||||||
|
@ -149,28 +158,17 @@ func (s3a *S3ApiServer) HeadBucketHandler(w http.ResponseWriter, r *http.Request
|
||||||
|
|
||||||
bucket, _ := getBucketAndObject(r)
|
bucket, _ := getBucketAndObject(r)
|
||||||
|
|
||||||
err := s3a.WithFilerClient(func(client filer_pb.SeaweedFilerClient) error {
|
entry, err := s3a.get(s3a.option.BucketsPath, bucket)
|
||||||
|
if entry == nil || err != nil {
|
||||||
request := &filer_pb.LookupDirectoryEntryRequest{
|
|
||||||
Directory: s3a.option.BucketsPath,
|
|
||||||
Name: bucket,
|
|
||||||
}
|
|
||||||
|
|
||||||
glog.V(1).Infof("lookup bucket: %v", request)
|
|
||||||
if _, err := filer_pb.LookupEntry(client, request); err != nil {
|
|
||||||
if err == filer_pb.ErrNotFound {
|
|
||||||
return filer_pb.ErrNotFound
|
|
||||||
}
|
|
||||||
return fmt.Errorf("lookup bucket %s/%s: %v", s3a.option.BucketsPath, bucket, err)
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
})
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
writeErrorResponse(w, s3err.ErrNoSuchBucket, r.URL)
|
writeErrorResponse(w, s3err.ErrNoSuchBucket, r.URL)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
if id, ok := entry.Extended[xhttp.AmzIdentityId]; ok {
|
||||||
|
if string(id) != r.Header.Get(xhttp.AmzIdentityId) {
|
||||||
|
writeErrorResponse(w, s3err.ErrAccessDenied, r.URL)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
writeSuccessResponseEmpty(w)
|
writeSuccessResponseEmpty(w)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue