mirror of
https://github.com/seaweedfs/seaweedfs.git
synced 2024-01-19 02:48:24 +00:00
Merge pull request #1613 from taozix/master
check permission for bucket delete/head.
This commit is contained in:
commit
ed3b0f81c6
|
@ -7,6 +7,7 @@ import (
|
|||
|
||||
"github.com/chrislusf/seaweedfs/weed/glog"
|
||||
"github.com/chrislusf/seaweedfs/weed/pb/filer_pb"
|
||||
"github.com/chrislusf/seaweedfs/weed/util"
|
||||
)
|
||||
|
||||
func (s3a *S3ApiServer) mkdir(parentDirectoryPath string, dirName string, fn func(entry *filer_pb.Entry)) error {
|
||||
|
@ -75,6 +76,11 @@ func (s3a *S3ApiServer) exists(parentDirectoryPath string, entryName string, isD
|
|||
|
||||
}
|
||||
|
||||
func (s3a *S3ApiServer) get(parentDirectoryPath, entryName string) (entry *filer_pb.Entry, err error) {
|
||||
fullPath := util.NewFullPath(parentDirectoryPath, entryName)
|
||||
return filer_pb.GetEntry(s3a, fullPath)
|
||||
}
|
||||
|
||||
func objectKey(key *string) *string {
|
||||
if strings.HasPrefix(*key, "/") {
|
||||
t := (*key)[1:]
|
||||
|
|
|
@ -120,7 +120,22 @@ func (s3a *S3ApiServer) DeleteBucketHandler(w http.ResponseWriter, r *http.Reque
|
|||
|
||||
bucket, _ := getBucketAndObject(r)
|
||||
|
||||
err := s3a.WithFilerClient(func(client filer_pb.SeaweedFilerClient) error {
|
||||
entry, err := s3a.get(s3a.option.BucketsPath, bucket)
|
||||
if entry == nil || err == filer_pb.ErrNotFound {
|
||||
writeErrorResponse(w, s3err.ErrNoSuchBucket, r.URL)
|
||||
return
|
||||
}
|
||||
|
||||
if entry.Extended != nil {
|
||||
if id, ok := entry.Extended[xhttp.AmzIdentityId]; ok {
|
||||
if string(id) != r.Header.Get(xhttp.AmzIdentityId) {
|
||||
writeErrorResponse(w, s3err.ErrAccessDenied, r.URL)
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
err = s3a.WithFilerClient(func(client filer_pb.SeaweedFilerClient) error {
|
||||
|
||||
// delete collection
|
||||
deleteCollectionRequest := &filer_pb.DeleteCollectionRequest{
|
||||
|
@ -149,28 +164,20 @@ func (s3a *S3ApiServer) HeadBucketHandler(w http.ResponseWriter, r *http.Request
|
|||
|
||||
bucket, _ := getBucketAndObject(r)
|
||||
|
||||
err := s3a.WithFilerClient(func(client filer_pb.SeaweedFilerClient) error {
|
||||
|
||||
request := &filer_pb.LookupDirectoryEntryRequest{
|
||||
Directory: s3a.option.BucketsPath,
|
||||
Name: bucket,
|
||||
}
|
||||
|
||||
glog.V(1).Infof("lookup bucket: %v", request)
|
||||
if _, err := filer_pb.LookupEntry(client, request); err != nil {
|
||||
if err == filer_pb.ErrNotFound {
|
||||
return filer_pb.ErrNotFound
|
||||
}
|
||||
return fmt.Errorf("lookup bucket %s/%s: %v", s3a.option.BucketsPath, bucket, err)
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
entry, err := s3a.get(s3a.option.BucketsPath, bucket)
|
||||
if entry == nil || err != nil {
|
||||
writeErrorResponse(w, s3err.ErrNoSuchBucket, r.URL)
|
||||
return
|
||||
}
|
||||
|
||||
if entry.Extended != nil {
|
||||
if id, ok := entry.Extended[xhttp.AmzIdentityId]; ok {
|
||||
if string(id) != r.Header.Get(xhttp.AmzIdentityId) {
|
||||
writeErrorResponse(w, s3err.ErrAccessDenied, r.URL)
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
writeSuccessResponseEmpty(w)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue