Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

s3tables: improve error handling and permission logic 

- Update handleGetNamespace to distinguish between 404 and 500 errors
- Refactor CanManagePolicy to use CheckPermission for consistent enforcement
- Ensure empty identities are correctly handled in policy management checks
pull/8147/head
Chris Lu 4 days ago
parent
6fc170c645
commit
1c0d37e15a
2 changed files with 6 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      weed/s3api/s3tables/handler_namespace.go
  2. 3
      weed/s3api/s3tables/permissions.go

6
weed/s3api/s3tables/handler_namespace.go
View File

@ -167,7 +167,11 @@ func (h *S3TablesHandler) handleGetNamespace(w http.ResponseWriter, r *http.Requ
})
if err != nil {
h.writeError(w, http.StatusNotFound, ErrCodeNoSuchNamespace, fmt.Sprintf("namespace %s not found", flattenNamespace(req.Namespace)))
if errors.Is(err, filer_pb.ErrNotFound) {
h.writeError(w, http.StatusNotFound, ErrCodeNoSuchNamespace, fmt.Sprintf("namespace %s not found", flattenNamespace(req.Namespace)))
} else {
h.writeError(w, http.StatusInternalServerError, ErrCodeInternalError, fmt.Sprintf("failed to get namespace: %v", err))
}
return err
}

3
weed/s3api/s3tables/permissions.go
View File

@ -159,8 +159,7 @@ func CanListTables(principal, owner string) bool {
// CanManagePolicy checks if principal can manage policies
func CanManagePolicy(principal, owner string) bool {
// Policy management requires owner permissions
return principal == owner
return CheckPermission("ManagePolicy", principal, owner)
}
// CanManageTags checks if principal can manage tags

Write Preview
Loading…
Cancel
Save