Browse Source

remove debug

pull/6065/merge
Chris Lu 3 days ago
parent
commit
35ad7d08a5
  1. 14
      weed/s3api/s3tables/permissions.go

14
weed/s3api/s3tables/permissions.go

@ -118,30 +118,21 @@ func CheckPermissionWithContext(operation, principal, owner, resourcePolicy, res
} }
func checkPermission(operation, principal, owner, resourcePolicy, resourceARN string, ctx *PolicyContext) bool { func checkPermission(operation, principal, owner, resourcePolicy, resourceARN string, ctx *PolicyContext) bool {
fmt.Printf("DEBUG: checkPermission op=%s princ=%s owner=%s policyLen=%d defaultAllow=%v\n",
operation, principal, owner, len(resourcePolicy), ctx != nil && ctx.DefaultAllow)
if resourcePolicy != "" {
fmt.Printf("DEBUG: policy content: %s\n", resourcePolicy)
}
// Owner always has permission // Owner always has permission
if principal == owner { if principal == owner {
fmt.Printf("DEBUG: Allowed by Owner check\n")
return true return true
} }
if hasIdentityPermission(operation, ctx) { if hasIdentityPermission(operation, ctx) {
fmt.Printf("DEBUG: Allowed by Identity check\n")
return true return true
} }
// If no policy is provided, use default allow if enabled // If no policy is provided, use default allow if enabled
if resourcePolicy == "" { if resourcePolicy == "" {
if ctx != nil && ctx.DefaultAllow { if ctx != nil && ctx.DefaultAllow {
fmt.Printf("DEBUG: Allowed by DefaultAllow\n")
return true return true
} }
fmt.Printf("DEBUG: Denied by DefaultAllow=false (no policy)\n")
return false return false
} }
@ -183,9 +174,10 @@ func checkPermission(operation, principal, owner, resourcePolicy, resourceARN st
} }
// Statement matches - check effect // Statement matches - check effect
if stmt.Effect == "Allow" {
switch stmt.Effect {
case "Allow":
hasAllow = true hasAllow = true
} else if stmt.Effect == "Deny" {
case "Deny":
// Explicit deny always wins // Explicit deny always wins
return false return false
} }

Loading…
Cancel
Save