Browse Source
Merge pull request #2030 from kmlebedev/auth_bucket_wildcards
auth use bucket wild cards
pull/2031/head
Chris Lu
4 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with
19 additions and
9 deletions
-
weed/s3api/auth_credentials.go
|
|
|
@ -3,14 +3,14 @@ package s3api |
|
|
|
import ( |
|
|
|
"fmt" |
|
|
|
"github.com/chrislusf/seaweedfs/weed/filer" |
|
|
|
"github.com/chrislusf/seaweedfs/weed/s3api/s3_constants" |
|
|
|
"io/ioutil" |
|
|
|
"net/http" |
|
|
|
|
|
|
|
"github.com/chrislusf/seaweedfs/weed/glog" |
|
|
|
"github.com/chrislusf/seaweedfs/weed/pb/iam_pb" |
|
|
|
xhttp "github.com/chrislusf/seaweedfs/weed/s3api/http" |
|
|
|
"github.com/chrislusf/seaweedfs/weed/s3api/s3_constants" |
|
|
|
"github.com/chrislusf/seaweedfs/weed/s3api/s3err" |
|
|
|
"io/ioutil" |
|
|
|
"net/http" |
|
|
|
"strings" |
|
|
|
) |
|
|
|
|
|
|
|
type Action string |
|
|
|
@ -255,12 +255,22 @@ func (identity *Identity) canDo(action Action, bucket string) bool { |
|
|
|
limitedByBucket := string(action) + ":" + bucket |
|
|
|
adminLimitedByBucket := s3_constants.ACTION_ADMIN + ":" + bucket |
|
|
|
for _, a := range identity.Actions { |
|
|
|
if string(a) == limitedByBucket { |
|
|
|
act := string(a) |
|
|
|
if strings.HasSuffix(act, "*") { |
|
|
|
if strings.HasPrefix(limitedByBucket, act[:len(act)-1]) { |
|
|
|
return true |
|
|
|
} |
|
|
|
if string(a) == adminLimitedByBucket { |
|
|
|
if strings.HasPrefix(adminLimitedByBucket, act[:len(act)-1]) { |
|
|
|
return true |
|
|
|
} |
|
|
|
} else { |
|
|
|
if act == limitedByBucket { |
|
|
|
return true |
|
|
|
} |
|
|
|
if act == adminLimitedByBucket { |
|
|
|
return true |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
return false |
|
|
|
} |
|
|
|
|
