From bbecba266d585044c6407a8a44dbf8296f777def Mon Sep 17 00:00:00 2001
From: "changlin.shi" <changlin.shi@ly.com>
Date: Thu, 13 Oct 2022 16:23:58 +0800
Subject: [PATCH] extract and save acl when create bucket

---
 weed/s3api/s3api_acp.go             | 21 +++++++++++++++++++++
 weed/s3api/s3api_bucket_handlers.go |  8 ++++++++
 2 files changed, 29 insertions(+)

diff --git a/weed/s3api/s3api_acp.go b/weed/s3api/s3api_acp.go
index 7a76c2a67..7aa19babd 100644
--- a/weed/s3api/s3api_acp.go
+++ b/weed/s3api/s3api_acp.go
@@ -1,8 +1,10 @@
 package s3api
 
 import (
+	"github.com/aws/aws-sdk-go/service/s3"
 	"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
 	"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
+	"github.com/seaweedfs/seaweedfs/weed/s3api/s3acl"
 	"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
 	"net/http"
 )
@@ -27,3 +29,22 @@ func (s3a *S3ApiServer) checkAccessByOwnership(r *http.Request, bucket string) s
 	}
 	return s3err.ErrAccessDenied
 }
+
+func (s3a *S3ApiServer) ExtractBucketAcp(r *http.Request) (owner string, grants []*s3.Grant, errCode s3err.ErrorCode) {
+	accountId := s3acl.GetAccountId(r)
+
+	ownership := s3_constants.DefaultOwnershipForCreate
+	if ownership == s3_constants.OwnershipBucketOwnerEnforced {
+		return accountId, []*s3.Grant{
+			{
+				Permission: &s3_constants.PermissionFullControl,
+				Grantee: &s3.Grantee{
+					Type: &s3_constants.GrantTypeCanonicalUser,
+					ID:   &accountId,
+				},
+			},
+		}, s3err.ErrNone
+	} else {
+		return s3acl.ParseAndValidateAclHeadersOrElseDefault(r, s3a.accountManager, ownership, accountId, accountId, false)
+	}
+}
diff --git a/weed/s3api/s3api_bucket_handlers.go b/weed/s3api/s3api_bucket_handlers.go
index 9e215db9e..efe069237 100644
--- a/weed/s3api/s3api_bucket_handlers.go
+++ b/weed/s3api/s3api_bucket_handlers.go
@@ -6,6 +6,7 @@ import (
 	"errors"
 	"fmt"
 	"github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
+	"github.com/seaweedfs/seaweedfs/weed/s3api/s3acl"
 	"github.com/seaweedfs/seaweedfs/weed/util"
 	"math"
 	"net/http"
@@ -121,6 +122,12 @@ func (s3a *S3ApiServer) PutBucketHandler(w http.ResponseWriter, r *http.Request)
 		}
 	}
 
+	acpOwner, acpGrants, errCode := s3a.ExtractBucketAcp(r)
+	if errCode != s3err.ErrNone {
+		s3err.WriteErrorResponse(w, r, errCode)
+		return
+	}
+
 	fn := func(entry *filer_pb.Entry) {
 		if identityId := r.Header.Get(s3_constants.AmzIdentityId); identityId != "" {
 			if entry.Extended == nil {
@@ -128,6 +135,7 @@ func (s3a *S3ApiServer) PutBucketHandler(w http.ResponseWriter, r *http.Request)
 			}
 			entry.Extended[s3_constants.AmzIdentityId] = []byte(identityId)
 		}
+		s3acl.AssembleEntryWithAcp(entry, acpOwner, acpGrants)
 	}
 
 	// create the folder for bucket, but lazily create actual collection