From b02f865183c26e4cb4572f5ab6d1f70b07d04398 Mon Sep 17 00:00:00 2001
From: chrislu <chris.lu@gmail.com>
Date: Thu, 20 Nov 2025 20:59:17 -0800
Subject: [PATCH] list owned buckets

---
 weed/s3api/s3api_bucket_handlers.go | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/weed/s3api/s3api_bucket_handlers.go b/weed/s3api/s3api_bucket_handlers.go
index 7bda07d97..68a9a2110 100644
--- a/weed/s3api/s3api_bucket_handlers.go
+++ b/weed/s3api/s3api_bucket_handlers.go
@@ -64,6 +64,21 @@ func (s3a *S3ApiServer) ListBucketsHandler(w http.ResponseWriter, r *http.Reques
 	var listBuckets ListAllMyBucketsList
 	for _, entry := range entries {
 		if entry.IsDirectory {
+			// Check ownership: only show buckets owned by this user (unless admin)
+			if identity != nil && identityId != "" {
+				var bucketOwnerId string
+				if entry.Extended != nil {
+					if id, ok := entry.Extended[s3_constants.AmzIdentityId]; ok {
+						bucketOwnerId = string(id)
+					}
+				}
+
+				// Skip buckets not owned by this user (unless they're an admin)
+				if bucketOwnerId != "" && bucketOwnerId != identityId && !identity.isAdmin() {
+					continue
+				}
+			}
+
 			// Check permissions for each bucket
 			if identity != nil {
 				// For JWT-authenticated users, use IAM authorization