Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

extract and save acl when create bucket

pull/3849/head
changlin.shi 2 years ago
parent
f5d4952d73
commit
bbecba266d
2 changed files with 29 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 21
      weed/s3api/s3api_acp.go
  2. 8
      weed/s3api/s3api_bucket_handlers.go

21
weed/s3api/s3api_acp.go
View File

@ -1,8 +1,10 @@
package s3api
import (
"github.com/aws/aws-sdk-go/service/s3"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3acl"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
"net/http"
)
@ -27,3 +29,22 @@ func (s3a *S3ApiServer) checkAccessByOwnership(r *http.Request, bucket string) s
}
return s3err.ErrAccessDenied
}
func (s3a *S3ApiServer) ExtractBucketAcp(r *http.Request) (owner string, grants []*s3.Grant, errCode s3err.ErrorCode) {
accountId := s3acl.GetAccountId(r)
ownership := s3_constants.DefaultOwnershipForCreate
if ownership == s3_constants.OwnershipBucketOwnerEnforced {
return accountId, []*s3.Grant{
{
Permission: &s3_constants.PermissionFullControl,
Grantee: &s3.Grantee{
Type: &s3_constants.GrantTypeCanonicalUser,
ID: &accountId,
},
},
}, s3err.ErrNone
} else {
return s3acl.ParseAndValidateAclHeadersOrElseDefault(r, s3a.accountManager, ownership, accountId, accountId, false)
}
}

8
weed/s3api/s3api_bucket_handlers.go
View File

@ -6,6 +6,7 @@ import (
"errors"
"fmt"
"github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3acl"
"github.com/seaweedfs/seaweedfs/weed/util"
"math"
"net/http"
@ -121,6 +122,12 @@ func (s3a *S3ApiServer) PutBucketHandler(w http.ResponseWriter, r *http.Request)
}
}
acpOwner, acpGrants, errCode := s3a.ExtractBucketAcp(r)
if errCode != s3err.ErrNone {
s3err.WriteErrorResponse(w, r, errCode)
return
}
fn := func(entry *filer_pb.Entry) {
if identityId := r.Header.Get(s3_constants.AmzIdentityId); identityId != "" {
if entry.Extended == nil {
@ -128,6 +135,7 @@ func (s3a *S3ApiServer) PutBucketHandler(w http.ResponseWriter, r *http.Request)
}
entry.Extended[s3_constants.AmzIdentityId] = []byte(identityId)
}
s3acl.AssembleEntryWithAcp(entry, acpOwner, acpGrants)
}
// create the folder for bucket, but lazily create actual collection

Write Preview
Loading…
Cancel
Save