Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fix auth permission checking

pull/2564/head
chrislu 3 years ago
parent
a7887166cf
commit
e76105e2ab
2 changed files with 11 additions and 11 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      weed/s3api/auth_credentials.go
  2. 20
      weed/s3api/auth_credentials_test.go

2
weed/s3api/auth_credentials.go
View File

@ -319,7 +319,7 @@ func (identity *Identity) canDo(action Action, bucket string, objectKey string)
if bucket == "" { if bucket == "" {
return false return false
} }
target := string(action) + ":" + bucket + "/" + objectKey
target := string(action) + ":" + bucket + objectKey
limitedByBucket := string(action) + ":" + bucket limitedByBucket := string(action) + ":" + bucket
adminLimitedByBucket := s3_constants.ACTION_ADMIN + ":" + bucket adminLimitedByBucket := s3_constants.ACTION_ADMIN + ":" + bucket
for _, a := range identity.Actions { for _, a := range identity.Actions {

20
weed/s3api/auth_credentials_test.go
View File

@ -78,8 +78,8 @@ func TestCanDo(t *testing.T) {
}, },
} }
// object specific // object specific
assert.Equal(t, true, ident1.canDo(ACTION_WRITE, "bucket1", "a/b/c/d.txt"))
assert.Equal(t, false, ident1.canDo(ACTION_WRITE, "bucket1", "a/b/other/some"), "action without *")
assert.Equal(t, true, ident1.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt"))
assert.Equal(t, false, ident1.canDo(ACTION_WRITE, "bucket1", "/a/b/other/some"), "action without *")
// bucket specific // bucket specific
ident2 := &Identity{ ident2 := &Identity{
@ -89,9 +89,9 @@ func TestCanDo(t *testing.T) {
"Write:bucket1/*", "Write:bucket1/*",
}, },
} }
assert.Equal(t, true, ident2.canDo(ACTION_READ, "bucket1", "a/b/c/d.txt"))
assert.Equal(t, true, ident2.canDo(ACTION_WRITE, "bucket1", "a/b/c/d.txt"))
assert.Equal(t, false, ident2.canDo(ACTION_LIST, "bucket1", "a/b/c/d.txt"))
assert.Equal(t, true, ident2.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt"))
assert.Equal(t, true, ident2.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt"))
assert.Equal(t, false, ident2.canDo(ACTION_LIST, "bucket1", "/a/b/c/d.txt"))
// across buckets // across buckets
ident3 := &Identity{ ident3 := &Identity{
@ -101,9 +101,9 @@ func TestCanDo(t *testing.T) {
"Write", "Write",
}, },
} }
assert.Equal(t, true, ident3.canDo(ACTION_READ, "bucket1", "a/b/c/d.txt"))
assert.Equal(t, true, ident3.canDo(ACTION_WRITE, "bucket1", "a/b/c/d.txt"))
assert.Equal(t, false, ident3.canDo(ACTION_LIST, "bucket1", "a/b/other/some"))
assert.Equal(t, true, ident3.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt"))
assert.Equal(t, true, ident3.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt"))
assert.Equal(t, false, ident3.canDo(ACTION_LIST, "bucket1", "/a/b/other/some"))
// partial buckets // partial buckets
ident4 := &Identity{ ident4 := &Identity{
@ -112,7 +112,7 @@ func TestCanDo(t *testing.T) {
"Read:special_*", "Read:special_*",
}, },
} }
assert.Equal(t, true, ident4.canDo(ACTION_READ, "special_bucket", "a/b/c/d.txt"))
assert.Equal(t, false, ident4.canDo(ACTION_READ, "bucket1", "a/b/c/d.txt"))
assert.Equal(t, true, ident4.canDo(ACTION_READ, "special_bucket", "/a/b/c/d.txt"))
assert.Equal(t, false, ident4.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt"))
} }
Write Preview
Loading…
Cancel
Save