From ec69e25d7b2a3b93f630da224ef6ff4488a61285 Mon Sep 17 00:00:00 2001 From: chrislu Date: Thu, 20 Nov 2025 21:56:42 -0800 Subject: [PATCH] fix comparing --- weed/s3api/s3api_bucket_handlers.go | 13 ++++--------- weed/s3api/s3api_bucket_handlers_test.go | 11 ++++++----- 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/weed/s3api/s3api_bucket_handlers.go b/weed/s3api/s3api_bucket_handlers.go index cdf67de1f..f7a405cf3 100644 --- a/weed/s3api/s3api_bucket_handlers.go +++ b/weed/s3api/s3api_bucket_handlers.go @@ -129,15 +129,10 @@ func isBucketVisibleToIdentity(entry *filer_pb.Entry, identity *Identity) bool { // Non-admin users: check ownership // Use the authenticated identity value directly (cannot be spoofed) - authenticatedIdentityId := identity.Name - - var bucketOwnerId string - if id, ok := entry.Extended[s3_constants.AmzIdentityId]; ok { - bucketOwnerId = string(id) - } - - // Skip buckets that have no owner or are owned by someone else - if bucketOwnerId == "" || bucketOwnerId != authenticatedIdentityId { + id, ok := entry.Extended[s3_constants.AmzIdentityId] + // Skip buckets that are not owned by the current user. + // Buckets without an owner are also skipped. + if !ok || string(id) != identity.Name { return false } diff --git a/weed/s3api/s3api_bucket_handlers_test.go b/weed/s3api/s3api_bucket_handlers_test.go index 31735faef..c26947c9c 100644 --- a/weed/s3api/s3api_bucket_handlers_test.go +++ b/weed/s3api/s3api_bucket_handlers_test.go @@ -309,15 +309,16 @@ func TestListBucketsOwnershipFiltering(t *testing.T) { description: "When identityId is empty, ownership check is skipped, all buckets visible", }, { - name: "admin with empty identityId sees all", + name: "admin sees buckets regardless of ownership", buckets: []testBucket{ {name: "user1-bucket", ownerId: "user1"}, {name: "user2-bucket", ownerId: "user2"}, + {name: "unowned-bucket", ownerId: ""}, }, - requestIdentityId: "", + requestIdentityId: "admin", requestIsAdmin: true, - expectedBucketNames: []string{"user1-bucket", "user2-bucket"}, - description: "Admin should see all buckets even with empty identityId", + expectedBucketNames: []string{"user1-bucket", "user2-bucket", "unowned-bucket"}, + description: "Admin should see all buckets regardless of ownership", }, { name: "buckets with nil Extended metadata hidden from non-admins", @@ -418,7 +419,7 @@ func mockIdentity(name string, isAdmin bool) *Identity { SecretKey: "admin-secret", }, } - identity.Actions = []Action{ACTION_ADMIN} + identity.Actions = []Action{Action(s3_constants.ACTION_ADMIN)} } return identity }