Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fix comparing

pull/7519/head
chrislu 2 weeks ago
parent
fec3088fb1
commit
ec69e25d7b
2 changed files with 10 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 13
      weed/s3api/s3api_bucket_handlers.go
  2. 11
      weed/s3api/s3api_bucket_handlers_test.go

13
weed/s3api/s3api_bucket_handlers.go
View File

@ -129,15 +129,10 @@ func isBucketVisibleToIdentity(entry *filer_pb.Entry, identity *Identity) bool {
// Non-admin users: check ownership // Non-admin users: check ownership
// Use the authenticated identity value directly (cannot be spoofed) // Use the authenticated identity value directly (cannot be spoofed)
authenticatedIdentityId := identity.Name
var bucketOwnerId string
if id, ok := entry.Extended[s3_constants.AmzIdentityId]; ok {
bucketOwnerId = string(id)
}
// Skip buckets that have no owner or are owned by someone else
if bucketOwnerId == "" || bucketOwnerId != authenticatedIdentityId {
id, ok := entry.Extended[s3_constants.AmzIdentityId]
// Skip buckets that are not owned by the current user.
// Buckets without an owner are also skipped.
if !ok || string(id) != identity.Name {
return false return false
} }

11
weed/s3api/s3api_bucket_handlers_test.go
View File

@ -309,15 +309,16 @@ func TestListBucketsOwnershipFiltering(t *testing.T) {
description: "When identityId is empty, ownership check is skipped, all buckets visible", description: "When identityId is empty, ownership check is skipped, all buckets visible",
}, },
{ {
name: "admin with empty identityId sees all",
name: "admin sees buckets regardless of ownership",
buckets: []testBucket{ buckets: []testBucket{
{name: "user1-bucket", ownerId: "user1"}, {name: "user1-bucket", ownerId: "user1"},
{name: "user2-bucket", ownerId: "user2"}, {name: "user2-bucket", ownerId: "user2"},
{name: "unowned-bucket", ownerId: ""},
}, },
requestIdentityId: "",
requestIdentityId: "admin",
requestIsAdmin: true, requestIsAdmin: true,
expectedBucketNames: []string{"user1-bucket", "user2-bucket"},
description: "Admin should see all buckets even with empty identityId",
expectedBucketNames: []string{"user1-bucket", "user2-bucket", "unowned-bucket"},
description: "Admin should see all buckets regardless of ownership",
}, },
{ {
name: "buckets with nil Extended metadata hidden from non-admins", name: "buckets with nil Extended metadata hidden from non-admins",
@ -418,7 +419,7 @@ func mockIdentity(name string, isAdmin bool) *Identity {
SecretKey: "admin-secret", SecretKey: "admin-secret",
}, },
} }
identity.Actions = []Action{ACTION_ADMIN}
identity.Actions = []Action{Action(s3_constants.ACTION_ADMIN)}
} }
return identity return identity
} }

Write Preview
Loading…
Cancel
Save