From f037c09c11621660ea428f42abe2f18c10c8ec48 Mon Sep 17 00:00:00 2001 From: 7y-9 <121850020+7y-9@users.noreply.github.com> Date: Mon, 19 Feb 2024 16:38:05 +0800 Subject: [PATCH] fix: only admin auth can delete S3 bucket (#5312) --- weed/s3api/s3api_server.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/weed/s3api/s3api_server.go b/weed/s3api/s3api_server.go index 37ae54f1b..7c4918a01 100644 --- a/weed/s3api/s3api_server.go +++ b/weed/s3api/s3api_server.go @@ -278,7 +278,7 @@ func (s3a *S3ApiServer) registerRouter(router *mux.Router) { // PutBucket bucket.Methods("PUT").HandlerFunc(track(s3a.PutBucketHandler, "PUT")) // DeleteBucket - bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketHandler, ACTION_WRITE)), "DELETE")) + bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketHandler, ACTION_ADMIN)), "DELETE")) // ListObjectsV1 (Legacy) bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.ListObjectsV1Handler, ACTION_LIST)), "LIST"))