Browse Source

fix: only admin auth can delete S3 bucket (#5312)

pull/5313/head
7y-9 10 months ago
committed by GitHub
parent
commit
f037c09c11
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
  1. 2
      weed/s3api/s3api_server.go

2
weed/s3api/s3api_server.go

@ -278,7 +278,7 @@ func (s3a *S3ApiServer) registerRouter(router *mux.Router) {
// PutBucket // PutBucket
bucket.Methods("PUT").HandlerFunc(track(s3a.PutBucketHandler, "PUT")) bucket.Methods("PUT").HandlerFunc(track(s3a.PutBucketHandler, "PUT"))
// DeleteBucket // DeleteBucket
bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketHandler, ACTION_WRITE)), "DELETE"))
bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketHandler, ACTION_ADMIN)), "DELETE"))
// ListObjectsV1 (Legacy) // ListObjectsV1 (Legacy)
bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.ListObjectsV1Handler, ACTION_LIST)), "LIST")) bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.ListObjectsV1Handler, ACTION_LIST)), "LIST"))

Loading…
Cancel
Save