From f5d71008d725aefc480cd4f55b55d6c97f9cc3d5 Mon Sep 17 00:00:00 2001 From: Chris Lu Date: Wed, 28 Jan 2026 14:28:12 -0800 Subject: [PATCH] s3tables: refactor handleDeleteTableBucket to use strongly typed AuthError --- weed/s3api/s3tables/handler_bucket_get_list_delete.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/weed/s3api/s3tables/handler_bucket_get_list_delete.go b/weed/s3api/s3tables/handler_bucket_get_list_delete.go index cbb9596a0..fa06f94ba 100644 --- a/weed/s3api/s3tables/handler_bucket_get_list_delete.go +++ b/weed/s3api/s3tables/handler_bucket_get_list_delete.go @@ -239,8 +239,8 @@ func (h *S3TablesHandler) handleDeleteTableBucket(w http.ResponseWriter, r *http // 2. Check ownership principal := h.getPrincipalFromRequest(r) - if principal != metadata.OwnerAccountID { - return fmt.Errorf("access denied: principal %s does not own bucket %s", principal, bucketName) + if !CanDeleteTableBucket(principal, metadata.OwnerAccountID) { + return NewAuthError("DeleteTableBucket", principal, fmt.Sprintf("not authorized to delete bucket %s", bucketName)) } // 3. Check if bucket is empty @@ -272,7 +272,7 @@ func (h *S3TablesHandler) handleDeleteTableBucket(w http.ResponseWriter, r *http if err != nil { if errors.Is(err, filer_pb.ErrNotFound) { h.writeError(w, http.StatusNotFound, ErrCodeNoSuchBucket, fmt.Sprintf("table bucket %s not found", bucketName)) - } else if strings.Contains(err.Error(), "access denied") { + } else if isAuthError(err) { h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, err.Error()) } else { h.writeError(w, http.StatusInternalServerError, ErrCodeInternalError, fmt.Sprintf("failed to delete table bucket: %v", err))