fix: object lock behavior when default lock config is enabled (#9305)

2025-11-09 13:39:46 -05:00 · 2020-04-13 14:03:23 -07:00
parent cc9b63eb51
commit 1fa65c7f2f
6 changed files with 38 additions and 13 deletions
--- a/cmd/auth-handler.go
+++ b/cmd/auth-handler.go
@@ -591,6 +591,15 @@ func isPutActionAllowed(atype authType, bucketName, objectName string, r *http.R
 		return s3Err
 	}

+	// Do not check for PutObjectRetentionAction permission,
+	// if mode and retain until date are not set.
+	// Can happen when bucket has default lock config set
+	if action == iampolicy.PutObjectRetentionAction &&
+		r.Header.Get(xhttp.AmzObjectLockMode) == "" &&
+		r.Header.Get(xhttp.AmzObjectLockRetainUntilDate) == "" {
+		return ErrNone
+	}
+
 	if cred.AccessKey == "" {
 		if globalPolicySys.IsAllowed(policy.Args{
 			AccountName:     cred.AccessKey,