MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-02-22 02:52:29 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix missing authorization check for PutObjectRetentionHandler (#20929)

Browse Source
This commit is contained in:
Ramon de Klein 2025-02-12 17:08:13 +01:00 committed by GitHub
parent 447054b841
commit 437dd4e32a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/object-handlers.go
View File

@ -2884,6 +2884,12 @@ func (api objectAPIHandlers) PutObjectRetentionHandler(w http.ResponseWriter, r
return return
} }
// Check permissions to perform this object retention operation
if s3Err := checkRequestAuthType(ctx, r, policy.PutObjectRetentionAction, bucket, object); s3Err != ErrNone {
writeErrorResponse(ctx, w, errorCodes.ToAPIErr(s3Err), r.URL)
return
}
cred, owner, s3Err := validateSignature(getRequestAuthType(r), r) cred, owner, s3Err := validateSignature(getRequestAuthType(r), r)
if s3Err != ErrNone { if s3Err != ErrNone {
writeErrorResponse(ctx, w, errorCodes.ToAPIErr(s3Err), r.URL) writeErrorResponse(ctx, w, errorCodes.ToAPIErr(s3Err), r.URL)