MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-02-03 01:46:00 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: crash observed for anonymous deletes from UI (#9107)

Browse Source
This commit is contained in:
Harshavardhana 2020-03-09 21:21:35 -07:00 committed by GitHub
parent 667f42515a
commit 5ab9cc029d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 34 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
cmd/web-handlers.go
View File

@ -690,6 +690,17 @@ next:
} }
} }
if authErr == errNoAuthToken { if authErr == errNoAuthToken {
// Check if object is allowed to be deleted anonymously
if !globalPolicySys.IsAllowed(policy.Args{
Action: policy.DeleteObjectAction,
BucketName: args.BucketName,
ConditionValues: getConditionValues(r, "", "", nil),
IsOwner: false,
ObjectName: objectName,
}) {
return toJSONError(ctx, errAccessDenied)
}
// Check if object is allowed to be deleted anonymously // Check if object is allowed to be deleted anonymously
if globalPolicySys.IsAllowed(policy.Args{ if globalPolicySys.IsAllowed(policy.Args{
Action: policy.BypassGovernanceRetentionAction, Action: policy.BypassGovernanceRetentionAction,
@ -710,16 +721,29 @@ next:
continue continue
} }
if !globalIAMSys.IsAllowed(iampolicy.Args{ if authErr == errNoAuthToken {
AccountName: claims.AccessKey, // Check if object is allowed to be deleted anonymously
Action: iampolicy.DeleteObjectAction, if !globalPolicySys.IsAllowed(policy.Args{
BucketName: args.BucketName, Action: iampolicy.DeleteObjectAction,
ConditionValues: getConditionValues(r, "", claims.AccessKey, claims.Map()), BucketName: args.BucketName,
IsOwner: owner, ConditionValues: getConditionValues(r, "", "", nil),
ObjectName: objectName, IsOwner: false,
Claims: claims.Map(), ObjectName: objectName,
}) { }) {
return toJSONError(ctx, errAccessDenied) return toJSONError(ctx, errAccessDenied)
}
} else {
if !globalIAMSys.IsAllowed(iampolicy.Args{
AccountName: claims.AccessKey,
Action: iampolicy.DeleteObjectAction,
BucketName: args.BucketName,
ConditionValues: getConditionValues(r, "", claims.AccessKey, claims.Map()),
IsOwner: owner,
ObjectName: objectName,
Claims: claims.Map(),
}) {
return toJSONError(ctx, errAccessDenied)
}
} }
// For directories, list the contents recursively and remove. // For directories, list the contents recursively and remove.