Checking for access denied in web browser request. (#9523)

Fixes #9485
This commit is contained in:
P R 2020-05-06 21:31:44 -07:00 committed by GitHub
parent 7290d23b26
commit 7e3ea77fdf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 1 deletions

View File

@ -92,3 +92,6 @@ var errIAMActionNotAllowed = errors.New("Specified IAM action is not allowed und
// error returned when access is denied. // error returned when access is denied.
var errAccessDenied = errors.New("Do not have enough permissions to access this resource") var errAccessDenied = errors.New("Do not have enough permissions to access this resource")
// error returned when object is locked.
var errLockedObject = errors.New("Object is WORM protected and cannot be overwritten or deleted")

View File

@ -719,6 +719,9 @@ next:
} }
apiErr := enforceRetentionBypassForDeleteWeb(ctx, r, args.BucketName, objectName, getObjectInfo, govBypassPerms) apiErr := enforceRetentionBypassForDeleteWeb(ctx, r, args.BucketName, objectName, getObjectInfo, govBypassPerms)
if apiErr == ErrObjectLocked {
return toJSONError(ctx, errLockedObject)
}
if apiErr != ErrNone && apiErr != ErrNoSuchKey { if apiErr != ErrNone && apiErr != ErrNoSuchKey {
return toJSONError(ctx, errAccessDenied) return toJSONError(ctx, errAccessDenied)
} }
@ -2140,7 +2143,7 @@ func toWebAPIError(ctx context.Context, err error) APIError {
Description: err.Error(), Description: err.Error(),
} }
case errAuthentication, auth.ErrInvalidAccessKeyLength, case errAuthentication, auth.ErrInvalidAccessKeyLength,
auth.ErrInvalidSecretKeyLength, errInvalidAccessKeyID: auth.ErrInvalidSecretKeyLength, errInvalidAccessKeyID, errAccessDenied, errLockedObject:
return APIError{ return APIError{
Code: "AccessDenied", Code: "AccessDenied",
HTTPStatusCode: http.StatusForbidden, HTTPStatusCode: http.StatusForbidden,