diff --git a/cmd/admin-handlers-users.go b/cmd/admin-handlers-users.go index 347689566..48832bdf8 100644 --- a/cmd/admin-handlers-users.go +++ b/cmd/admin-handlers-users.go @@ -984,15 +984,18 @@ func (a adminAPIHandlers) AccountInfoHandler(w http.ResponseWriter, r *http.Requ // Set delimiter value for "s3:delimiter" policy conditionals. r.Header.Set("delimiter", SlashSeparator) + parentUser := cred.AccessKey + if cred.ParentUser != "" { + parentUser = cred.ParentUser + } + isAllowedAccess := func(bucketName string) (rd, wr bool) { - // Use the following trick to filter in place - // https://github.com/golang/go/wiki/SliceTricks#filter-in-place if globalIAMSys.IsAllowed(iampolicy.Args{ - AccountName: cred.AccessKey, + AccountName: parentUser, Groups: cred.Groups, Action: iampolicy.ListBucketAction, BucketName: bucketName, - ConditionValues: getConditionValues(r, "", cred.AccessKey, claims), + ConditionValues: getConditionValues(r, "", parentUser, claims), IsOwner: owner, ObjectName: "", Claims: claims, @@ -1001,11 +1004,11 @@ func (a adminAPIHandlers) AccountInfoHandler(w http.ResponseWriter, r *http.Requ } if globalIAMSys.IsAllowed(iampolicy.Args{ - AccountName: cred.AccessKey, + AccountName: parentUser, Groups: cred.Groups, Action: iampolicy.PutObjectAction, BucketName: bucketName, - ConditionValues: getConditionValues(r, "", cred.AccessKey, claims), + ConditionValues: getConditionValues(r, "", parentUser, claims), IsOwner: owner, ObjectName: "", Claims: claims,