mirror of
https://github.com/minio/minio.git
synced 2024-12-24 22:25:54 -05:00
copy: Ensure that the user has GET access to the src object (#6715)
This commit is contained in:
parent
6869f6d9dd
commit
88c3dd49c6
@ -678,6 +678,11 @@ func (api objectAPIHandlers) CopyObjectHandler(w http.ResponseWriter, r *http.Re
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if s3Error := checkRequestAuthType(ctx, r, policy.GetObjectAction, srcBucket, srcObject); s3Error != ErrNone {
|
||||||
|
writeErrorResponse(w, s3Error, r.URL)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// Check if metadata directive is valid.
|
// Check if metadata directive is valid.
|
||||||
if !isMetadataDirectiveValid(r.Header) {
|
if !isMetadataDirectiveValid(r.Header) {
|
||||||
writeErrorResponse(w, ErrInvalidMetadataDirective, r.URL)
|
writeErrorResponse(w, ErrInvalidMetadataDirective, r.URL)
|
||||||
@ -1393,6 +1398,11 @@ func (api objectAPIHandlers) CopyObjectPartHandler(w http.ResponseWriter, r *htt
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if s3Error := checkRequestAuthType(ctx, r, policy.GetObjectAction, srcBucket, srcObject); s3Error != ErrNone {
|
||||||
|
writeErrorResponse(w, s3Error, r.URL)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
uploadID := r.URL.Query().Get("uploadId")
|
uploadID := r.URL.Query().Get("uploadId")
|
||||||
partIDString := r.URL.Query().Get("partNumber")
|
partIDString := r.URL.Query().Get("partNumber")
|
||||||
|
|
||||||
|
@ -2163,23 +2163,6 @@ func testAPICopyObjectHandler(obj ObjectLayer, instanceType, bucketName string,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Test for Anonymous/unsigned http request.
|
|
||||||
newCopyAnonObject := "new-anon-obj"
|
|
||||||
anonReq, err := newTestRequest("PUT", getCopyObjectURL("", bucketName, newCopyAnonObject), 0, nil)
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("Minio %s: Failed to create an anonymous request for %s/%s: <ERROR> %v",
|
|
||||||
instanceType, bucketName, "new-anon-obj", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Below is how CopyObjectHandler is registered.
|
|
||||||
// bucket.Methods("PUT").Path("/{object:.+}").HeadersRegexp("X-Amz-Copy-Source", ".*?(\\/|%2F).*?")
|
|
||||||
// Its necessary to set the "X-Amz-Copy-Source" header for the request to be accepted by the handler.
|
|
||||||
anonReq.Header.Set("X-Amz-Copy-Source", url.QueryEscape("/"+bucketName+"/"+anonObject))
|
|
||||||
// ExecObjectLayerAPIAnonTest - Calls the HTTP API handler using the anonymous request, validates the ErrAccessDeniedResponse,
|
|
||||||
// sets the bucket policy using the policy statement generated from `getWriteOnlyObjectStatement` so that the
|
|
||||||
// unsigned request goes through and its validated again.
|
|
||||||
ExecObjectLayerAPIAnonTest(t, obj, "TestAPICopyObjectHandler", bucketName, newCopyAnonObject, instanceType, apiRouter, anonReq, getAnonWriteOnlyObjectPolicy(bucketName, newCopyAnonObject))
|
|
||||||
|
|
||||||
// HTTP request to test the case of `objectLayer` being set to `nil`.
|
// HTTP request to test the case of `objectLayer` being set to `nil`.
|
||||||
// There is no need to use an existing bucket or valid input for creating the request,
|
// There is no need to use an existing bucket or valid input for creating the request,
|
||||||
// since the `objectLayer==nil` check is performed before any other checks inside the handlers.
|
// since the `objectLayer==nil` check is performed before any other checks inside the handlers.
|
||||||
|
Loading…
Reference in New Issue
Block a user