Now client requests for ACL changes are honored through PutBucketACL API

2025-11-09 05:34:56 -05:00 · 2015-04-27 03:04:29 -07:00
parent 1b411f9e86
commit 9232ce3b4e
9 changed files with 124 additions and 5 deletions
--- a/pkg/api/api_bucket_handlers.go
+++ b/pkg/api/api_bucket_handlers.go
@@ -148,6 +148,11 @@ func (server *minioAPI) listBucketsHandler(w http.ResponseWriter, req *http.Requ
 // ----------
 // This implementation of the PUT operation creates a new bucket for authenticated request
 func (server *minioAPI) putBucketHandler(w http.ResponseWriter, req *http.Request) {
+	if isRequestBucketACL(req.URL.Query()) {
+		server.putBucketACLHandler(w, req)
+		return
+	}
+
 	acceptsContentType := getContentType(req)
 	if acceptsContentType == unknownContentType {
 		writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
@@ -191,6 +196,49 @@ func (server *minioAPI) putBucketHandler(w http.ResponseWriter, req *http.Reques
 	}
 }

+// PUT Bucket ACL
+// ----------
+// This implementation of the PUT operation modifies the bucketACL for authenticated request
+func (server *minioAPI) putBucketACLHandler(w http.ResponseWriter, req *http.Request) {
+	acceptsContentType := getContentType(req)
+	if acceptsContentType == unknownContentType {
+		writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
+		return
+	}
+
+	// read from 'x-amz-acl'
+	aclType := getACLType(req)
+	if aclType == unsupportedACLType {
+		writeErrorResponse(w, req, NotImplemented, acceptsContentType, req.URL.Path)
+		return
+	}
+
+	vars := mux.Vars(req)
+	bucket := vars["bucket"]
+	err := server.driver.SetBucketMetadata(bucket, getACLTypeString(aclType))
+	switch iodine.ToError(err).(type) {
+	case nil:
+		{
+			w.Header().Set("Server", "Minio")
+			w.Header().Set("Connection", "close")
+			w.WriteHeader(http.StatusOK)
+		}
+	case drivers.BucketNameInvalid:
+		{
+			writeErrorResponse(w, req, InvalidBucketName, acceptsContentType, req.URL.Path)
+		}
+	case drivers.BucketNotFound:
+		{
+			writeErrorResponse(w, req, NoSuchBucket, acceptsContentType, req.URL.Path)
+		}
+	default:
+		{
+			log.Error.Println(iodine.New(err, nil))
+			writeErrorResponse(w, req, InternalError, acceptsContentType, req.URL.Path)
+		}
+	}
+}
+
 // HEAD Bucket
 // ----------
 // This operation is useful to determine if a bucket exists.
--- a/pkg/api/api_definitions.go
+++ b/pkg/api/api_definitions.go
@@ -76,7 +76,6 @@ type Owner struct {

 // List of not implemented bucket queries
 var unimplementedBucketResourceNames = map[string]bool{
-	"acl":            true,
 	"policy":         true,
 	"cors":           true,
 	"lifecycle":      true,
@@ -94,7 +93,6 @@ var unimplementedBucketResourceNames = map[string]bool{
 // List of not implemented object queries
 var unimplementedObjectResourceNames = map[string]bool{
 	"uploadId": true,
-	"acl":      true,
 	"torrent":  true,
 	"uploads":  true,
 }
--- a/pkg/api/api_test.go
+++ b/pkg/api/api_test.go
@@ -447,7 +447,7 @@ func (s *MySuite) TestNotImplemented(c *C) {
 	testServer := httptest.NewServer(httpHandler)
 	defer testServer.Close()

-	request, err := http.NewRequest("GET", testServer.URL+"/bucket/object?acl", nil)
+	request, err := http.NewRequest("GET", testServer.URL+"/bucket/object?policy", nil)
 	c.Assert(err, IsNil)
 	setAuthHeader(request)

--- a/pkg/api/resources.go
+++ b/pkg/api/resources.go
@@ -39,3 +39,16 @@ func getBucketResources(values url.Values) (v drivers.BucketResourcesMetadata) {
 	}
 	return
 }
+
+// check if req query values have acl
+func isRequestBucketACL(values url.Values) bool {
+	for key := range values {
+		switch true {
+		case key == "acl":
+			return true
+		default:
+			return false
+		}
+	}
+	return false
+}