From 9ce1884732418766f2442a5763bcf938e9103bd5 Mon Sep 17 00:00:00 2001 From: Poorna Date: Mon, 24 Oct 2022 20:24:32 -0700 Subject: [PATCH] reject editing bucket replication config when site replication is enabled (#15937) --- cmd/bucket-replication-handlers.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cmd/bucket-replication-handlers.go b/cmd/bucket-replication-handlers.go index 8777d89f4..75edd0a19 100644 --- a/cmd/bucket-replication-handlers.go +++ b/cmd/bucket-replication-handlers.go @@ -55,7 +55,10 @@ func (api objectAPIHandlers) PutBucketReplicationConfigHandler(w http.ResponseWr writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL) return } - + if globalSiteReplicationSys.isEnabled() && logger.GetReqInfo(ctx).Cred.AccessKey != globalActiveCred.AccessKey { + writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrReplicationDenyEditError), r.URL) + return + } if versioned := globalBucketVersioningSys.Enabled(bucket); !versioned { writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrReplicationNeedsVersioningError), r.URL) return