make sure to pass groups for all credentials while verifying policies (#14193)

fixes #14180
2025-11-09 13:39:46 -05:00 · 2022-01-26 21:53:36 -08:00
parent a66071099c
commit d6dd17a483
4 changed files with 14 additions and 9 deletions
--- a/cmd/bucket-handlers.go
+++ b/cmd/bucket-handlers.go
@@ -951,6 +951,7 @@ func (api objectAPIHandlers) PostPolicyBucketHandler(w http.ResponseWriter, r *h
 	// explicit permissions for the user.
 	if !globalIAMSys.IsAllowed(iampolicy.Args{
 		AccountName:     cred.AccessKey,
+		Groups:          cred.Groups,
 		Action:          iampolicy.PutObjectAction,
 		ConditionValues: getConditionValues(r, "", cred.AccessKey, cred.Claims),
 		BucketName:      bucket,