mirror of
https://github.com/minio/minio.git
synced 2024-12-24 22:25:54 -05:00
fix: do not deny admins to change other passwords
fixes a regression from #11680
This commit is contained in:
parent
879599b0cf
commit
f96d4cf7d3
@ -399,7 +399,7 @@ func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) {
|
|||||||
AccountName: parentUser,
|
AccountName: parentUser,
|
||||||
Action: iampolicy.CreateUserAdminAction,
|
Action: iampolicy.CreateUserAdminAction,
|
||||||
ConditionValues: getConditionValues(r, "", parentUser, claims),
|
ConditionValues: getConditionValues(r, "", parentUser, claims),
|
||||||
IsOwner: false,
|
IsOwner: owner,
|
||||||
Claims: claims,
|
Claims: claims,
|
||||||
}) {
|
}) {
|
||||||
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAccessDenied), r.URL)
|
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAccessDenied), r.URL)
|
||||||
@ -411,7 +411,7 @@ func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) {
|
|||||||
AccountName: accessKey,
|
AccountName: accessKey,
|
||||||
Action: iampolicy.CreateUserAdminAction,
|
Action: iampolicy.CreateUserAdminAction,
|
||||||
ConditionValues: getConditionValues(r, "", accessKey, claims),
|
ConditionValues: getConditionValues(r, "", accessKey, claims),
|
||||||
IsOwner: false,
|
IsOwner: owner,
|
||||||
Claims: claims,
|
Claims: claims,
|
||||||
DenyOnly: true, // check if changing password is explicitly denied.
|
DenyOnly: true, // check if changing password is explicitly denied.
|
||||||
}) {
|
}) {
|
||||||
|
Loading…
Reference in New Issue
Block a user