forked from TrueCloudLab/frostfs-s3-gw
[#574] Produce deny records for private objects in put-object-acl
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
parent
66fe3fee7b
commit
d7f77ce874
1 changed files with 13 additions and 0 deletions
|
@ -1149,6 +1149,19 @@ func aclToAst(acl *AccessControlPolicy, resInfo *resourceInfo) (*ast, error) {
|
|||
ops = append(ops, writeOps...)
|
||||
}
|
||||
|
||||
// Expect to have at least 1 full control grant for owner which is set in
|
||||
// parseACLHeaders(). If there is no other grants, then user sets private
|
||||
// canned ACL, which is processed in this branch.
|
||||
if len(acl.AccessControlList) < 2 {
|
||||
for _, op := range ops {
|
||||
operation := &astOperation{
|
||||
Op: op,
|
||||
Action: eacl.ActionDeny,
|
||||
}
|
||||
resource.Operations = append(resource.Operations, operation)
|
||||
}
|
||||
}
|
||||
|
||||
for _, op := range ops {
|
||||
operation := &astOperation{
|
||||
Users: []string{acl.Owner.ID},
|
||||
|
|
Loading…
Reference in a new issue