[#xxx] Check owner ID before deleting bucket
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
This commit is contained in:
parent
424038de6c
commit
2a31616577
4 changed files with 23 additions and 1 deletions
|
@ -191,6 +191,7 @@ func TestDeleteBucketWithPolicy(t *testing.T) {
|
|||
require.Len(t, hc.h.ape.(*apeMock).policyMap, 1)
|
||||
require.Len(t, hc.h.ape.(*apeMock).chainMap[engine.ContainerTarget(bi.CID.EncodeToString())], 4)
|
||||
|
||||
hc.owner = bi.Owner
|
||||
deleteBucket(t, hc, bktName, http.StatusNoContent)
|
||||
|
||||
require.Empty(t, hc.h.ape.(*apeMock).policyMap)
|
||||
|
|
|
@ -244,6 +244,11 @@ func (h *handler) DeleteBucketHandler(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
if reqInfo.User != bktInfo.Owner.String() {
|
||||
h.logAndSendError(w, "request owner id does not match bucket owner id", reqInfo, errors.GetAPIError(errors.ErrAccessDenied))
|
||||
return
|
||||
}
|
||||
|
||||
var sessionToken *session.Container
|
||||
|
||||
boxData, err := middleware.GetBoxData(r.Context())
|
||||
|
|
|
@ -37,6 +37,7 @@ func TestDeleteBucketOnAlreadyRemovedError(t *testing.T) {
|
|||
|
||||
deleteObjects(t, hc, bktName, [][2]string{{objName, emptyVersion}})
|
||||
|
||||
hc.owner = bktInfo.Owner
|
||||
deleteBucket(t, hc, bktName, http.StatusNoContent)
|
||||
}
|
||||
|
||||
|
@ -53,11 +54,12 @@ func TestDeleteBucket(t *testing.T) {
|
|||
tc := prepareHandlerContext(t)
|
||||
|
||||
bktName, objName := "bucket-for-removal", "object-to-delete"
|
||||
_, objInfo := createVersionedBucketAndObject(t, tc, bktName, objName)
|
||||
bktInfo, objInfo := createVersionedBucketAndObject(t, tc, bktName, objName)
|
||||
|
||||
deleteMarkerVersion, isDeleteMarker := deleteObject(t, tc, bktName, objName, emptyVersion)
|
||||
require.True(t, isDeleteMarker)
|
||||
|
||||
tc.owner = bktInfo.Owner
|
||||
deleteBucket(t, tc, bktName, http.StatusConflict)
|
||||
deleteObject(t, tc, bktName, objName, objInfo.VersionID())
|
||||
deleteBucket(t, tc, bktName, http.StatusConflict)
|
||||
|
@ -82,6 +84,7 @@ func TestDeleteBucketOnNotFoundError(t *testing.T) {
|
|||
|
||||
deleteObjects(t, hc, bktName, [][2]string{{objName, emptyVersion}})
|
||||
|
||||
hc.owner = bktInfo.Owner
|
||||
deleteBucket(t, hc, bktName, http.StatusNoContent)
|
||||
}
|
||||
|
||||
|
@ -99,6 +102,7 @@ func TestForceDeleteBucket(t *testing.T) {
|
|||
addr.SetContainer(bktInfo.CID)
|
||||
addr.SetObject(nodeVersion.OID)
|
||||
|
||||
hc.owner = bktInfo.Owner
|
||||
deleteBucketForce(t, hc, bktName, http.StatusConflict, "false")
|
||||
deleteBucketForce(t, hc, bktName, http.StatusNoContent, "true")
|
||||
}
|
||||
|
@ -457,6 +461,17 @@ func TestDeleteObjectCheckMarkerReturn(t *testing.T) {
|
|||
require.Equal(t, deleteMarkerVersion, deleteMarkerVersion2)
|
||||
}
|
||||
|
||||
func TestDeleteBucketByNotOwner(t *testing.T) {
|
||||
hc := prepareHandlerContext(t)
|
||||
|
||||
bktName := "bucket-name"
|
||||
bktInfo := createTestBucket(hc, bktName)
|
||||
deleteBucket(t, hc, bktName, http.StatusForbidden)
|
||||
|
||||
hc.owner = bktInfo.Owner
|
||||
deleteBucket(t, hc, bktName, http.StatusNoContent)
|
||||
}
|
||||
|
||||
func createBucketAndObject(tc *handlerContext, bktName, objName string) (*data.BucketInfo, *data.ObjectInfo) {
|
||||
bktInfo := createTestBucket(tc, bktName)
|
||||
|
||||
|
|
|
@ -462,6 +462,7 @@ func prepareTestRequestWithQuery(hc *handlerContext, bktName, objName string, qu
|
|||
r.URL.RawQuery = query.Encode()
|
||||
|
||||
reqInfo := middleware.NewReqInfo(w, r, middleware.ObjectRequest{Bucket: bktName, Object: objName}, "")
|
||||
reqInfo.User = hc.owner.String()
|
||||
r = r.WithContext(middleware.SetReqInfo(hc.Context(), reqInfo))
|
||||
|
||||
return w, r
|
||||
|
|
Loading…
Reference in a new issue