gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

s3tables: improve error handling and permission logic

Browse Source 
- Update handleGetNamespace to distinguish between 404 and 500 errors
- Refactor CanManagePolicy to use CheckPermission for consistent enforcement
- Ensure empty identities are correctly handled in policy management checks
This commit is contained in:
Chris Lu
2026-01-28 11:39:28 -08:00
parent 6fc170c645
commit 1c0d37e15a
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
weed/s3api/s3tables/handler_namespace.go
View File

@@ -167,7 +167,11 @@ func (h *S3TablesHandler) handleGetNamespace(w http.ResponseWriter, r *http.Requ
})
if err != nil {
h.writeError(w, http.StatusNotFound, ErrCodeNoSuchNamespace, fmt.Sprintf("namespace %s not found", flattenNamespace(req.Namespace)))
if errors.Is(err, filer_pb.ErrNotFound) {
h.writeError(w, http.StatusNotFound, ErrCodeNoSuchNamespace, fmt.Sprintf("namespace %s not found", flattenNamespace(req.Namespace)))
} else {
h.writeError(w, http.StatusInternalServerError, ErrCodeInternalError, fmt.Sprintf("failed to get namespace: %v", err))
}
return err
}

3
weed/s3api/s3tables/permissions.go
View File

@@ -159,8 +159,7 @@ func CanListTables(principal, owner string) bool {
// CanManagePolicy checks if principal can manage policies
func CanManagePolicy(principal, owner string) bool {
// Policy management requires owner permissions
return principal == owner
return CheckPermission("ManagePolicy", principal, owner)
}
// CanManageTags checks if principal can manage tags