s3tables: improve error handling and permission logic

- Update handleGetNamespace to distinguish between 404 and 500 errors - Refactor CanManagePolicy to use CheckPermission for consistent enforcement - Ensure empty identities are correctly handled in policy management checks
2026-01-28 11:39:28 -08:00
parent 6fc170c645
commit 1c0d37e15a
2 changed files with 6 additions and 3 deletions
--- a/weed/s3api/s3tables/permissions.go
+++ b/weed/s3api/s3tables/permissions.go
@@ -159,8 +159,7 @@ func CanListTables(principal, owner string) bool {

 // CanManagePolicy checks if principal can manage policies
 func CanManagePolicy(principal, owner string) bool {
-	// Policy management requires owner permissions
-	return principal == owner
+	return CheckPermission("ManagePolicy", principal, owner)
 }

 // CanManageTags checks if principal can manage tags