gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

S3 Tables API now properly enforces resource policies

Browse Source 
addressing the critical security gap where policies were created but never evaluated.
This commit is contained in:
Chris Lu
2026-01-28 16:15:34 -08:00
parent e862888d2d
commit 2d556ac2a5
7 changed files with 362 additions and 171 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
weed/s3api/s3tables/handler_bucket_create.go
View File

@@ -16,7 +16,7 @@ func (h *S3TablesHandler) handleCreateTableBucket(w http.ResponseWriter, r *http
// Check permission
accountID := h.getAccountID(r)
principal := h.getPrincipalFromRequest(r)
if !CanCreateTableBucket(principal, accountID) {
if !CanCreateTableBucket(principal, accountID, "") {
h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to create table buckets")
return NewAuthError("CreateTableBucket", principal, "not authorized to create table buckets")
}