gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

enable admin to access all buckets

Browse Source
This commit is contained in:
Chris Lu
2020-11-12 13:57:54 -08:00
parent 7094492428
commit e6333da65a
3 changed files with 41 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
weed/s3api/auth_credentials.go
View File

@@ -132,6 +132,9 @@ func (iam *IdentityAccessManagement) Auth(f http.HandlerFunc, action Action) htt
if errCode == s3err.ErrNone {
if identity != nil && identity.Name != "" {
r.Header.Set(xhttp.AmzIdentityId, identity.Name)
if identity.isAdmin() {
r.Header.Set(xhttp.AmzIsAdmin, "true")
}
}
f(w, r)
return
@@ -190,10 +193,8 @@ func (iam *IdentityAccessManagement) authRequest(r *http.Request, action Action)
}
func (identity *Identity) canDo(action Action, bucket string) bool {
for _, a := range identity.Actions {
if a == "Admin" {
return true
}
if identity.isAdmin() {
return true
}
for _, a := range identity.Actions {
if a == action {
@@ -211,3 +212,12 @@ func (identity *Identity) canDo(action Action, bucket string) bool {
}
return false
}
func (identity *Identity) isAdmin() bool {
for _, a := range identity.Actions {
if a == "Admin" {
return true
}
}
return false
}