Skip to content

Commit

Permalink
fail fast on DENY by permission_by_id
Browse files Browse the repository at this point in the history 
Signed-off-by: shirady <[email protected]>
  • Loading branch information
@shirady
shirady committed Jan 15, 2025
1 parent fbd99a4 commit f11e531
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/endpoint/s3/s3_rest.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -289,14 +289,14 @@ async function authorize_request_policy(req) {
s3_policy, account_identifier_id, method, arn_path, req);
dbg.log3('authorize_request_policy: permission_by_id', permission_by_id);
}
if (permission_by_id === "DENY") throw new S3Error(S3Error.AccessDenied);

if ((!account_identifier_id || permission_by_id !== "DENY") && account.owner === undefined) {
permission_by_name = await s3_bucket_policy_utils.has_bucket_policy_permission(
s3_policy, account_identifier_name, method, arn_path, req);
dbg.log3('authorize_request_policy: permission_by_name', permission_by_name);
}

if (permission_by_id === "DENY" || permission_by_name === "DENY") throw new S3Error(S3Error.AccessDenied);
if (permission_by_name === "DENY") throw new S3Error(S3Error.AccessDenied);
if ((permission_by_id === "ALLOW" || permission_by_name === "ALLOW") || is_owner) return;

throw new S3Error(S3Error.AccessDenied);
Expand Down

0 comments on commit f11e531

Please sign in to comment.