fix: only admin auth can delete S3 bucket (#5312)

2024-05-18 01:10:34 +02:00 · 2024-02-19 16:38:05 +08:00 · 2024-02-19 16:38:05 +08:00 · f037c09c11
parent 6181aa7594
commit f037c09c11
1 changed files with 1 additions and 1 deletions
--- a/weed/s3api/s3api_server.go
+++ b/weed/s3api/s3api_server.go
@ -278,7 +278,7 @@ func (s3a *S3ApiServer) registerRouter(router *mux.Router) {
 		// PutBucket
 		bucket.Methods("PUT").HandlerFunc(track(s3a.PutBucketHandler, "PUT"))
 		// DeleteBucket
-		bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketHandler, ACTION_WRITE)), "DELETE"))
+		bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketHandler, ACTION_ADMIN)), "DELETE"))

 		// ListObjectsV1 (Legacy)
 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.ListObjectsV1Handler, ACTION_LIST)), "LIST"))