diff options
author | Alex Auvolat <alex@adnab.me> | 2022-12-12 12:03:54 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-12-12 12:03:54 +0100 |
commit | 2ac75018a14a22b61cfc68bc66b4f82a981a4838 (patch) | |
tree | e9a5ad8bc35ecde97ab1d44c1271a87e2f48f6f9 | |
parent | 980572a8872c56ea9572ff03579ebb9a65013775 (diff) | |
download | garage-2ac75018a14a22b61cfc68bc66b4f82a981a4838.tar.gz garage-2ac75018a14a22b61cfc68bc66b4f82a981a4838.zip |
Properly enforce allow_create_bucketfix-allow-create-bucket
-rw-r--r-- | src/api/s3/bucket.rs | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/api/s3/bucket.rs b/src/api/s3/bucket.rs index 3ac6a6ec..8471385f 100644 --- a/src/api/s3/bucket.rs +++ b/src/api/s3/bucket.rs @@ -161,6 +161,15 @@ pub async fn handle_create_bucket( return Err(CommonError::BucketAlreadyExists.into()); } } else { + // Check user is allowed to create bucket + if !key_params.allow_create_bucket.get() { + return Err(CommonError::Forbidden(format!( + "Access key {} is not allowed to create buckets", + api_key.key_id + )) + .into()); + } + // Create the bucket! if !is_valid_bucket_name(&bucket_name) { return Err(Error::bad_request(format!( |