Skip to content

Commit

Permalink
Revert "bugfix: CLDSRV-282 fix regression from CLDSRV-280"
Browse files Browse the repository at this point in the history 
This reverts commit 0a432f2.
  • Loading branch information
@alexanderchan-scality
alexanderchan-scality committed Nov 29, 2022
1 parent 2175999 commit b01f836
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 101 deletions.
65 changes: 25 additions & 40 deletions lib/api/bucketPut.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,12 +124,7 @@ function _handleAuthResults(locationConstraint, log, cb) {
if (err) {
return cb(err);
}
if (!authorizationResults.every(res => {
if (Array.isArray(res)) {
return res.every(subRes => subRes.isAllowed);
}
return res.isAllowed;
})) {
if (!authorizationResults.every(res => res.isAllowed)) {
log.trace(
'authorization check failed for user',
{ locationConstraint },
Expand All @@ -145,36 +140,6 @@ function _isObjectLockEnabled(headers) {
return header !== undefined && header.toLowerCase() === 'true';
}

function authBucketPut(authParams, bucketName, locationConstraint, request, authInfo) {
const ip = requestUtils.getClientIp(request, config);
const baseParams = {
authParams,
ip,
bucketName,
request,
authInfo,
locationConstraint,
};
const requestConstantParams = [Object.assign(
baseParams,
{ apiMethod: 'bucketPut' },
)];

if (_isObjectLockEnabled(request.headers)) {
requestConstantParams.push(Object.assign(
{},
baseParams,
{ apiMethod: 'bucketPutObjectLock' },
));
requestConstantParams.push(Object.assign(
{},
baseParams,
{ apiMethod: 'bucketPutVersioning' },
));
}
return requestConstantParams;
}

/**
* PUT Service - Create bucket for the user
* @param {AuthInfo} authInfo - Instance of AuthInfo class with requester's info
Expand Down Expand Up @@ -211,9 +176,30 @@ function bucketPut(authInfo, request, log, callback) {
}

const authParams = auth.server.extractParams(request, log, 's3', request.query);
const requestConstantParams = authBucketPut(
authParams, bucketName, locationConstraint, request, authInfo
);
const ip = requestUtils.getClientIp(request, config);
const baseParams = {
authParams,
ip,
bucketName,
request,
authInfo,
locationConstraint,
};
const requestConstantParams = [Object.assign(
baseParams,
{ apiMethod: 'bucketPut' },
)];

if (!_isObjectLockEnabled(request.headers)) {
requestConstantParams.push(Object.assign(
baseParams,
{ apiMethod: 'bucketPutObjectLock' },
));
requestConstantParams.push(Object.assign(
baseParams,
{ apiMethod: 'bucketPutVersioning' },
));
}

return vault.checkPolicies(
requestConstantParams.map(_buildConstantParams),
Expand Down Expand Up @@ -244,5 +230,4 @@ module.exports = {
checkLocationConstraint,
bucketPut,
_handleAuthResults,
authBucketPut,
};
22 changes: 0 additions & 22 deletions tests/unit/api/bucketPut.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -410,28 +410,6 @@ describe('bucketPut API', () => {
],
calledWith: [null, constraint],
},
{
description: 'array of arrays allowed auth',
error: undefined,
results: [
{ isAllowed: true },
{ isAllowed: true },
[{ isAllowed: true }, { isAllowed: true }],
{ isAllowed: true },
],
calledWith: [null, constraint],
},
{
description: 'array of arrays not allowed auth',
error: undefined,
results: [
{ isAllowed: true },
{ isAllowed: true },
[{ isAllowed: true }, { isAllowed: false }],
{ isAllowed: true },
],
calledWith: [errors.AccessDenied],
},
{
description: 'single not allowed auth',
error: undefined,
Expand Down
39 changes: 0 additions & 39 deletions tests/unit/policies.js
View file

This file was deleted.

0 comments on commit b01f836

Please sign in to comment.