From e1a33deabf4222f53a88d318e7912db5f681dae2 Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@harshavardhana.net>
Date: Fri, 13 Nov 2015 20:07:39 -0800
Subject: [PATCH] acl: Handle readonly buckets properly

---
 bucket-handlers.go | 6 ++----
 object-handlers.go | 4 ++--
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/bucket-handlers.go b/bucket-handlers.go
index 29e17b6eb..8a9eb003a 100644
--- a/bucket-handlers.go
+++ b/bucket-handlers.go
@@ -41,10 +41,8 @@ func (api CloudStorageAPI) ListMultipartUploadsHandler(w http.ResponseWriter, re
 
 	if !api.Anonymous {
 		if isRequestRequiresACLCheck(req) {
-			if api.Filesystem.IsPrivateBucket(bucket) {
-				writeErrorResponse(w, req, AccessDenied, req.URL.Path)
-				return
-			}
+			writeErrorResponse(w, req, AccessDenied, req.URL.Path)
+			return
 		}
 	}
 
diff --git a/object-handlers.go b/object-handlers.go
index 6ac8fde0f..1bec39ad1 100644
--- a/object-handlers.go
+++ b/object-handlers.go
@@ -127,7 +127,7 @@ func (api CloudStorageAPI) PutObjectHandler(w http.ResponseWriter, req *http.Req
 
 	if !api.Anonymous {
 		if isRequestRequiresACLCheck(req) {
-			if api.Filesystem.IsPrivateBucket(bucket) {
+			if api.Filesystem.IsPrivateBucket(bucket) || api.Filesystem.IsReadOnlyBucket(bucket) {
 				writeErrorResponse(w, req, AccessDenied, req.URL.Path)
 				return
 			}
@@ -512,7 +512,7 @@ func (api CloudStorageAPI) DeleteObjectHandler(w http.ResponseWriter, req *http.
 
 	if !api.Anonymous {
 		if isRequestRequiresACLCheck(req) {
-			if api.Filesystem.IsPrivateBucket(bucket) {
+			if api.Filesystem.IsPrivateBucket(bucket) || api.Filesystem.IsReadOnlyBucket(bucket) {
 				writeErrorResponse(w, req, AccessDenied, req.URL.Path)
 				return
 			}