From 4c54ed8748632f907cb2b985c643e8665eff76e6 Mon Sep 17 00:00:00 2001
From: poornas <poornas@users.noreply.github.com>
Date: Tue, 22 Sep 2020 12:47:24 -0700
Subject: [PATCH] Close replica channel only once (#10542)

Also enforce s3:GetReplicationConfiguration permission check as a
bucket level resource.
---
 cmd/bucket-replication.go | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/cmd/bucket-replication.go b/cmd/bucket-replication.go
index 509ae62b5..33a193a2b 100644
--- a/cmd/bucket-replication.go
+++ b/cmd/bucket-replication.go
@@ -87,7 +87,7 @@ func mustReplicateWeb(ctx context.Context, r *http.Request, bucket, object strin
 
 // mustReplicate returns true if object meets replication criteria.
 func mustReplicate(ctx context.Context, r *http.Request, bucket, object string, meta map[string]string, replStatus string) bool {
-	if s3Err := isPutActionAllowed(getRequestAuthType(r), bucket, object, r, iampolicy.GetReplicationConfigurationAction); s3Err != ErrNone {
+	if s3Err := isPutActionAllowed(getRequestAuthType(r), bucket, "", r, iampolicy.GetReplicationConfigurationAction); s3Err != ErrNone {
 		return false
 	}
 	return mustReplicater(ctx, r, bucket, object, meta, replStatus)
@@ -304,9 +304,14 @@ var (
 )
 
 func newReplicationState() *replicationState {
-	return &replicationState{
+	rs := &replicationState{
 		replicaCh: make(chan ObjectInfo, globalReplicationConcurrent*2),
 	}
+	go func() {
+		<-GlobalContext.Done()
+		close(rs.replicaCh)
+	}()
+	return rs
 }
 
 // addWorker creates a new worker to process tasks
@@ -316,7 +321,6 @@ func (r *replicationState) addWorker(ctx context.Context, objectAPI ObjectLayer)
 		for {
 			select {
 			case <-ctx.Done():
-				close(r.replicaCh)
 				return
 			case oi, ok := <-r.replicaCh:
 				if !ok {