|
|
|
@ -690,6 +690,17 @@ next: |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
if authErr == errNoAuthToken { |
|
|
|
|
// Check if object is allowed to be deleted anonymously
|
|
|
|
|
if !globalPolicySys.IsAllowed(policy.Args{ |
|
|
|
|
Action: policy.DeleteObjectAction, |
|
|
|
|
BucketName: args.BucketName, |
|
|
|
|
ConditionValues: getConditionValues(r, "", "", nil), |
|
|
|
|
IsOwner: false, |
|
|
|
|
ObjectName: objectName, |
|
|
|
|
}) { |
|
|
|
|
return toJSONError(ctx, errAccessDenied) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// Check if object is allowed to be deleted anonymously
|
|
|
|
|
if globalPolicySys.IsAllowed(policy.Args{ |
|
|
|
|
Action: policy.BypassGovernanceRetentionAction, |
|
|
|
@ -710,6 +721,18 @@ next: |
|
|
|
|
continue |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if authErr == errNoAuthToken { |
|
|
|
|
// Check if object is allowed to be deleted anonymously
|
|
|
|
|
if !globalPolicySys.IsAllowed(policy.Args{ |
|
|
|
|
Action: iampolicy.DeleteObjectAction, |
|
|
|
|
BucketName: args.BucketName, |
|
|
|
|
ConditionValues: getConditionValues(r, "", "", nil), |
|
|
|
|
IsOwner: false, |
|
|
|
|
ObjectName: objectName, |
|
|
|
|
}) { |
|
|
|
|
return toJSONError(ctx, errAccessDenied) |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
if !globalIAMSys.IsAllowed(iampolicy.Args{ |
|
|
|
|
AccountName: claims.AccessKey, |
|
|
|
|
Action: iampolicy.DeleteObjectAction, |
|
|
|
@ -721,6 +744,7 @@ next: |
|
|
|
|
}) { |
|
|
|
|
return toJSONError(ctx, errAccessDenied) |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// For directories, list the contents recursively and remove.
|
|
|
|
|
marker := "" |
|
|
|
|