From 882a1a1ccc45d10d9ec1084aa2b1a737ab6d95e8 Mon Sep 17 00:00:00 2001
From: ebozduman <ersan.bozduman@gmail.com>
Date: Fri, 31 Aug 2018 13:20:27 -0700
Subject: [PATCH] Stops listing objects for write-only access (#6396)

---
 cmd/web-handlers.go | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/cmd/web-handlers.go b/cmd/web-handlers.go
index 324e932cb..aedf659bc 100644
--- a/cmd/web-handlers.go
+++ b/cmd/web-handlers.go
@@ -328,12 +328,16 @@ func (web *webAPIHandlers) ListObjects(r *http.Request, args *ListObjectsArgs, r
 			return toJSONError(authErr)
 		}
 
-		// Error out anonymous (non-owner) has no access download or upload objects.
-		if !readable && !writable {
-			return errAuthentication
+		reply.Writable = writable
+		if !readable {
+			// Error out if anonymous user (non-owner) has no access to download or upload objects
+			if !writable {
+				return errAuthentication
+			}
+			// return empty object list if access is write only
+			return nil
 		}
 
-		reply.Writable = writable
 	}
 
 	lo, err := listObjects(context.Background(), args.BucketName, args.Prefix, args.Marker, slashSeparator, 1000)