From e375d822da0871dd79e2db707e7cf2ecfd98135c Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Thu, 22 Sep 2016 22:27:21 -0700 Subject: [PATCH] bucket: SetBucketPolicy should save a valid Version and validate. (#2762) --- cmd/web-handlers.go | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/cmd/web-handlers.go b/cmd/web-handlers.go index 2fbfa6ca2..d6e1a7161 100644 --- a/cmd/web-handlers.go +++ b/cmd/web-handlers.go @@ -539,7 +539,7 @@ func readBucketAccessPolicy(objAPI ObjectLayer, bucketName string) (policy.Bucke bucketPolicyReader, err := readBucketPolicyJSON(bucketName, objAPI) if err != nil { if _, ok := err.(BucketPolicyNotFound); ok { - return policy.BucketAccessPolicy{}, nil + return policy.BucketAccessPolicy{Version: "2012-10-17"}, nil } return policy.BucketAccessPolicy{}, err } @@ -599,8 +599,8 @@ func (web *webAPIHandlers) SetBucketPolicy(r *http.Request, args *SetBucketPolic return &json2.Error{Message: "Server not initialized"} } - bucketPolicy := policy.BucketPolicy(args.Policy) - if !bucketPolicy.IsValidBucketPolicy() { + bucketP := policy.BucketPolicy(args.Policy) + if !bucketP.IsValidBucketPolicy() { return &json2.Error{Message: "Invalid policy " + args.Policy} } @@ -608,20 +608,30 @@ func (web *webAPIHandlers) SetBucketPolicy(r *http.Request, args *SetBucketPolic if err != nil { return &json2.Error{Message: err.Error()} } - - policyInfo.Statements = policy.SetPolicy(policyInfo.Statements, bucketPolicy, args.BucketName, args.Prefix) - + policyInfo.Statements = policy.SetPolicy(policyInfo.Statements, bucketP, args.BucketName, args.Prefix) data, err := json.Marshal(policyInfo) if err != nil { return &json2.Error{Message: err.Error()} } + // Parse bucket policy. + var policy = &bucketPolicy{} + err = parseBucketPolicy(bytes.NewReader(data), policy) + if err != nil { + errorIf(err, "Unable to parse bucket policy.") + return &json2.Error{Message: err.Error()} + } + + // Parse check bucket policy. + if s3Error := checkBucketPolicyResources(args.BucketName, policy); s3Error != ErrNone { + return &json2.Error{Message: getAPIError(s3Error).Description} + } + // TODO: update policy statements according to bucket name, prefix and policy arguments. if err := writeBucketPolicy(args.BucketName, objectAPI, bytes.NewReader(data), int64(len(data))); err != nil { return &json2.Error{Message: err.Error()} } reply.UIVersion = miniobrowser.UIVersion - return nil }