MCPcopy
hub / github.com/scality/cloudserver / validateBucket

Function validateBucket

lib/metadata/metadataUtils.js:213–247  ·  view source on GitHub ↗

* Validate that a bucket is accessible and authorized to the user, * return a specific error code otherwise * * @param {BucketInfo} bucket - bucket info * @param {object} params - function parameters * @param {AuthInfo} params.authInfo - AuthInfo class instance, requester's info * @param {stri

(bucket, params, log, actionImplicitDenies = {})

Source from the content-addressed store, hash-verified

211 * - AccessDenied: bucket is not authorized
212 */
213function validateBucket(bucket, params, log, actionImplicitDenies = {}) {
214 const { authInfo, preciseRequestType, request } = params;
215 let requestType = params.requestType;
216 if (bucketShield(bucket, requestType)) {
217 log.debug('bucket is shielded from request', {
218 requestType,
219 method: 'validateBucket',
220 });
221 return errors.NoSuchBucket;
222 }
223
224 const canonicalID = authInfo.getCanonicalID();
225 if (!Array.isArray(requestType)) {
226 requestType = [requestType];
227 }
228
229 // Skip checking bucket ownership if the requesting user is the rate limit service user
230 // and the requestType is Get/Put/DeleteBucketRateLimit.
231 if (requestType.every(type => rateLimitApiActions.includes(type))
232 && config.rateLimiting.enabled
233 && isRateLimitServiceUser(authInfo)
234 ) {
235 return null;
236 }
237
238 if (bucket.getOwner() !== canonicalID && requestType.some(type => onlyOwnerAllowed.includes(type))) {
239 return errors.MethodNotAllowed;
240 }
241 if (!isBucketAuthorized(bucket, (preciseRequestType || requestType), canonicalID,
242 authInfo, log, request, actionImplicitDenies)) {
243 log.debug('access denied for user on bucket', { requestType });
244 return errors.AccessDenied;
245 }
246 return null;
247}
248
249/**
250 * Check rate limiting if not already checked

Calls 5

bucketShieldFunction · 0.85
isRateLimitServiceUserFunction · 0.85
isBucketAuthorizedFunction · 0.85
debugMethod · 0.80
getOwnerMethod · 0.80

Tested by

no test coverage detected