Merge pull request 'don't modify postobject request before validating policy' (#850) from trinity-1686a/garage:fix-acl-postobject into main

Reviewed-on: Deuxfleurs/garage#850

src/api/s3/post_object.rs

@@ -71,14 +71,6 @@ pub async fn handle_post_object(
 		}
 
 		if let Ok(content) = HeaderValue::from_str(&field.text().await?) {
-			match name.as_str() {
-				"tag" => (/* tag need to be reencoded, but we don't support them yet anyway */),
-				"acl" => {
-					if params.insert("x-amz-acl", content).is_some() {
-						return Err(Error::bad_request("Field 'acl' provided more than once"));
-					}
-				}
-				_ => {
 			if params.insert(&name, content).is_some() {
 				return Err(Error::bad_request(format!(
 					"Field '{}' provided more than once",
@@ -86,8 +78,6 @@ pub async fn handle_post_object(
 				)));
 			}
 		}
-			}
-		}
 	};
 
 	// Current part is file. Do some checks before handling to PutObject code
@@ -222,6 +212,8 @@ pub async fn handle_post_object(
 		)));
 	}
 
+	// if we ever start supporting ACLs, we likely want to map "acl" to x-amz-acl" somewhere
+	// arround here to make sure the rest of the machinery takes our acl into account.
 	let headers = get_headers(&params)?;
 
 	let expected_checksums = ExpectedChecksums {