Properly enforce allow_create_bucket

2022-12-12 12:03:54 +01:00 · 2022-12-12 12:03:54 +01:00 · 2ac75018a1
commit 2ac75018a1
parent 980572a887
1 changed files with 9 additions and 0 deletions
--- a/src/api/s3/bucket.rs
+++ b/src/api/s3/bucket.rs
@ -161,6 +161,15 @@ pub async fn handle_create_bucket(
 			return Err(CommonError::BucketAlreadyExists.into());
 		}
 	} else {
+		// Check user is allowed to create bucket
+		if !key_params.allow_create_bucket.get() {
+			return Err(CommonError::Forbidden(format!(
+				"Access key {} is not allowed to create buckets",
+				api_key.key_id
+			))
+			.into());
+		}
+
 		// Create the bucket!
 		if !is_valid_bucket_name(&bucket_name) {
 			return Err(Error::bad_request(format!(