Skip to content

Commit b22b07f

Browse files
committed
Check permissions before checking if key exists for consistency
1 parent fcd09bd commit b22b07f

File tree

1 file changed

+8
-8
lines changed

1 file changed

+8
-8
lines changed

blobstore/delete.go

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -206,7 +206,13 @@ func (bh *BlobHandler) HandleDeleteObjectsByList(c echo.Context) error {
206206
keys := make([]string, 0, len(deleteRequest.Keys))
207207
for _, p := range deleteRequest.Keys {
208208
s3Path := strings.TrimPrefix(p, "/")
209-
key := aws.String(s3Path)
209+
210+
httpCode, err := bh.CheckUserS3Permission(c, bucket, s3Path, []string{"write"})
211+
if err != nil {
212+
errMsg := fmt.Errorf("error while checking for user permission: %s", err)
213+
log.Error(errMsg.Error())
214+
return c.JSON(httpCode, errMsg.Error())
215+
}
210216

211217
// Check if the key exists before appending it to the keys list
212218
keyExists, err := s3Ctrl.KeyExists(bucket, s3Path)
@@ -221,13 +227,7 @@ func (bh *BlobHandler) HandleDeleteObjectsByList(c echo.Context) error {
221227
return c.JSON(http.StatusNotFound, errMsg.Error())
222228
}
223229

224-
httpCode, err := bh.CheckUserS3Permission(c, bucket, s3Path, []string{"write"})
225-
if err != nil {
226-
errMsg := fmt.Errorf("error while checking for user permission: %s", err)
227-
log.Error(errMsg.Error())
228-
return c.JSON(httpCode, errMsg.Error())
229-
}
230-
230+
key := aws.String(s3Path)
231231
keys = append(keys, *key)
232232
}
233233

0 commit comments

Comments
 (0)