feat:Permission verification for deleting versions #1341
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5a8fe13 to
0de0238
Compare
Contributor
Author
|
#1299 @loverustfs please check it |
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request implements permission verification for deleting object versions in the RustFS S3-compatible storage system. The changes add fine-grained authorization checks that ensure users have appropriate permissions before deleting objects or specific object versions.
Key Changes:
- Added per-object authorization checks in the
delete_objectsoperation to verify permissions before deleting each object - Updated the
delete_objectsaccess control method to perform authorization instead of allowing all requests by default - Enhanced the
ReqInfostruct with Debug trait for better debugging capabilities
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
rustfs/src/storage/ecfs.rs |
Added per-object authorization loop that checks DeleteObjectAction permissions for each object being deleted, including version-specific permission checks when version IDs are present |
rustfs/src/storage/access.rs |
Modified delete_objects access control method to call authorize_request and added Debug trait to ReqInfo struct for improved debugging |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: GatewayJ <835269233@qq.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
houseme
added a commit
that referenced
this pull request
Jan 3, 2026
…-proxies * 'main' of github.com:rustfs/rustfs: Add workflow to mark stale issues automatically fix: remove nginx-ingress default body size limit (#1335) feat:Permission verification for deleting versions (#1341) chore: upgrade GitHub Actions artifact actions (#1339) chore: replace native-tls with pure rustls for FTPS/SFTP e2e tests (#1334) chore: upgrade dependencies and migrate to aws-lc-rs (#1333) fix: s3 list object versions next marker (#1328) fix(tagging): fix e2e test_object_tagging failure (#1327) Feat/ftps&sftp (#1308) # Conflicts: # Cargo.lock # Cargo.toml # crates/config/src/constants/mod.rs # crates/config/src/lib.rs # rustfs/Cargo.toml
houseme
added a commit
that referenced
this pull request
Jan 7, 2026
* 'main' of github.com:rustfs/rustfs: fix:correct RemoteAddr extension type to enable IP-based policy evaluation (#1356) Add workflow to mark stale issues automatically fix: remove nginx-ingress default body size limit (#1335) feat:Permission verification for deleting versions (#1341) chore: upgrade GitHub Actions artifact actions (#1339) chore: replace native-tls with pure rustls for FTPS/SFTP e2e tests (#1334) chore: upgrade dependencies and migrate to aws-lc-rs (#1333) fix: s3 list object versions next marker (#1328) fix(tagging): fix e2e test_object_tagging failure (#1327) Feat/ftps&sftp (#1308) fix(iam): preserve decrypt-failed credentials instead of deleting them (#1312) Restore globals and add unified TLS/mTLS loading from RUSTFS_TLS_PATH (#1309) fix: correctly handle aws:SourceIp in policy evaluation (#1301) (#1306) Add trendshift feat: add local s3-tests script with configurable options and improvements (#1300)
reatang
pushed a commit
that referenced
this pull request
Jan 11, 2026
Signed-off-by: GatewayJ <835269233@qq.com> Co-authored-by: loverustfs <hello@rustfs.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Type of Change
Related Issues
Summary of Changes
Checklist
make pre-commitImpact
Additional Notes
Thank you for your contribution! Please ensure your PR follows the community standards (CODE_OF_CONDUCT.md) and sign the CLA if this is your first contribution.