diff --git a/src/storage/object.ts b/src/storage/object.ts index a27780da..4a8eef3e 100644 --- a/src/storage/object.ts +++ b/src/storage/object.ts @@ -361,7 +361,7 @@ export class ObjectStorage { await this.db.testPermission((db) => { return Promise.all([ db.findObject(this.bucketId, sourceObjectName, 'id'), - db.updateObject(this.bucketId, sourceObjectName, { + db.createObject({ name: destinationObjectName, version: newVersion, bucket_id: destinationBucket, diff --git a/src/storage/protocols/s3/s3-handler.ts b/src/storage/protocols/s3/s3-handler.ts index 73462836..e7b3919b 100644 --- a/src/storage/protocols/s3/s3-handler.ts +++ b/src/storage/protocols/s3/s3-handler.ts @@ -629,7 +629,7 @@ export class S3ProtocolHandler { } ) - await this.storage.db.insertUploadPart({ + await this.storage.db.asSuperUser().insertUploadPart({ upload_id: UploadId, version: multipart.version, part_number: PartNumber || 0, @@ -715,7 +715,25 @@ export class S3ProtocolHandler { throw ERRORS.InvalidUploadId() } - const multipart = await this.storage.db.findMultipartUpload(UploadId, 'id,version') + if (!Bucket) { + throw ERRORS.MissingParameter('Bucket') + } + + if (!Key) { + throw ERRORS.MissingParameter('Key') + } + + const multipart = await this.storage.db + .asSuperUser() + .findMultipartUpload(UploadId, 'id,version') + + const uploader = new Uploader(this.storage.backend, this.storage.db) + await uploader.canUpload({ + bucketId: Bucket, + objectName: Key, + owner: this.owner, + isUpsert: true, + }) await this.storage.backend.abortMultipartUpload( storageS3Bucket, @@ -989,7 +1007,7 @@ export class S3ProtocolHandler { const maxParts = Math.min(command.MaxParts || 1000, 1000) - let result = await this.storage.db.asSuperUser().listParts(command.UploadId, { + let result = await this.storage.db.listParts(command.UploadId, { afterPart: command.PartNumberMarker, maxParts: maxParts + 1, }) @@ -1103,8 +1121,8 @@ export class S3ProtocolHandler { const uploader = new Uploader(this.storage.backend, this.storage.db) await uploader.canUpload({ - bucketId: Bucket as string, - objectName: Key as string, + bucketId: Bucket, + objectName: Key, owner: this.owner, isUpsert: true, }) @@ -1133,7 +1151,7 @@ export class S3ProtocolHandler { rangeBytes ) - await this.storage.db.insertUploadPart({ + await this.storage.db.asSuperUser().insertUploadPart({ upload_id: UploadId, version: multipart.version, part_number: PartNumber, diff --git a/src/test/rls_tests.yaml b/src/test/rls_tests.yaml index 150c43a7..20516705 100644 --- a/src/test/rls_tests.yaml +++ b/src/test/rls_tests.yaml @@ -398,7 +398,7 @@ tests: - description: 'Will only able to move objects when authenticated' policies: - read_only_all_objects - - update_only_all_objects + - insert_only_all_objects asserts: - operation: bucket.get status: 400 @@ -408,9 +408,12 @@ tests: status: 400 error: 'new row violates row-level security policy' - - operation: upload + - operation: bucket.delete status: 400 - error: 'new row violates row-level security policy' + error: 'Bucket not found' + + - operation: upload + status: 200 - operation: upload.upsert status: 400 @@ -419,8 +422,6 @@ tests: - operation: upload bucketName: 'bucket_to_move_{{runId}}' objectName: 'object_to_move_{{runId}}.txt' - policies: - - insert_only_all_objects status: 200 - operation: object.move @@ -431,10 +432,6 @@ tests: - operation: object.delete status: 400 - - operation: bucket.delete - status: 400 - error: 'Bucket not found' - - description: 'Will only able to copy owned objects when authenticated' policies: - read_only_all_objects