processBucketPolicy fixup for objectDelete

Introduced by #5580 we now do send a requestContext with no specific resource instead of "null", which results in a policy evaluation error. As we get an implicit deny for the requestType "objectDelete", cause the processed result to be false , thus sending an empty array of objects to vault , resulting in a deny even when the policy allows the action on specific objects. Linked Issue : https://scality.atlassian.net/browse/CLDSRV-555
scality · Jul 15, 2024 · dbf5332 · dbf5332
1 parent a7e798f
commit dbf5332
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/api/multiObjectDelete.js b/lib/api/multiObjectDelete.js
@@ -509,7 +509,7 @@ function multiObjectDelete(authInfo, request, log, callback) {
                     return next(errors.NoSuchBucket);
                 }
                 if (!isBucketAuthorized(bucketMD, 'objectDelete', canonicalID, authInfo, log, request,
-                    request.actionImplicitDenies)) {
+                    false)) {
                     log.trace("access denied due to bucket acl's");
                     // if access denied at the bucket level, no access for
                     // any of the objects so all results will be error results