skip anonymous account in the IAM policy check

shirady · shirady · commit a1d02e4f8d2f · 2025-11-13T09:52:19.000+02:00
Signed-off-by: shirady &lt;57721533+shirady@users.noreply.github.com&gt;
diff --git a/src/endpoint/s3/s3_rest.js b/src/endpoint/s3/s3_rest.js
@@ -319,6 +319,10 @@ async function authorize_request_policy(req) {
 }
 
 async function authorize_request_iam_policy(req) {
+    const auth_token = req.object_sdk.get_auth_token();
+    const is_anon = !(auth_token && auth_token.access_key);
+    if (is_anon) return;
+
     const account = req.object_sdk.requesting_account;
     const is_iam_user = account.owner !== undefined;
     if (!is_iam_user) return;
