Closed mikedarcy closed 7 years ago
Yeah, I can see this difference in enforcement in the code. I agree it seems like upload jobs should have same privilege level as synchronous updates. I think we were too conservative when we added this code. I think they have the same trust level as far as eventual effect on the object and in terms of resource consumption.
@mikedarcy I just pushed the small change to master. Please test and review.
Works fine, thanks.
When creating an upload job for an existing object, a 403 is returned unless the user is the object owner. Shouldn't this work for users that have write access to the object (or equivalent inherited permissions) as well?