CR improve log printing in case there is no IAM policy

Signed-off-by: shirady <57721533+shirady@users.noreply.github.com>

Author: shirady

src/endpoint/s3/s3_rest.js

@@ -343,10 +343,14 @@ async function authorize_request_iam_policy(req) {
 
     const resource_arn = _get_arn_from_req_path(req) || '*'; // special case for list all buckets in an account
     const method = _get_method_from_req(req);
+    const requesting_account = req.object_sdk.requesting_account;
     const iam_policies = account.iam_user_policies || [];
-    if (iam_policies.length === 0 && req.object_sdk.nsfs_config_root) return; // We do not have IAM policies in NC yet
+    if (iam_policies.length === 0) {
+        if (req.object_sdk.nsfs_config_root) return; // We do not have IAM policies in NC yet
+        dbg.log1('authorize_request_iam_policy: IAM user has no inline policies configured');
+        _throw_iam_access_denied_error_for_s3_operation(requesting_account, method, resource_arn);
+    }
 
-    const requesting_account = req.object_sdk.requesting_account;
     // parallel policy check
     const promises = [];
     for (const iam_policy of iam_policies) {
@@ -366,7 +370,7 @@ async function authorize_request_iam_policy(req) {
         }
     }
     if (has_allow_permission) return;
-    dbg.log1('authorize_request_iam_policy: user have inline policies but none of them matched the method');
+    dbg.log1('authorize_request_iam_policy: user has inline policies but none of them matched the method');
     _throw_iam_access_denied_error_for_s3_operation(requesting_account, method, resource_arn);
 }