Add support for matching multiple resources in SecureComponent (#1536)
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
This commit is contained in:
Lenin Alevski
GitHub
@@ -19,7 +19,7 @@ import { store } from "../../store";
|
||||
import { hasAccessToResource } from "./permissions";
|
||||
|
||||
export const hasPermission = (
|
||||
resource: string | undefined,
|
||||
resource: string | string[] | undefined,
|
||||
scopes: string[],
|
||||
matchAll?: boolean,
|
||||
containsResource?: boolean
|
||||
@@ -29,17 +29,31 @@ export const hasPermission = (
|
||||
}
|
||||
const state = store.getState();
|
||||
const sessionGrants = state.console.session.permissions || {};
|
||||
const resourceGrants =
|
||||
sessionGrants[resource] ||
|
||||
sessionGrants[`arn:aws:s3:::${resource}/*`] ||
|
||||
[];
|
||||
|
||||
const globalGrants = sessionGrants["arn:aws:s3:::*"] || [];
|
||||
let resources: string[] = [];
|
||||
let resourceGrants: string[] = [];
|
||||
let containsResourceGrants: string[] = [];
|
||||
if (containsResource) {
|
||||
const matchResource = `arn:aws:s3:::${resource}`;
|
||||
for (const [key, value] of Object.entries(sessionGrants)) {
|
||||
if (key.includes(matchResource)) {
|
||||
containsResourceGrants = containsResourceGrants.concat(value);
|
||||
|
||||
if (Array.isArray(resource)) {
|
||||
resources = resources.concat(resource);
|
||||
} else {
|
||||
resources.push(resource);
|
||||
}
|
||||
for (let i = 0; i < resources.length; i++) {
|
||||
if (resources[i]) {
|
||||
resourceGrants = resourceGrants.concat(
|
||||
sessionGrants[resources[i]] ||
|
||||
sessionGrants[`arn:aws:s3:::${resources[i]}/*`] ||
|
||||
[]
|
||||
);
|
||||
if (containsResource) {
|
||||
const matchResource = `arn:aws:s3:::${resources[i]}`;
|
||||
for (const [key, value] of Object.entries(sessionGrants)) {
|
||||
if (key.includes(matchResource)) {
|
||||
containsResourceGrants = containsResourceGrants.concat(value);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -56,7 +70,7 @@ interface ISecureComponentProps {
|
||||
matchAll?: boolean;
|
||||
children: any;
|
||||
scopes: string[];
|
||||
resource: string;
|
||||
resource: string | string[];
|
||||
containsResource?: boolean;
|
||||
}
|
||||
|
||||
|
||||
@@ -176,7 +176,6 @@ const ListBuckets = ({
|
||||
|
||||
const renderItemLine = (index: number) => {
|
||||
const bucket = filteredRecords[index] || null;
|
||||
|
||||
if (bucket) {
|
||||
return (
|
||||
<BucketListItem
|
||||
@@ -188,10 +187,12 @@ const ListBuckets = ({
|
||||
/>
|
||||
);
|
||||
}
|
||||
|
||||
return null;
|
||||
};
|
||||
|
||||
const createBucketButtonResources: string[] =
|
||||
Array.from(Object.keys(session.permissions)) || [];
|
||||
|
||||
return (
|
||||
<Fragment>
|
||||
{deleteOpen && (
|
||||
@@ -263,7 +264,7 @@ const ListBuckets = ({
|
||||
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_CREATE_BUCKET]}
|
||||
resource={CONSOLE_UI_RESOURCE}
|
||||
resource={createBucketButtonResources}
|
||||
errorProps={{ disabled: true }}
|
||||
>
|
||||
<RBIconButton
|
||||
|
||||
@@ -218,6 +218,14 @@ const Console = ({
|
||||
{
|
||||
component: Buckets,
|
||||
path: IAM_PAGES.ADD_BUCKETS,
|
||||
customPermissionFnc: () => {
|
||||
const createBucketResources: string[] =
|
||||
Array.from(Object.keys(session.permissions)) || [];
|
||||
return hasPermission(
|
||||
createBucketResources,
|
||||
IAM_PAGES_PERMISSIONS[IAM_PAGES.ADD_BUCKETS]
|
||||
);
|
||||
},
|
||||
},
|
||||
{
|
||||
component: Buckets,
|
||||
|
||||
Reference in New Issue
Block a user