fix: change password is implicit (#861)

Also only match actions do not need to match dynamic values in resources. fixes https://github.com/minio/console/issues/857 fixes https://github.com/minio/console/issues/858
2021-07-10 12:11:11 -07:00
parent 373d576e54
commit 445c0be5b1
4 changed files with 14 additions and 16 deletions
--- a/pkg/acl/endpoints.go
+++ b/pkg/acl/endpoints.go
@@ -178,12 +178,8 @@ var serviceAccountsActionSet = ConfigurationActionSet{

 // changePasswordActionSet requires admin:CreateUser policy permission
 var changePasswordActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(
-		iampolicy.AllAdminActions,
-	),
-	actions: iampolicy.NewActionSet(
-		iampolicy.CreateUserAdminAction,
-	),
+	actionTypes: iampolicy.NewActionSet(),
+	actions:     iampolicy.NewActionSet(),
 }

 // tenantsActionSet temporally no actions needed for tenants sections to work
--- a/pkg/acl/endpoints_test.go
+++ b/pkg/acl/endpoints_test.go
@@ -1,4 +1,4 @@
-// This file is part of MinIO Orchestrator
+// This file is part of MinIO Console Server
 // Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
@@ -50,7 +50,7 @@ func TestGetAuthorizedEndpoints(t *testing.T) {
 			args: args{
 				[]string{"admin:ServerInfo"},
 			},
-			want: 6,
+			want: 7,
 		},
 		{
 			name: "policies endpoint",
@@ -63,7 +63,7 @@ func TestGetAuthorizedEndpoints(t *testing.T) {
 					"admin:ListUserPolicies",
 				},
 			},
-			want: 7,
+			want: 8,
 		},
 		{
 			name: "all admin endpoints",
@@ -81,7 +81,7 @@ func TestGetAuthorizedEndpoints(t *testing.T) {
 					"s3:*",
 				},
 			},
-			want: 14,
+			want: 15,
 		},
 		{
 			name: "all admin and s3 endpoints",
@@ -98,7 +98,7 @@ func TestGetAuthorizedEndpoints(t *testing.T) {
 			args: args{
 				[]string{},
 			},
-			want: 5,
+			want: 6,
 		},
 	}