From 483d25c3f3f2c6c64c84a4ebba504a38c1e5d6f1 Mon Sep 17 00:00:00 2001 From: jinapurapu <65002498+jinapurapu@users.noreply.github.com> Date: Thu, 20 Oct 2022 18:40:23 -0700 Subject: [PATCH] Allow policy with "s3:*Object" to download using Console (#2396) --- .../src/common/SecureComponent/permissions.ts | 1 + .../Objects/ListObjects/ListObjects.tsx | 15 ++++++++++++--- .../Objects/ListObjects/ObjectDetailPanel.tsx | 2 +- .../Buckets/ListBuckets/UploadFilesButton.tsx | 3 ++- 4 files changed, 16 insertions(+), 5 deletions(-) diff --git a/portal-ui/src/common/SecureComponent/permissions.ts b/portal-ui/src/common/SecureComponent/permissions.ts index 30beb619f..7534eb83f 100644 --- a/portal-ui/src/common/SecureComponent/permissions.ts +++ b/portal-ui/src/common/SecureComponent/permissions.ts @@ -26,6 +26,7 @@ export const IAM_SCOPES = { S3_GET_BUCKET_POLICY: "s3:GetBucketPolicy", S3_PUT_BUCKET_POLICY: "s3:PutBucketPolicy", S3_GET_OBJECT: "s3:GetObject", + S3_STAR_OBJECT: "s3:*Object", S3_PUT_OBJECT: "s3:PutObject", S3_GET_OBJECT_LEGAL_HOLD: "s3:GetObjectLegalHold", S3_PUT_OBJECT_LEGAL_HOLD: "s3:PutObjectLegalHold", diff --git a/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx b/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx index ea6b9a8cc..ac7804420 100644 --- a/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx +++ b/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx @@ -1236,9 +1236,18 @@ const ListObjects = () => { uploadPath = uploadPath.concat(currentPath); } - const canDownload = hasPermission(bucketName, [IAM_SCOPES.S3_GET_OBJECT]); - const canDelete = hasPermission(bucketName, [IAM_SCOPES.S3_DELETE_OBJECT]); - const canUpload = hasPermission(uploadPath, [IAM_SCOPES.S3_PUT_OBJECT]); + const canDownload = hasPermission(bucketName, [ + IAM_SCOPES.S3_GET_OBJECT, + IAM_SCOPES.S3_STAR_OBJECT, + ]); + const canDelete = hasPermission(bucketName, [ + IAM_SCOPES.S3_DELETE_OBJECT, + IAM_SCOPES.S3_STAR_OBJECT, + ]); + const canUpload = hasPermission(uploadPath, [ + IAM_SCOPES.S3_PUT_OBJECT, + IAM_SCOPES.S3_STAR_OBJECT, + ]); const onClosePanel = (forceRefresh: boolean) => { dispatch(setSelectedObjectView(null)); diff --git a/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx b/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx index 74ab25b39..da92f960c 100644 --- a/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx +++ b/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx @@ -45,7 +45,6 @@ import { IAM_SCOPES, permissionTooltipHelper, } from "../../../../../../common/SecureComponent/permissions"; - import { AppState, useAppDispatch } from "../../../../../../store"; import { DeleteIcon, @@ -431,6 +430,7 @@ const ObjectDetailPanel = ({ ]); const canGetObject = hasPermission(objectResources, [ IAM_SCOPES.S3_GET_OBJECT, + IAM_SCOPES.S3_STAR_OBJECT, ]); const canDelete = hasPermission( [bucketName, currentItem, [bucketName, actualInfo.name].join("/")], diff --git a/portal-ui/src/screens/Console/Buckets/ListBuckets/UploadFilesButton.tsx b/portal-ui/src/screens/Console/Buckets/ListBuckets/UploadFilesButton.tsx index 580fe2e84..233048ee2 100644 --- a/portal-ui/src/screens/Console/Buckets/ListBuckets/UploadFilesButton.tsx +++ b/portal-ui/src/screens/Console/Buckets/ListBuckets/UploadFilesButton.tsx @@ -69,10 +69,11 @@ const UploadFilesButton = ({ const uploadObjectAllowed = hasPermission(uploadPath, [ IAM_SCOPES.S3_PUT_OBJECT, + IAM_SCOPES.S3_STAR_OBJECT, ]); const uploadFolderAllowed = hasPermission( bucketName, - [IAM_SCOPES.S3_PUT_OBJECT], + [IAM_SCOPES.S3_PUT_OBJECT, IAM_SCOPES.S3_STAR_OBJECT], false, true );