Allow policy with "s3:*Object" to download using Console (#2396)

2022-10-20 18:40:23 -07:00
parent dab4eb7664
commit 483d25c3f3
4 changed files with 16 additions and 5 deletions
--- a/portal-ui/src/common/SecureComponent/permissions.ts
+++ b/portal-ui/src/common/SecureComponent/permissions.ts
@@ -26,6 +26,7 @@ export const IAM_SCOPES = {
  S3_GET_BUCKET_POLICY: "s3:GetBucketPolicy",
  S3_PUT_BUCKET_POLICY: "s3:PutBucketPolicy",
  S3_GET_OBJECT: "s3:GetObject",
+  S3_STAR_OBJECT: "s3:*Object",
  S3_PUT_OBJECT: "s3:PutObject",
  S3_GET_OBJECT_LEGAL_HOLD: "s3:GetObjectLegalHold",
  S3_PUT_OBJECT_LEGAL_HOLD: "s3:PutObjectLegalHold",
--- a/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx
+++ b/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx
@@ -1236,9 +1236,18 @@ const ListObjects = () => {
    uploadPath = uploadPath.concat(currentPath);
  }

-  const canDownload = hasPermission(bucketName, [IAM_SCOPES.S3_GET_OBJECT]);
-  const canDelete = hasPermission(bucketName, [IAM_SCOPES.S3_DELETE_OBJECT]);
-  const canUpload = hasPermission(uploadPath, [IAM_SCOPES.S3_PUT_OBJECT]);
+  const canDownload = hasPermission(bucketName, [
+    IAM_SCOPES.S3_GET_OBJECT,
+    IAM_SCOPES.S3_STAR_OBJECT,
+  ]);
+  const canDelete = hasPermission(bucketName, [
+    IAM_SCOPES.S3_DELETE_OBJECT,
+    IAM_SCOPES.S3_STAR_OBJECT,
+  ]);
+  const canUpload = hasPermission(uploadPath, [
+    IAM_SCOPES.S3_PUT_OBJECT,
+    IAM_SCOPES.S3_STAR_OBJECT,
+  ]);

  const onClosePanel = (forceRefresh: boolean) => {
    dispatch(setSelectedObjectView(null));
--- a/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
+++ b/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
@@ -45,7 +45,6 @@ import {
  IAM_SCOPES,
  permissionTooltipHelper,
 } from "../../../../../../common/SecureComponent/permissions";
-
 import { AppState, useAppDispatch } from "../../../../../../store";
 import {
  DeleteIcon,
@@ -431,6 +430,7 @@ const ObjectDetailPanel = ({
  ]);
  const canGetObject = hasPermission(objectResources, [
    IAM_SCOPES.S3_GET_OBJECT,
+    IAM_SCOPES.S3_STAR_OBJECT,
  ]);
  const canDelete = hasPermission(
    [bucketName, currentItem, [bucketName, actualInfo.name].join("/")],
--- a/portal-ui/src/screens/Console/Buckets/ListBuckets/UploadFilesButton.tsx
+++ b/portal-ui/src/screens/Console/Buckets/ListBuckets/UploadFilesButton.tsx
@@ -69,10 +69,11 @@ const UploadFilesButton = ({

  const uploadObjectAllowed = hasPermission(uploadPath, [
    IAM_SCOPES.S3_PUT_OBJECT,
+    IAM_SCOPES.S3_STAR_OBJECT,
  ]);
  const uploadFolderAllowed = hasPermission(
    bucketName,
-    [IAM_SCOPES.S3_PUT_OBJECT],
+    [IAM_SCOPES.S3_PUT_OBJECT, IAM_SCOPES.S3_STAR_OBJECT],
    false,
    true
  );