mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Validate requests to logSearchApi endpoint (#1375)

Browse Source 
- Previously any user with a validate session in console could query the
  `/api/v1/logs/search` endpoint which was not ideal, now we are
  limiting that to users with the `admin:OBDInfo` iam action
- Removing deprecated `has-permission` endpoint and backend code

Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
This commit is contained in:
Lenin Alevski
2022-01-11 13:08:30 -06:00
committed by GitHub
parent c90094e328
commit 5ee3ef4fe4
15 changed files with 29 additions and 1167 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
restapi/user_session.go
View File

@@ -148,10 +148,9 @@ func getSessionResponse(session *models.Principal) (*models.SessionResponse, *mo
}
defaultActions := policy.IsAllowedActions("", "", conditionValues)
consoleResourceName := "console-ui"
permissions := map[string]minioIAMPolicy.ActionSet{
consoleResourceName: defaultActions,
ConsoleResourceName: defaultActions,
}
deniedActions := map[string]minioIAMPolicy.ActionSet{}
for _, statement := range policy.Statements {