Allow console to recognize s3.Delete* (#3507)

2025-02-21 10:04:08 -08:00
parent f4a08fc0af
commit 9e0416f1ab
8 changed files with 44 additions and 21 deletions
--- a/2
+++ b/2
@@ -64,7 +64,7 @@ swagger-console:
 assets:
 	@(if [ -f "${NVM_DIR}/nvm.sh" ]; then \. "${NVM_DIR}/nvm.sh" && nvm install && nvm use && npm install -g yarn ; fi &&\
-	  cd web-app; corepack enable; yarn install --prefer-offline; make build-static; yarn prettier --write . --loglevel warn; cd ..)
+	  cd web-app; corepack enable; yarn install --prefer-offline; make build-static; yarn prettier --write . --log-level warn; cd ..)
 test-integration:
 	@(docker stop pgsqlcontainer || true)
--- a/web-app/package.json
+++ b/web-app/package.json
@@ -96,7 +96,8 @@
    "semver": "^7.5.2",
    "ws": "^8.17.1",
    "rollup": "^4.24.0",
-    "cookie": "^0.7.2"
+    "cookie": "^0.7.2",
    "jspdf": "^3.0.0"
  },
  "main": "index.js",
  "packageManager": "yarn@4.4.0"
--- a/web-app/src/common/SecureComponent/tests/accessControl.test.ts
+++ b/web-app/src/common/SecureComponent/tests/accessControl.test.ts
@@ -176,7 +176,7 @@ test("Can delete an object inside a bucket prefix", () => {
        "xref_cust_guid_actd-v1.jpg",
        "test/digitalinsights/xref_cust_guid_actd-v1.jpg",
      ],
-      [IAM_SCOPES.S3_DELETE_OBJECT],
+      [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
    ),
  ).toBe(true);
 });
@@ -186,7 +186,7 @@ test("Can't delete an object inside a bucket prefix", () => {
  expect(
    hasPermission(
      ["xref_cust_guid_actd-v1.jpg", "test/xref_cust_guid_actd-v1.jpg"],
-      [IAM_SCOPES.S3_DELETE_OBJECT],
+      [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
    ),
  ).toBe(false);
 });
--- a/web-app/src/common/SecureComponent/permissions.ts
+++ b/web-app/src/common/SecureComponent/permissions.ts
@@ -30,6 +30,7 @@ export const IAM_SCOPES = {
  S3_PUT_OBJECT: "s3:PutObject",
  S3_GET_ACTIONS: "s3:Get*",
  S3_PUT_ACTIONS: "s3:Put*",
  S3_DELETE_ACTIONS: "s3:Delete*",
  S3_GET_OBJECT_LEGAL_HOLD: "s3:GetObjectLegalHold",
  S3_PUT_OBJECT_LEGAL_HOLD: "s3:PutObjectLegalHold",
  S3_DELETE_OBJECT: "s3:DeleteObject",
@@ -197,6 +198,7 @@ export const IAM_PERMISSIONS = {
    IAM_SCOPES.S3_PUT_OBJECT,
    IAM_SCOPES.S3_PUT_ACTIONS,
    IAM_SCOPES.S3_DELETE_OBJECT,
    IAM_SCOPES.S3_DELETE_ACTIONS,
  ],
  [IAM_ROLES.BUCKET_VIEWER]: [
    IAM_SCOPES.S3_LIST_BUCKET,
--- a/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx
+++ b/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx
@@ -278,7 +278,7 @@ const ListObjects = () => {
  ]);
  const canDelete = hasPermission(
    [pathAsResourceInPolicy, ...sessionGrantWildCards],
-    [IAM_SCOPES.S3_DELETE_OBJECT],
+    [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
  );
  const canUpload =
    hasPermission(
@@ -912,7 +912,7 @@ const ListObjects = () => {
      tooltip: canDelete
        ? "Delete Selected Files"
        : permissionTooltipHelper(
-            [IAM_SCOPES.S3_DELETE_OBJECT],
+            [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
            "delete objects in this bucket",
          ),
    },
--- a/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
+++ b/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
@@ -352,7 +352,7 @@ const ObjectDetailPanel = ({
  ]);
  const canDelete = hasPermission(
    [bucketName, currentItem, [bucketName, actualInfo.name].join("/")],
-    [IAM_SCOPES.S3_DELETE_OBJECT],
+    [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
  );
  let objectType: AllowedPreviews = previewObjectType(metaData, currentItem);
@@ -649,7 +649,7 @@ const ObjectDetailPanel = ({
              canDelete
                ? ""
                : permissionTooltipHelper(
-                    [IAM_SCOPES.S3_DELETE_OBJECT],
+                    [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
                    "delete this object",
                  )
            }
@@ -665,7 +665,10 @@ const ObjectDetailPanel = ({
                  currentItem,
                  [bucketName, actualInfo.name].join("/"),
                ]}
-                scopes={[IAM_SCOPES.S3_DELETE_OBJECT]}
+                scopes={[
                  IAM_SCOPES.S3_DELETE_OBJECT,
                  IAM_SCOPES.S3_DELETE_ACTIONS,
                ]}
                errorProps={{ disabled: true }}
              >
                <Button
--- a/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ObjectDetails/TagsModal.tsx
+++ b/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ObjectDetails/TagsModal.tsx
@@ -232,7 +232,10 @@ const AddTagModal = ({
                        return (
                          <SecureComponent
                            key={`chip-${index}`}
-                            scopes={[IAM_SCOPES.S3_DELETE_OBJECT_TAGGING]}
+                            scopes={[
                              IAM_SCOPES.S3_DELETE_OBJECT_TAGGING,
                              IAM_SCOPES.S3_DELETE_ACTIONS,
                            ]}
                            resource={bucketName}
                            errorProps={{
                              deleteIcon: null,
--- a/web-app/yarn.lock
+++ b/web-app/yarn.lock
@@ -1655,6 +1655,15 @@ __metadata:
  languageName: node
  linkType: hard
 "@babel/runtime@npm:^7.26.0":
  version: 7.26.9
  resolution: "@babel/runtime@npm:7.26.9"
  dependencies:
    regenerator-runtime: "npm:^0.14.0"
  checksum: 10c0/e8517131110a6ec3a7360881438b85060e49824e007f4a64b5dfa9192cf2bb5c01e84bfc109f02d822c7edb0db926928dd6b991e3ee460b483fb0fac43152d9b
  languageName: node
  linkType: hard
 "@babel/template@npm:^7.25.9, @babel/template@npm:^7.3.3":
  version: 7.25.9
  resolution: "@babel/template@npm:7.25.9"
@@ -3839,7 +3848,7 @@ __metadata:
  languageName: node
  linkType: hard
-"@types/trusted-types@npm:^2.0.2":
+"@types/trusted-types@npm:^2.0.2, @types/trusted-types@npm:^2.0.7":
  version: 2.0.7
  resolution: "@types/trusted-types@npm:2.0.7"
  checksum: 10c0/4c4855f10de7c6c135e0d32ce462419d8abbbc33713b31d294596c0cc34ae1fa6112a2f9da729c8f7a20707782b0d69da3b1f8df6645b0366d08825ca1522e0c
@@ -7142,10 +7151,15 @@ __metadata:
  languageName: node
  linkType: hard
-"dompurify@npm:^2.5.4":
+"dompurify@npm:^3.2.4":
-  version: 2.5.7
+  version: 3.2.4
-  resolution: "dompurify@npm:2.5.7"
+  resolution: "dompurify@npm:3.2.4"
-  checksum: 10c0/23c4f737182fcf3e731e458c3930ef4d2916191e4180e1e345f153124dfa7ec117d2810af1754e8854c581131fc75dac914a8391183d1511852ef32b4055f711
+  dependencies:
    "@types/trusted-types": "npm:^2.0.7"
  dependenciesMeta:
    "@types/trusted-types":
      optional: true
  checksum: 10c0/6be56810fb7ad2776155c8fc2967af5056783c030094362c7d0cf1ad13f2129cf922d8eefab528a34bdebfb98e2f44b306a983ab93aefb9d6f24c18a3d027a05
  languageName: node
  linkType: hard
@@ -11204,16 +11218,16 @@ __metadata:
  languageName: node
  linkType: hard
-"jspdf@npm:^2.3.1":
+"jspdf@npm:^3.0.0":
-  version: 2.5.2
+  version: 3.0.0
-  resolution: "jspdf@npm:2.5.2"
+  resolution: "jspdf@npm:3.0.0"
  dependencies:
-    "@babel/runtime": "npm:^7.23.2"
+    "@babel/runtime": "npm:^7.26.0"
    atob: "npm:^2.1.2"
    btoa: "npm:^1.2.1"
    canvg: "npm:^3.0.6"
    core-js: "npm:^3.6.0"
-    dompurify: "npm:^2.5.4"
+    dompurify: "npm:^3.2.4"
    fflate: "npm:^0.8.1"
    html2canvas: "npm:^1.0.0-rc.5"
  dependenciesMeta:
@@ -11225,7 +11239,7 @@ __metadata:
      optional: true
    html2canvas:
      optional: true
-  checksum: 10c0/0e715ba51fab41d7de85f76585a6a2b7d224f43e510993f17f071b608cf32f2107a66f3a04cbfb4d2e60b73dbd2a90f3092bcc70b9d30601cbc060caadc4d90a
+  checksum: 10c0/cf1422322ac72d3b38096143475cfe00549fdfc924dd4199ca6a3472138bcb9467176954b89bcc99287b42ff0278b6e67b7362709a8c1415354c4e33520c9fd6
  languageName: node
  linkType: hard