mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support wildcard list actions (#2520)

Browse Source
This commit is contained in:
Javier Adriel
2022-12-21 11:55:43 -06:00
committed by GitHub
parent bbf115dc71
commit a42eef376d
7 changed files with 39 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
portal-ui/src/common/SecureComponent/permissions.ts
View File

@@ -24,6 +24,7 @@ export const IAM_ROLES = {
export const IAM_SCOPES = {
S3_STAR_BUCKET: "s3:*Bucket",
S3_LIST_BUCKET: "s3:ListBucket",
S3_ALL_LIST_BUCKET: "s3:List*",
S3_GET_BUCKET_POLICY: "s3:GetBucketPolicy",
S3_PUT_BUCKET_POLICY: "s3:PutBucketPolicy",
S3_GET_OBJECT: "s3:GetObject",
@@ -238,7 +239,10 @@ export const IAM_PERMISSIONS = {
IAM_SCOPES.S3_PUT_OBJECT,
IAM_SCOPES.S3_DELETE_OBJECT,
],
[IAM_ROLES.BUCKET_VIEWER]: [IAM_SCOPES.S3_LIST_BUCKET],
[IAM_ROLES.BUCKET_VIEWER]: [
IAM_SCOPES.S3_LIST_BUCKET,
IAM_SCOPES.S3_ALL_LIST_BUCKET,
],
[IAM_ROLES.BUCKET_ADMIN]: [
IAM_SCOPES.S3_ALL_ACTIONS,
IAM_SCOPES.ADMIN_ALL_ACTIONS,
@@ -585,4 +589,7 @@ export const deleteBucketPermissions = [
IAM_SCOPES.S3_FORCE_DELETE_BUCKET,
];
export const browseBucketPermissions = [IAM_SCOPES.S3_LIST_BUCKET];
export const browseBucketPermissions = [
IAM_SCOPES.S3_LIST_BUCKET,
IAM_SCOPES.S3_ALL_LIST_BUCKET,
];

3
portal-ui/src/screens/Console/Buckets/BucketDetails/BrowserHandler.tsx
View File

@@ -381,6 +381,7 @@ const BrowserHandler = () => {
const displayListObjects = hasPermission(bucketName, [
IAM_SCOPES.S3_LIST_BUCKET,
IAM_SCOPES.S3_ALL_LIST_BUCKET,
]);
// Common objects list
@@ -529,7 +530,7 @@ const BrowserHandler = () => {
<Fragment>
{!versionsMode ? (
<SecureComponent
scopes={[IAM_SCOPES.S3_LIST_BUCKET]}
scopes={[IAM_SCOPES.S3_LIST_BUCKET, IAM_SCOPES.S3_ALL_LIST_BUCKET]}
resource={bucketName}
errorProps={{ disabled: true }}
>

10
portal-ui/src/screens/Console/Buckets/ListBuckets/ListBuckets.tsx
View File

@@ -220,7 +220,10 @@ const ListBuckets = ({ classes }: IListBucketsProps) => {
};
const canCreateBucket = hasPermission("*", [IAM_SCOPES.S3_CREATE_BUCKET]);
const canListBuckets = hasPermission("*", [IAM_SCOPES.S3_LIST_BUCKET]);
const canListBuckets = hasPermission("*", [
IAM_SCOPES.S3_LIST_BUCKET,
IAM_SCOPES.S3_ALL_LIST_BUCKET,
]);
return (
<Fragment>
@@ -453,7 +456,10 @@ const ListBuckets = ({ classes }: IListBucketsProps) => {
<Fragment>
<br />
{permissionTooltipHelper(
[IAM_SCOPES.S3_LIST_BUCKET],
[
IAM_SCOPES.S3_LIST_BUCKET,
IAM_SCOPES.S3_ALL_LIST_BUCKET,
],
"view the buckets on this server"
)}
<br />

11
portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx
View File

@@ -955,6 +955,7 @@ const ListObjects = () => {
disabled={
!hasPermission(bucketName, [
IAM_SCOPES.S3_LIST_BUCKET,
IAM_SCOPES.S3_ALL_LIST_BUCKET,
]) || rewindEnabled
}
/>
@@ -1016,7 +1017,10 @@ const ListObjects = () => {
</Fragment>
) : (
<SecureComponent
scopes={[IAM_SCOPES.S3_LIST_BUCKET]}
scopes={[
IAM_SCOPES.S3_LIST_BUCKET,
IAM_SCOPES.S3_ALL_LIST_BUCKET,
]}
resource={bucketName}
errorProps={{ disabled: true }}
>
@@ -1050,7 +1054,10 @@ const ListObjects = () => {
</SecureComponent>
)}
<SecureComponent
scopes={[IAM_SCOPES.S3_LIST_BUCKET]}
scopes={[
IAM_SCOPES.S3_LIST_BUCKET,
IAM_SCOPES.S3_ALL_LIST_BUCKET,
]}
resource={bucketName}
errorProps={{ disabled: true }}
>

3
portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjectsTable.tsx
View File

@@ -114,6 +114,7 @@ const ListObjectsTable = () => {
const displayListObjects = hasPermission(bucketName, [
IAM_SCOPES.S3_LIST_BUCKET,
IAM_SCOPES.S3_ALL_LIST_BUCKET,
]);
const filteredRecords = records.filter((b: BucketObjectItem) => {
@@ -221,7 +222,7 @@ const ListObjectsTable = () => {
customEmptyMessage={
!displayListObjects
? permissionTooltipHelper(
[IAM_SCOPES.S3_LIST_BUCKET],
[IAM_SCOPES.S3_LIST_BUCKET, IAM_SCOPES.S3_ALL_LIST_BUCKET],
"view Objects in this bucket"
)
: `This location is empty${

10
portal-ui/src/screens/Console/ObjectBrowser/OBBucketList.tsx
View File

@@ -129,7 +129,10 @@ const OBListBuckets = () => {
const hasBuckets = records.length > 0;
const canListBuckets = hasPermission("*", [IAM_SCOPES.S3_LIST_BUCKET]);
const canListBuckets = hasPermission("*", [
IAM_SCOPES.S3_LIST_BUCKET,
IAM_SCOPES.S3_ALL_LIST_BUCKET,
]);
const tableActions = [
{
@@ -276,7 +279,10 @@ const OBListBuckets = () => {
<Fragment>
<br />
{permissionTooltipHelper(
[IAM_SCOPES.S3_LIST_BUCKET],
[
IAM_SCOPES.S3_LIST_BUCKET,
IAM_SCOPES.S3_ALL_LIST_BUCKET,
],
"view the buckets on this server"
)}
<br />

2
portal-ui/tests/utils/elements.ts
View File

@@ -141,7 +141,7 @@ export const table = Selector(".ReactVirtualized__Table");
export const bucketsTableDisabled = Selector("#object-list-wrapper")
.find(".MuiPaper-root")
.withText(
"You require additional permissions in order to view Objects in this bucket. Please ask your MinIO administrator to grant you s3:ListBucket permission in order to view Objects in this bucket."
"You require additional permissions in order to view Objects in this bucket. Please ask your MinIO administrator to grant you"
);
export const createGroupUserTable = Selector(
".MuiDialog-container .ReactVirtualized__Table"