diff --git a/portal-ui/src/common/SecureComponent/permissions.ts b/portal-ui/src/common/SecureComponent/permissions.ts index 7534eb83f..1677821f7 100644 --- a/portal-ui/src/common/SecureComponent/permissions.ts +++ b/portal-ui/src/common/SecureComponent/permissions.ts @@ -22,6 +22,7 @@ export const IAM_ROLES = { }; export const IAM_SCOPES = { + S3_STAR_BUCKET: "s3:*Bucket", S3_LIST_BUCKET: "s3:ListBucket", S3_GET_BUCKET_POLICY: "s3:GetBucketPolicy", S3_PUT_BUCKET_POLICY: "s3:PutBucketPolicy", @@ -281,6 +282,7 @@ export const IAM_PERMISSIONS = { IAM_SCOPES.ADMIN_LIST_USER_POLICIES, IAM_SCOPES.ADMIN_LIST_USERS, IAM_SCOPES.ADMIN_HEAL, + IAM_SCOPES.S3_STAR_BUCKET, ], [IAM_ROLES.BUCKET_LIFECYCLE]: [ IAM_SCOPES.S3_GET_LIFECYCLE_CONFIGURATION, @@ -526,3 +528,14 @@ export const listGroupPermissions = [ IAM_SCOPES.ADMIN_LIST_GROUPS, IAM_SCOPES.ADMIN_GET_GROUP, ]; + +export const deleteBucketPermissions = [ + IAM_SCOPES.S3_DELETE_BUCKET, + IAM_SCOPES.S3_FORCE_DELETE_BUCKET, + IAM_SCOPES.S3_STAR_BUCKET, +]; + +export const browseBucketPermissions = [ + IAM_SCOPES.S3_LIST_BUCKET, + IAM_SCOPES.S3_STAR_BUCKET, +]; diff --git a/portal-ui/src/screens/Console/Buckets/BucketDetails/BrowserHandler.tsx b/portal-ui/src/screens/Console/Buckets/BucketDetails/BrowserHandler.tsx index 5188f365a..a0e386728 100644 --- a/portal-ui/src/screens/Console/Buckets/BucketDetails/BrowserHandler.tsx +++ b/portal-ui/src/screens/Console/Buckets/BucketDetails/BrowserHandler.tsx @@ -110,6 +110,7 @@ const BrowserHandler = () => { IAM_SCOPES.S3_LIST_BUCKET_VERSIONS, IAM_SCOPES.S3_GET_BUCKET_POLICY_STATUS, IAM_SCOPES.S3_DELETE_BUCKET_POLICY, + IAM_SCOPES.S3_STAR_BUCKET, ]); const searchBar = ( diff --git a/portal-ui/src/screens/Console/Buckets/BucketDetails/BucketDetails.tsx b/portal-ui/src/screens/Console/Buckets/BucketDetails/BucketDetails.tsx index 8848eb01b..b8dd2c765 100644 --- a/portal-ui/src/screens/Console/Buckets/BucketDetails/BucketDetails.tsx +++ b/portal-ui/src/screens/Console/Buckets/BucketDetails/BucketDetails.tsx @@ -50,6 +50,8 @@ import { IAM_PERMISSIONS, IAM_ROLES, permissionTooltipHelper, + deleteBucketPermissions, + browseBucketPermissions, } from "../../../../common/SecureComponent/permissions"; import PageLayout from "../../Common/Layout/PageLayout"; import VerticalTabs from "../../Common/VerticalTabs/VerticalTabs"; @@ -141,11 +143,8 @@ const BucketDetails = ({ classes }: IBucketDetailsProps) => { selTab = selTab ? selTab : "summary"; const [activeTab, setActiveTab] = useState(selTab); - const canDelete = hasPermission(bucketName, [ - IAM_SCOPES.S3_DELETE_BUCKET, - IAM_SCOPES.S3_FORCE_DELETE_BUCKET, - ]); - const canBrowse = hasPermission(bucketName, [IAM_SCOPES.S3_LIST_BUCKET]); + const canDelete = hasPermission(bucketName, deleteBucketPermissions); + const canBrowse = hasPermission(bucketName, browseBucketPermissions); useEffect(() => { setActiveTab(selTab); @@ -273,10 +272,7 @@ const BucketDetails = ({ classes }: IBucketDetailsProps) => { actions={ diff --git a/portal-ui/src/screens/Console/Buckets/ListBuckets/ListBuckets.tsx b/portal-ui/src/screens/Console/Buckets/ListBuckets/ListBuckets.tsx index 5cc887be1..e1937f12d 100644 --- a/portal-ui/src/screens/Console/Buckets/ListBuckets/ListBuckets.tsx +++ b/portal-ui/src/screens/Console/Buckets/ListBuckets/ListBuckets.tsx @@ -215,7 +215,10 @@ const ListBuckets = ({ classes }: IListBucketsProps) => { setSelectedBuckets(selectAllBuckets); }; - const canCreateBucket = hasPermission("*", [IAM_SCOPES.S3_CREATE_BUCKET]); + const canCreateBucket = hasPermission("*", [ + IAM_SCOPES.S3_CREATE_BUCKET, + IAM_SCOPES.S3_STAR_BUCKET, + ]); const canListBuckets = hasPermission("*", [IAM_SCOPES.S3_LIST_BUCKET]); return ( @@ -306,7 +309,7 @@ const ListBuckets = ({ classes }: IListBucketsProps) => { ? "Set Lifecycle" : permissionTooltipHelper( IAM_PERMISSIONS[IAM_ROLES.BUCKET_LIFECYCLE], - "configuring lifecycle for the selected buckets" + "configure lifecycle for the selected buckets" ) } > @@ -353,7 +356,7 @@ const ListBuckets = ({ classes }: IListBucketsProps) => { ? "" : permissionTooltipHelper( [IAM_SCOPES.S3_CREATE_BUCKET], - "creating a bucket" + "create a bucket" ) } > @@ -429,7 +432,10 @@ const ListBuckets = ({ classes }: IListBucketsProps) => { IAM_SCOPES.S3_LIST_BUCKET + " permission. Please contact your MinIO administrator to establish this permission."}
diff --git a/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ObjectDetails/TagsModal.tsx b/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ObjectDetails/TagsModal.tsx index 0ffc97da9..363c67017 100644 --- a/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ObjectDetails/TagsModal.tsx +++ b/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ObjectDetails/TagsModal.tsx @@ -269,7 +269,6 @@ const AddTagModal = ({ key={`chip-${index}`} scopes={[IAM_SCOPES.S3_DELETE_OBJECT_TAGGING]} resource={bucketName} - matchAll errorProps={{ deleteIcon: null, onDelete: null,