mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added permissions guidance on ListBuckets and AddBuckets screens (#2319)

Browse Source 
Added helpbox and tooltip guidance on ListBucketsand AddBuckets screens
Added bucketname to resource checking for bucket level config permissions
This commit is contained in:
jinapurapu
2022-09-16 13:22:20 -07:00
committed by GitHub
parent cd6e61e93b
commit a878440485
3 changed files with 119 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
portal-ui/src/screens/Console/Buckets/BucketDetails/BrowserHandler.tsx
View File

@@ -46,6 +46,7 @@ import { selFeatures } from "../../consoleSlice";
import AutoColorIcon from "../../Common/Components/AutoColorIcon";
import TooltipWrapper from "../../Common/TooltipWrapper/TooltipWrapper";
import { Button } from "mds";
import hasPermission from "../../../../common/SecureComponent/accessControl";
const styles = (theme: Theme) =>
createStyles({
@@ -88,6 +89,29 @@ const BrowserHandler = () => {
navigate(`/buckets/${bucketName}/admin`);
};
const configureBucketAllowed = hasPermission(bucketName, [
IAM_SCOPES.S3_GET_BUCKET_POLICY,
IAM_SCOPES.S3_PUT_BUCKET_POLICY,
IAM_SCOPES.S3_GET_BUCKET_VERSIONING,
IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
IAM_SCOPES.S3_GET_BUCKET_ENCRYPTION_CONFIGURATION,
IAM_SCOPES.S3_PUT_BUCKET_ENCRYPTION_CONFIGURATION,
IAM_SCOPES.S3_DELETE_BUCKET,
IAM_SCOPES.S3_GET_BUCKET_NOTIFICATIONS,
IAM_SCOPES.S3_PUT_BUCKET_NOTIFICATIONS,
IAM_SCOPES.S3_GET_REPLICATION_CONFIGURATION,
IAM_SCOPES.S3_PUT_REPLICATION_CONFIGURATION,
IAM_SCOPES.S3_GET_LIFECYCLE_CONFIGURATION,
IAM_SCOPES.S3_PUT_LIFECYCLE_CONFIGURATION,
IAM_SCOPES.ADMIN_GET_BUCKET_QUOTA,
IAM_SCOPES.ADMIN_SET_BUCKET_QUOTA,
IAM_SCOPES.S3_PUT_BUCKET_TAGGING,
IAM_SCOPES.S3_GET_BUCKET_TAGGING,
IAM_SCOPES.S3_LIST_BUCKET_VERSIONS,
IAM_SCOPES.S3_GET_BUCKET_POLICY_STATUS,
IAM_SCOPES.S3_DELETE_BUCKET_POLICY,
]);
const searchBar = (
<Fragment>
{!versionsMode ? (
@@ -129,7 +153,15 @@ const BrowserHandler = () => {
resource={bucketName}
errorProps={{ disabled: true }}
>
<TooltipWrapper tooltip={"Configure Bucket"}>
<TooltipWrapper
tooltip={
configureBucketAllowed
? "Configure Bucket"
: "You do not have the required permissions to configure this bucket. Please contact your MinIO administrator to request " +
IAM_ROLES.BUCKET_ADMIN +
" permisions."
}
>
<Button
id={"configure-bucket-main"}
color="primary"

112
portal-ui/src/screens/Console/Buckets/ListBuckets/AddBucket/AddBucket.tsx
View File

@@ -40,6 +40,7 @@ import PageLayout from "../../../Common/Layout/PageLayout";
import InputUnitMenu from "../../../Common/FormComponents/InputUnitMenu/InputUnitMenu";
import FormLayout from "../../../Common/FormLayout";
import HelpBox from "../../../../../common/HelpBox";
import TooltipWrapper from "../../../Common/TooltipWrapper/TooltipWrapper";
import SectionTitle from "../../../Common/SectionTitle";
import { selDistSet, selSiteRep } from "../../../../../systemSlice";
import {
@@ -162,9 +163,17 @@ const AddBucket = ({ classes }: IsetProps) => {
(state: AppState) => state.addBucket.navigateTo
);
const lockingAllowed = hasPermission("*", [
const lockingAllowed = hasPermission(
"*",
[
IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
IAM_SCOPES.S3_PUT_BUCKET_OBJECT_LOCK_CONFIGURATION,
],
true
);
const versioningAllowed = hasPermission("*", [
IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
IAM_SCOPES.S3_PUT_BUCKET_OBJECT_LOCK_CONFIGURATION,
]);
useEffect(() => {
@@ -243,19 +252,7 @@ const AddBucket = ({ classes }: IsetProps) => {
<br />
<b>Object Locking</b> prevents objects from being deleted.
Required to support retention and legal hold. Can only be
enabled at bucket creation.{" "}
{!lockingAllowed ? (
<Fragment>
<br />
<span>
To enable this option{" "}
<i>s3:PutBucketObjectLockConfiguration</i> and{" "}
<i>s3:PutBucketVersioning</i> permissions must be set.
</span>
</Fragment>
) : (
""
)}
enabled at bucket creation.
<br />
<br />
<b>Quota</b> limits the amount of data in the bucket.
@@ -323,39 +320,68 @@ const AddBucket = ({ classes }: IsetProps) => {
<br />
</Fragment>
)}
<FormSwitchWrapper
value="versioned"
id="versioned"
name="versioned"
checked={versioningEnabled}
onChange={(event: React.ChangeEvent<HTMLInputElement>) => {
dispatch(setVersioning(event.target.checked));
}}
label={"Versioning"}
disabled={
!distributedSetup ||
lockingEnabled ||
siteReplicationInfo.enabled
<TooltipWrapper
tooltip={
versioningAllowed
? ""
: "You require additional permissions in order to enable Versioning. Please ask your MinIO administrator to grant you " +
IAM_SCOPES.S3_PUT_BUCKET_VERSIONING +
" permission in order to enable Versioning."
}
/>
>
<FormSwitchWrapper
value="versioned"
id="versioned"
name="versioned"
checked={versioningEnabled}
onChange={(event: React.ChangeEvent<HTMLInputElement>) => {
dispatch(setVersioning(event.target.checked));
}}
label={"Versioning"}
disabled={
!distributedSetup ||
lockingEnabled ||
siteReplicationInfo.enabled ||
!versioningAllowed
}
/>
</TooltipWrapper>
</Grid>
<Grid item xs={12}>
<FormSwitchWrapper
value="locking"
id="locking"
name="locking"
disabled={
lockingFieldDisabled || !distributedSetup || !lockingAllowed
<TooltipWrapper
tooltip={
lockingAllowed
? ""
: "You require additional permissions in order to enable Locking. Please ask your MinIO administrator to grant you " +
(versioningAllowed
? ""
: IAM_SCOPES.S3_PUT_BUCKET_VERSIONING + " and ") +
IAM_SCOPES.S3_PUT_BUCKET_OBJECT_LOCK_CONFIGURATION +
" permissions in order to enable Locking."
}
checked={lockingEnabled}
onChange={(event: React.ChangeEvent<HTMLInputElement>) => {
dispatch(setEnableObjectLocking(event.target.checked));
if (event.target.checked && !siteReplicationInfo.enabled) {
dispatch(setVersioning(true));
>
<FormSwitchWrapper
value="locking"
id="locking"
name="locking"
disabled={
lockingFieldDisabled ||
!distributedSetup ||
!lockingAllowed
}
}}
label={"Object Locking"}
/>
checked={lockingEnabled}
onChange={(event: React.ChangeEvent<HTMLInputElement>) => {
dispatch(setEnableObjectLocking(event.target.checked));
if (
event.target.checked &&
!siteReplicationInfo.enabled
) {
dispatch(setVersioning(true));
}
}}
label={"Object Locking"}
/>
</TooltipWrapper>
</Grid>
<Grid item xs={12}>

18
portal-ui/src/screens/Console/Buckets/ListBuckets/ListBuckets.tsx
View File

@@ -202,6 +202,7 @@ const ListBuckets = ({ classes }: IListBucketsProps) => {
};
const canCreateBucket = hasPermission("*", [IAM_SCOPES.S3_CREATE_BUCKET]);
const canListBuckets = hasPermission("*", [IAM_SCOPES.S3_LIST_BUCKET]);
return (
<Fragment>
@@ -319,7 +320,15 @@ const ListBuckets = ({ classes }: IListBucketsProps) => {
</TooltipWrapper>
{!obOnly && (
<TooltipWrapper tooltip={"Create Bucket"}>
<TooltipWrapper
tooltip={
canCreateBucket
? "Create Bucket"
: "You require additional permissions in order to create a new Bucket. Please ask your MinIO administrator to grant you " +
IAM_SCOPES.S3_CREATE_BUCKET +
" permission in order to create a Bucket."
}
>
<Button
id={"create-bucket"}
onClick={() => {
@@ -384,6 +393,13 @@ const ListBuckets = ({ classes }: IListBucketsProps) => {
MinIO uses buckets to organize objects. A bucket is
similar to a folder or directory in a filesystem, where
each bucket can hold an arbitrary number of objects.
<br></br>
<br></br>
{canListBuckets
? ""
: "In order to view the buckets on this server, you require " +
IAM_SCOPES.S3_LIST_BUCKET +
" permission. Please contact your MinIO administrator to establish this permission."}
<SecureComponent
scopes={[IAM_SCOPES.S3_CREATE_BUCKET]}
resource={CONSOLE_UI_RESOURCE}