Enable/Disable Object details actions depending on user permissions (#1756)

Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
2022-03-23 17:17:57 -07:00
parent 65eee7c1d0
commit b12fa5edfd
2 changed files with 43 additions and 9 deletions
--- a/portal-ui/src/common/SecureComponent/permissions.ts
+++ b/portal-ui/src/common/SecureComponent/permissions.ts
@@ -105,6 +105,7 @@ export const IAM_SCOPES = {
  ADMIN_SERVER_TRACE: "admin:ServerTrace",
  ADMIN_HEALTH_INFO: "admin:OBDInfo",
  ADMIN_HEAL: "admin:Heal",
+  ADMIN_INSPECT_DATA: "admin:InspectData",
  S3_ALL_ACTIONS: "s3:*",
  ADMIN_ALL_ACTIONS: "admin:*",
 };
--- a/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
+++ b/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
@@ -358,13 +358,21 @@ const ObjectDetailPanel = ({
      ? objectNameArray[objectNameArray.length - 1]
      : actualInfo.name;

+  const objectResources = [
+    bucketName,
+    currentItem,
+    [bucketName, actualInfo.name].join("/"),
+  ];
+
  const multiActionButtons = [
    {
      action: () => {
        downloadObject(actualInfo);
      },
      label: "Download",
-      disabled: !!actualInfo.is_delete_marker,
+      disabled:
+        !!actualInfo.is_delete_marker ||
+        !hasPermission(objectResources, [IAM_SCOPES.S3_GET_OBJECT]),
      icon: <DownloadIcon />,
      tooltip: "Download this Object",
    },
@@ -373,7 +381,9 @@ const ObjectDetailPanel = ({
        shareObject();
      },
      label: "Share",
-      disabled: !!actualInfo.is_delete_marker,
+      disabled:
+        !!actualInfo.is_delete_marker ||
+        !hasPermission(objectResources, [IAM_SCOPES.S3_GET_OBJECT]),
      icon: <ShareIcon />,
      tooltip: "Share this File",
    },
@@ -384,7 +394,8 @@ const ObjectDetailPanel = ({
      label: "Preview",
      disabled:
        !!actualInfo.is_delete_marker ||
-        extensionPreview(currentItem) === "none",
+        extensionPreview(currentItem) === "none" ||
+        !hasPermission(objectResources, [IAM_SCOPES.S3_GET_OBJECT]),
      icon: <PreviewIcon />,
      tooltip: "Preview this File",
    },
@@ -394,8 +405,11 @@ const ObjectDetailPanel = ({
      },
      label: "Legal Hold",
      disabled:
+        !distributedSetup ||
        !!actualInfo.is_delete_marker ||
-        !hasPermission(bucketName, [IAM_SCOPES.S3_PUT_OBJECT_LEGAL_HOLD]) ||
+        !hasPermission(objectResources, [
+          IAM_SCOPES.S3_PUT_OBJECT_LEGAL_HOLD,
+        ]) ||
        selectedVersion !== "",
      icon: <LegalHoldIcon />,
      tooltip: "Change Legal Hold rules for this File",
@@ -404,8 +418,9 @@ const ObjectDetailPanel = ({
      action: openRetentionModal,
      label: "Retention",
      disabled:
+        !distributedSetup ||
        !!actualInfo.is_delete_marker ||
-        !hasPermission(bucketName, [IAM_SCOPES.S3_GET_OBJECT_RETENTION]) ||
+        !hasPermission(objectResources, [IAM_SCOPES.S3_GET_OBJECT_RETENTION]) ||
        selectedVersion !== "",
      icon: <RetentionIcon />,
      tooltip: "Change Retention rules for this File",
@@ -415,7 +430,10 @@ const ObjectDetailPanel = ({
        setTagModalOpen(true);
      },
      label: "Tags",
-      disabled: !!actualInfo.is_delete_marker || selectedVersion !== "",
+      disabled:
+        !!actualInfo.is_delete_marker ||
+        selectedVersion !== "" ||
+        !hasPermission(objectResources, [IAM_SCOPES.S3_PUT_OBJECT_TAGGING]),
      icon: <TagsIcon />,
      tooltip: "Change Tags for this File",
    },
@@ -424,7 +442,11 @@ const ObjectDetailPanel = ({
        setInspectModalOpen(true);
      },
      label: "Inspect",
-      disabled: !!actualInfo.is_delete_marker || selectedVersion !== "",
+      disabled:
+        !distributedSetup ||
+        !!actualInfo.is_delete_marker ||
+        selectedVersion !== "" ||
+        !hasPermission(objectResources, [IAM_SCOPES.ADMIN_INSPECT_DATA]),
      icon: <InspectMenuIcon />,
      tooltip: "Inspect this file",
    },
@@ -434,7 +456,14 @@ const ObjectDetailPanel = ({
      },
      label: versionsMode ? "Hide Object Versions" : "Display Object Versions",
      icon: <VersionsIcon />,
-      disabled: !(actualInfo.version_id && actualInfo.version_id !== "null"),
+      disabled:
+        !distributedSetup ||
+        !(actualInfo.version_id && actualInfo.version_id !== "null") ||
+        !hasPermission(objectResources, [
+          IAM_SCOPES.S3_GET_BUCKET_VERSIONING,
+          IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
+          IAM_SCOPES.S3_GET_OBJECT_VERSION,
+        ]),
      tooltip: "Display Versions for this file",
    },
  ];
@@ -539,7 +568,11 @@ const ObjectDetailPanel = ({

      <Grid item xs={12} sx={{ textAlign: "center" }}>
        <SecureComponent
-          resource={[currentItem, [bucketName, actualInfo.name].join("/")]}
+          resource={[
+            bucketName,
+            currentItem,
+            [bucketName, actualInfo.name].join("/"),
+          ]}
          scopes={[IAM_SCOPES.S3_DELETE_OBJECT]}
          errorProps={{ disabled: true }}
        >