From b12fa5edfdac9210eaf2ec1ddf3ea1ceeed02730 Mon Sep 17 00:00:00 2001
From: Lenin Alevski <alevsk.8772@gmail.com>
Date: Wed, 23 Mar 2022 17:17:57 -0700
Subject: [PATCH] Enable/Disable Object details actions depending on user
 permissions (#1756)

Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
---
 .../src/common/SecureComponent/permissions.ts |  1 +
 .../Objects/ListObjects/ObjectDetailPanel.tsx | 51 +++++++++++++++----
 2 files changed, 43 insertions(+), 9 deletions(-)

diff --git a/portal-ui/src/common/SecureComponent/permissions.ts b/portal-ui/src/common/SecureComponent/permissions.ts
index e2f2e9984..1305ba2f9 100644
--- a/portal-ui/src/common/SecureComponent/permissions.ts
+++ b/portal-ui/src/common/SecureComponent/permissions.ts
@@ -105,6 +105,7 @@ export const IAM_SCOPES = {
   ADMIN_SERVER_TRACE: "admin:ServerTrace",
   ADMIN_HEALTH_INFO: "admin:OBDInfo",
   ADMIN_HEAL: "admin:Heal",
+  ADMIN_INSPECT_DATA: "admin:InspectData",
   S3_ALL_ACTIONS: "s3:*",
   ADMIN_ALL_ACTIONS: "admin:*",
 };
diff --git a/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx b/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
index 6686de027..a2ed152b5 100644
--- a/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
+++ b/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
@@ -358,13 +358,21 @@ const ObjectDetailPanel = ({
       ? objectNameArray[objectNameArray.length - 1]
       : actualInfo.name;
 
+  const objectResources = [
+    bucketName,
+    currentItem,
+    [bucketName, actualInfo.name].join("/"),
+  ];
+
   const multiActionButtons = [
     {
       action: () => {
         downloadObject(actualInfo);
       },
       label: "Download",
-      disabled: !!actualInfo.is_delete_marker,
+      disabled:
+        !!actualInfo.is_delete_marker ||
+        !hasPermission(objectResources, [IAM_SCOPES.S3_GET_OBJECT]),
       icon: <DownloadIcon />,
       tooltip: "Download this Object",
     },
@@ -373,7 +381,9 @@ const ObjectDetailPanel = ({
         shareObject();
       },
       label: "Share",
-      disabled: !!actualInfo.is_delete_marker,
+      disabled:
+        !!actualInfo.is_delete_marker ||
+        !hasPermission(objectResources, [IAM_SCOPES.S3_GET_OBJECT]),
       icon: <ShareIcon />,
       tooltip: "Share this File",
     },
@@ -384,7 +394,8 @@ const ObjectDetailPanel = ({
       label: "Preview",
       disabled:
         !!actualInfo.is_delete_marker ||
-        extensionPreview(currentItem) === "none",
+        extensionPreview(currentItem) === "none" ||
+        !hasPermission(objectResources, [IAM_SCOPES.S3_GET_OBJECT]),
       icon: <PreviewIcon />,
       tooltip: "Preview this File",
     },
@@ -394,8 +405,11 @@ const ObjectDetailPanel = ({
       },
       label: "Legal Hold",
       disabled:
+        !distributedSetup ||
         !!actualInfo.is_delete_marker ||
-        !hasPermission(bucketName, [IAM_SCOPES.S3_PUT_OBJECT_LEGAL_HOLD]) ||
+        !hasPermission(objectResources, [
+          IAM_SCOPES.S3_PUT_OBJECT_LEGAL_HOLD,
+        ]) ||
         selectedVersion !== "",
       icon: <LegalHoldIcon />,
       tooltip: "Change Legal Hold rules for this File",
@@ -404,8 +418,9 @@ const ObjectDetailPanel = ({
       action: openRetentionModal,
       label: "Retention",
       disabled:
+        !distributedSetup ||
         !!actualInfo.is_delete_marker ||
-        !hasPermission(bucketName, [IAM_SCOPES.S3_GET_OBJECT_RETENTION]) ||
+        !hasPermission(objectResources, [IAM_SCOPES.S3_GET_OBJECT_RETENTION]) ||
         selectedVersion !== "",
       icon: <RetentionIcon />,
       tooltip: "Change Retention rules for this File",
@@ -415,7 +430,10 @@ const ObjectDetailPanel = ({
         setTagModalOpen(true);
       },
       label: "Tags",
-      disabled: !!actualInfo.is_delete_marker || selectedVersion !== "",
+      disabled:
+        !!actualInfo.is_delete_marker ||
+        selectedVersion !== "" ||
+        !hasPermission(objectResources, [IAM_SCOPES.S3_PUT_OBJECT_TAGGING]),
       icon: <TagsIcon />,
       tooltip: "Change Tags for this File",
     },
@@ -424,7 +442,11 @@ const ObjectDetailPanel = ({
         setInspectModalOpen(true);
       },
       label: "Inspect",
-      disabled: !!actualInfo.is_delete_marker || selectedVersion !== "",
+      disabled:
+        !distributedSetup ||
+        !!actualInfo.is_delete_marker ||
+        selectedVersion !== "" ||
+        !hasPermission(objectResources, [IAM_SCOPES.ADMIN_INSPECT_DATA]),
       icon: <InspectMenuIcon />,
       tooltip: "Inspect this file",
     },
@@ -434,7 +456,14 @@ const ObjectDetailPanel = ({
       },
       label: versionsMode ? "Hide Object Versions" : "Display Object Versions",
       icon: <VersionsIcon />,
-      disabled: !(actualInfo.version_id && actualInfo.version_id !== "null"),
+      disabled:
+        !distributedSetup ||
+        !(actualInfo.version_id && actualInfo.version_id !== "null") ||
+        !hasPermission(objectResources, [
+          IAM_SCOPES.S3_GET_BUCKET_VERSIONING,
+          IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
+          IAM_SCOPES.S3_GET_OBJECT_VERSION,
+        ]),
       tooltip: "Display Versions for this file",
     },
   ];
@@ -539,7 +568,11 @@ const ObjectDetailPanel = ({
 
       <Grid item xs={12} sx={{ textAlign: "center" }}>
         <SecureComponent
-          resource={[currentItem, [bucketName, actualInfo.name].join("/")]}
+          resource={[
+            bucketName,
+            currentItem,
+            [bucketName, actualInfo.name].join("/"),
+          ]}
           scopes={[IAM_SCOPES.S3_DELETE_OBJECT]}
           errorProps={{ disabled: true }}
         >