maxmustermann/minio
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add policy conditions support for Listing operations on browser (#7106)

Browse source 
Fixes https://github.com/minio/minio/issues/7095
This commit is contained in:
Harshavardhana 2019-01-20 12:50:01 +05:30 committed by GitHub
parent 267f183fc8
commit 4fdacb8b14
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
cmd/web-handlers.go
View file

@ -287,6 +287,12 @@ func (web *webAPIHandlers) ListBuckets(r *http.Request, args *WebGenericArgs, re
return toJSONError(authErr) return toJSONError(authErr)
} }
// Set prefix value for "s3:prefix" policy conditionals.
r.Header.Set("prefix", "")
// Set delimiter value for "s3:delimiter" policy conditionals.
r.Header.Set("delimiter", slashSeparator)
// If etcd, dns federation configured list buckets from etcd. // If etcd, dns federation configured list buckets from etcd.
if globalDNSConfig != nil { if globalDNSConfig != nil {
dnsBuckets, err := globalDNSConfig.List() dnsBuckets, err := globalDNSConfig.List()
@ -416,10 +422,11 @@ func (web *webAPIHandlers) ListObjects(r *http.Request, args *ListObjectsArgs, r
claims, owner, authErr := webRequestAuthenticate(r) claims, owner, authErr := webRequestAuthenticate(r)
if authErr != nil { if authErr != nil {
if authErr == errNoAuthToken { if authErr == errNoAuthToken {
// Add this for checking ListObjects conditional. // Set prefix value for "s3:prefix" policy conditionals.
if args.Prefix != "" { r.Header.Set("prefix", args.Prefix)
r.Header.Set("prefix", args.Prefix)
} // Set delimiter value for "s3:delimiter" policy conditionals.
r.Header.Set("delimiter", slashSeparator)
// Check if anonymous (non-owner) has access to download objects. // Check if anonymous (non-owner) has access to download objects.
readable := globalPolicySys.IsAllowed(policy.Args{ readable := globalPolicySys.IsAllowed(policy.Args{
@ -454,10 +461,11 @@ func (web *webAPIHandlers) ListObjects(r *http.Request, args *ListObjectsArgs, r
// For authenticated users apply IAM policy. // For authenticated users apply IAM policy.
if authErr == nil { if authErr == nil {
// Add this for checking ListObjects conditional. // Set prefix value for "s3:prefix" policy conditionals.
if args.Prefix != "" { r.Header.Set("prefix", args.Prefix)
r.Header.Set("prefix", args.Prefix)
} // Set delimiter value for "s3:delimiter" policy conditionals.
r.Header.Set("delimiter", slashSeparator)
readable := globalIAMSys.IsAllowed(iampolicy.Args{ readable := globalIAMSys.IsAllowed(iampolicy.Args{
AccountName: claims.Subject, AccountName: claims.Subject,