allow root users to return appropriate policy in AccountInfo (#15437)

fixes #15436 This fixes a regression caused after the removal of "consoleAdmin" policy usage for 'root users' in PR #15402
2025-04-04 11:50:36 -04:00 · 2022-07-29 20:58:03 -07:00 · 2022-07-29 20:58:03 -07:00 · 3cdb609cca
commit 3cdb609cca
parent d6a7f62ff5
1 changed files with 25 additions and 10 deletions
--- a/cmd/admin-handlers-users.go
+++ b/cmd/admin-handlers-users.go
@ -1189,17 +1189,32 @@ func (a adminAPIHandlers) AccountInfoHandler(w http.ResponseWriter, r *http.Requ
 		// For derived credentials, check the parent user's permissions.
 		accountName = cred.ParentUser
 	}
 	policies, err := globalIAMSys.PolicyDBGet(accountName, false, cred.Groups...)
 	if err != nil {
 		logger.LogIf(ctx, err)
 		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
 		return
 	}
-	buf, err := json.MarshalIndent(globalIAMSys.GetCombinedPolicy(policies...), "", " ")
+	var buf []byte
-	if err != nil {
+	if accountName == globalActiveCred.AccessKey {
-		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
+		for _, policy := range iampolicy.DefaultPolicies {
-		return
+			if policy.Name == "consoleAdmin" {
 				buf, err = json.MarshalIndent(policy.Definition, "", " ")
 				if err != nil {
 					writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
 					return
 				}
 				break
 			}
 		}
 	} else {
 		policies, err := globalIAMSys.PolicyDBGet(accountName, false, cred.Groups...)
 		if err != nil {
 			logger.LogIf(ctx, err)
 			writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
 			return
 		}
 		buf, err = json.MarshalIndent(globalIAMSys.GetCombinedPolicy(policies...), "", " ")
 		if err != nil {
 			writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
 			return
 		}
 	}
 	acctInfo := madmin.AccountInfo{