From 4fdacb8b14597d71b6a7f45e211e2fc34e6e5134 Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Sun, 20 Jan 2019 12:50:01 +0530 Subject: [PATCH] Add policy conditions support for Listing operations on browser (#7106) Fixes https://github.com/minio/minio/issues/7095 --- cmd/web-handlers.go | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/cmd/web-handlers.go b/cmd/web-handlers.go index 086e86355..593215dde 100644 --- a/cmd/web-handlers.go +++ b/cmd/web-handlers.go @@ -287,6 +287,12 @@ func (web *webAPIHandlers) ListBuckets(r *http.Request, args *WebGenericArgs, re return toJSONError(authErr) } + // Set prefix value for "s3:prefix" policy conditionals. + r.Header.Set("prefix", "") + + // Set delimiter value for "s3:delimiter" policy conditionals. + r.Header.Set("delimiter", slashSeparator) + // If etcd, dns federation configured list buckets from etcd. if globalDNSConfig != nil { dnsBuckets, err := globalDNSConfig.List() @@ -416,10 +422,11 @@ func (web *webAPIHandlers) ListObjects(r *http.Request, args *ListObjectsArgs, r claims, owner, authErr := webRequestAuthenticate(r) if authErr != nil { if authErr == errNoAuthToken { - // Add this for checking ListObjects conditional. - if args.Prefix != "" { - r.Header.Set("prefix", args.Prefix) - } + // Set prefix value for "s3:prefix" policy conditionals. + r.Header.Set("prefix", args.Prefix) + + // Set delimiter value for "s3:delimiter" policy conditionals. + r.Header.Set("delimiter", slashSeparator) // Check if anonymous (non-owner) has access to download objects. readable := globalPolicySys.IsAllowed(policy.Args{ @@ -454,10 +461,11 @@ func (web *webAPIHandlers) ListObjects(r *http.Request, args *ListObjectsArgs, r // For authenticated users apply IAM policy. if authErr == nil { - // Add this for checking ListObjects conditional. - if args.Prefix != "" { - r.Header.Set("prefix", args.Prefix) - } + // Set prefix value for "s3:prefix" policy conditionals. + r.Header.Set("prefix", args.Prefix) + + // Set delimiter value for "s3:delimiter" policy conditionals. + r.Header.Set("delimiter", slashSeparator) readable := globalIAMSys.IsAllowed(iampolicy.Args{ AccountName: claims.Subject,