mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
Add policy conditions support for Listing operations on browser (#7106)
Fixes https://github.com/minio/minio/issues/7095
This commit is contained in:
parent
267f183fc8
commit
4fdacb8b14
@ -287,6 +287,12 @@ func (web *webAPIHandlers) ListBuckets(r *http.Request, args *WebGenericArgs, re
|
|||||||
return toJSONError(authErr)
|
return toJSONError(authErr)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Set prefix value for "s3:prefix" policy conditionals.
|
||||||
|
r.Header.Set("prefix", "")
|
||||||
|
|
||||||
|
// Set delimiter value for "s3:delimiter" policy conditionals.
|
||||||
|
r.Header.Set("delimiter", slashSeparator)
|
||||||
|
|
||||||
// If etcd, dns federation configured list buckets from etcd.
|
// If etcd, dns federation configured list buckets from etcd.
|
||||||
if globalDNSConfig != nil {
|
if globalDNSConfig != nil {
|
||||||
dnsBuckets, err := globalDNSConfig.List()
|
dnsBuckets, err := globalDNSConfig.List()
|
||||||
@ -416,10 +422,11 @@ func (web *webAPIHandlers) ListObjects(r *http.Request, args *ListObjectsArgs, r
|
|||||||
claims, owner, authErr := webRequestAuthenticate(r)
|
claims, owner, authErr := webRequestAuthenticate(r)
|
||||||
if authErr != nil {
|
if authErr != nil {
|
||||||
if authErr == errNoAuthToken {
|
if authErr == errNoAuthToken {
|
||||||
// Add this for checking ListObjects conditional.
|
// Set prefix value for "s3:prefix" policy conditionals.
|
||||||
if args.Prefix != "" {
|
r.Header.Set("prefix", args.Prefix)
|
||||||
r.Header.Set("prefix", args.Prefix)
|
|
||||||
}
|
// Set delimiter value for "s3:delimiter" policy conditionals.
|
||||||
|
r.Header.Set("delimiter", slashSeparator)
|
||||||
|
|
||||||
// Check if anonymous (non-owner) has access to download objects.
|
// Check if anonymous (non-owner) has access to download objects.
|
||||||
readable := globalPolicySys.IsAllowed(policy.Args{
|
readable := globalPolicySys.IsAllowed(policy.Args{
|
||||||
@ -454,10 +461,11 @@ func (web *webAPIHandlers) ListObjects(r *http.Request, args *ListObjectsArgs, r
|
|||||||
|
|
||||||
// For authenticated users apply IAM policy.
|
// For authenticated users apply IAM policy.
|
||||||
if authErr == nil {
|
if authErr == nil {
|
||||||
// Add this for checking ListObjects conditional.
|
// Set prefix value for "s3:prefix" policy conditionals.
|
||||||
if args.Prefix != "" {
|
r.Header.Set("prefix", args.Prefix)
|
||||||
r.Header.Set("prefix", args.Prefix)
|
|
||||||
}
|
// Set delimiter value for "s3:delimiter" policy conditionals.
|
||||||
|
r.Header.Set("delimiter", slashSeparator)
|
||||||
|
|
||||||
readable := globalIAMSys.IsAllowed(iampolicy.Args{
|
readable := globalIAMSys.IsAllowed(iampolicy.Args{
|
||||||
AccountName: claims.Subject,
|
AccountName: claims.Subject,
|
||||||
|
Loading…
Reference in New Issue
Block a user