iam: Return a slice of policies for a group (#11722)

A group can have multiple policies, a user subscribed to readwrite & diagnostics can perform S3 operations & admin operations as well. However, the current code only returns one policy for one group.
2025-04-22 11:26:36 -04:00 · 2021-03-06 18:27:06 +01:00 · 2021-03-06 18:27:06 +01:00 · 558762bdf6
commit 558762bdf6
parent d971061305
1 changed files with 2 additions and 17 deletions
--- a/cmd/iam.go
+++ b/cmd/iam.go
@ -1563,11 +1563,7 @@ func (sys *IAMSys) GetGroupDescription(group string) (gd madmin.GroupDesc, err e
 		return gd, err
 	}
-	// A group may be mapped to at most one policy.
+	policy := strings.Join(ps, ",")
 	policy := ""
 	if len(ps) > 0 {
 		policy = ps[0]
 	}
 	if sys.usersSysType != MinIOUsersSysType {
 		return madmin.GroupDesc{
@ -1681,7 +1677,7 @@ func (sys *IAMSys) policyDBSet(name, policyName string, userType IAMUserType, is
 // PolicyDBGet - gets policy set on a user or group. Since a user may
 // be a member of multiple groups, this function returns an array of
-// applicable policies (each group is mapped to at most one policy).
+// applicable policies
 func (sys *IAMSys) PolicyDBGet(name string, isGroup bool) ([]string, error) {
 	if !sys.Initialized() {
 		return nil, errServerNotInitialized
@ -1749,17 +1745,6 @@ func (sys *IAMSys) policyDBGet(name string, isGroup bool) ([]string, error) {
 		policies = append(policies, p.toSlice()...)
 	}
 	for _, group := range u.Groups {
 		// Skip missing or disabled groups
 		gi, ok := sys.iamGroupsMap[group]
 		if !ok || gi.Status == statusDisabled {
 			continue
 		}
 		p := sys.iamGroupPolicyMap[group]
 		policies = append(policies, p.toSlice()...)
 	}
 	return policies, nil
 }