Filter listing buckets based on user level access (#6940)

Fixes #6701
This commit is contained in:
Harshavardhana 2018-12-10 09:27:22 -08:00 committed by Nitish Tiwari
parent 4c7c571875
commit 76d9d54603

View File

@ -258,7 +258,8 @@ func (web *webAPIHandlers) ListBuckets(r *http.Request, args *WebGenericArgs, re
listBuckets = web.CacheAPI().ListBuckets listBuckets = web.CacheAPI().ListBuckets
} }
if _, _, authErr := webRequestAuthenticate(r); authErr != nil { claims, owner, authErr := webRequestAuthenticate(r)
if authErr != nil {
return toJSONError(authErr) return toJSONError(authErr)
} }
@ -270,10 +271,19 @@ func (web *webAPIHandlers) ListBuckets(r *http.Request, args *WebGenericArgs, re
} }
for _, dnsRecord := range dnsBuckets { for _, dnsRecord := range dnsBuckets {
bucketName := strings.Trim(dnsRecord.Key, "/") bucketName := strings.Trim(dnsRecord.Key, "/")
reply.Buckets = append(reply.Buckets, WebBucketInfo{ if globalIAMSys.IsAllowed(iampolicy.Args{
Name: bucketName, AccountName: claims.Subject,
CreationDate: dnsRecord.CreationDate, Action: iampolicy.Action(policy.GetObjectAction),
}) BucketName: bucketName,
ConditionValues: getConditionValues(r, ""),
IsOwner: owner,
ObjectName: "",
}) {
reply.Buckets = append(reply.Buckets, WebBucketInfo{
Name: bucketName,
CreationDate: dnsRecord.CreationDate,
})
}
} }
} else { } else {
buckets, err := listBuckets(context.Background()) buckets, err := listBuckets(context.Background())
@ -281,10 +291,19 @@ func (web *webAPIHandlers) ListBuckets(r *http.Request, args *WebGenericArgs, re
return toJSONError(err) return toJSONError(err)
} }
for _, bucket := range buckets { for _, bucket := range buckets {
reply.Buckets = append(reply.Buckets, WebBucketInfo{ if globalIAMSys.IsAllowed(iampolicy.Args{
Name: bucket.Name, AccountName: claims.Subject,
CreationDate: bucket.Created, Action: iampolicy.Action(policy.GetObjectAction),
}) BucketName: bucket.Name,
ConditionValues: getConditionValues(r, ""),
IsOwner: owner,
ObjectName: "",
}) {
reply.Buckets = append(reply.Buckets, WebBucketInfo{
Name: bucket.Name,
CreationDate: bucket.Created,
})
}
} }
} }