MyFavMirrors
/
minio
mirror of https://github.com/minio/minio.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow users to give anonymous access (#7926) 

Current code already allows users to GetPolicy/SetPolicy
there was a missing code in ListAllBucketPolicies to allow
access, this fixes this behavior.

Fixes #7913
This commit is contained in:
Harshavardhana 2019-07-15 12:00:41 -07:00 committed by kannappanr
parent 16a45e5aff
commit bce3f8237d
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cmd/web-handlers.go
View File

@ -1491,6 +1491,7 @@ func (web *webAPIHandlers) GetBucketPolicy(r *http.Request, args *GetBucketPolic
if authErr != nil { if authErr != nil {
return toJSONError(ctx, authErr) return toJSONError(ctx, authErr)
} }
// For authenticated users apply IAM policy. // For authenticated users apply IAM policy.
if !globalIAMSys.IsAllowed(iampolicy.Args{ if !globalIAMSys.IsAllowed(iampolicy.Args{
AccountName: claims.Subject, AccountName: claims.Subject,
@ -1583,12 +1584,19 @@ func (web *webAPIHandlers) ListAllBucketPolicies(r *http.Request, args *ListAllB
return toJSONError(ctx, errServerNotInitialized) return toJSONError(ctx, errServerNotInitialized)
} }
_, owner, authErr := webRequestAuthenticate(r) claims, owner, authErr := webRequestAuthenticate(r)
if authErr != nil { if authErr != nil {
return toJSONError(ctx, authErr) return toJSONError(ctx, authErr)
} }
if !owner { // For authenticated users apply IAM policy.
if !globalIAMSys.IsAllowed(iampolicy.Args{
AccountName: claims.Subject,
Action: iampolicy.GetBucketPolicyAction,
BucketName: args.BucketName,
ConditionValues: getConditionValues(r, "", claims.Subject),
IsOwner: owner,
}) {
return toJSONError(ctx, errAccessDenied) return toJSONError(ctx, errAccessDenied)
} }