From 4fdacb8b14597d71b6a7f45e211e2fc34e6e5134 Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@minio.io>
Date: Sun, 20 Jan 2019 12:50:01 +0530
Subject: [PATCH] Add policy conditions support for Listing operations on
 browser (#7106)

Fixes https://github.com/minio/minio/issues/7095
---
 cmd/web-handlers.go | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/cmd/web-handlers.go b/cmd/web-handlers.go
index 086e86355..593215dde 100644
--- a/cmd/web-handlers.go
+++ b/cmd/web-handlers.go
@@ -287,6 +287,12 @@ func (web *webAPIHandlers) ListBuckets(r *http.Request, args *WebGenericArgs, re
 		return toJSONError(authErr)
 	}
 
+	// Set prefix value for "s3:prefix" policy conditionals.
+	r.Header.Set("prefix", "")
+
+	// Set delimiter value for "s3:delimiter" policy conditionals.
+	r.Header.Set("delimiter", slashSeparator)
+
 	// If etcd, dns federation configured list buckets from etcd.
 	if globalDNSConfig != nil {
 		dnsBuckets, err := globalDNSConfig.List()
@@ -416,10 +422,11 @@ func (web *webAPIHandlers) ListObjects(r *http.Request, args *ListObjectsArgs, r
 	claims, owner, authErr := webRequestAuthenticate(r)
 	if authErr != nil {
 		if authErr == errNoAuthToken {
-			// Add this for checking ListObjects conditional.
-			if args.Prefix != "" {
-				r.Header.Set("prefix", args.Prefix)
-			}
+			// Set prefix value for "s3:prefix" policy conditionals.
+			r.Header.Set("prefix", args.Prefix)
+
+			// Set delimiter value for "s3:delimiter" policy conditionals.
+			r.Header.Set("delimiter", slashSeparator)
 
 			// Check if anonymous (non-owner) has access to download objects.
 			readable := globalPolicySys.IsAllowed(policy.Args{
@@ -454,10 +461,11 @@ func (web *webAPIHandlers) ListObjects(r *http.Request, args *ListObjectsArgs, r
 
 	// For authenticated users apply IAM policy.
 	if authErr == nil {
-		// Add this for checking ListObjects conditional.
-		if args.Prefix != "" {
-			r.Header.Set("prefix", args.Prefix)
-		}
+		// Set prefix value for "s3:prefix" policy conditionals.
+		r.Header.Set("prefix", args.Prefix)
+
+		// Set delimiter value for "s3:delimiter" policy conditionals.
+		r.Header.Set("delimiter", slashSeparator)
 
 		readable := globalIAMSys.IsAllowed(iampolicy.Args{
 			AccountName:     claims.Subject,