|
|
|
@ -160,7 +160,7 @@ func (web *webAPIHandlers) MakeBucket(r *http.Request, args *MakeBucketArgs, rep |
|
|
|
|
AccountName: claims.Subject, |
|
|
|
|
Action: iampolicy.CreateBucketAction, |
|
|
|
|
BucketName: args.BucketName, |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject), |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject, claims.Map()), |
|
|
|
|
IsOwner: owner, |
|
|
|
|
}) { |
|
|
|
|
return toJSONError(ctx, errAccessDenied) |
|
|
|
@ -221,7 +221,7 @@ func (web *webAPIHandlers) DeleteBucket(r *http.Request, args *RemoveBucketArgs, |
|
|
|
|
AccountName: claims.Subject, |
|
|
|
|
Action: iampolicy.DeleteBucketAction, |
|
|
|
|
BucketName: args.BucketName, |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject), |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject, claims.Map()), |
|
|
|
|
IsOwner: owner, |
|
|
|
|
}) { |
|
|
|
|
return toJSONError(ctx, errAccessDenied) |
|
|
|
@ -325,7 +325,7 @@ func (web *webAPIHandlers) ListBuckets(r *http.Request, args *WebGenericArgs, re |
|
|
|
|
AccountName: claims.Subject, |
|
|
|
|
Action: iampolicy.ListBucketAction, |
|
|
|
|
BucketName: dnsRecord.Key, |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject), |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject, claims.Map()), |
|
|
|
|
IsOwner: owner, |
|
|
|
|
ObjectName: "", |
|
|
|
|
}) { |
|
|
|
@ -347,7 +347,7 @@ func (web *webAPIHandlers) ListBuckets(r *http.Request, args *WebGenericArgs, re |
|
|
|
|
AccountName: claims.Subject, |
|
|
|
|
Action: iampolicy.ListBucketAction, |
|
|
|
|
BucketName: bucket.Name, |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject), |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject, claims.Map()), |
|
|
|
|
IsOwner: owner, |
|
|
|
|
ObjectName: "", |
|
|
|
|
}) { |
|
|
|
@ -459,7 +459,7 @@ func (web *webAPIHandlers) ListObjects(r *http.Request, args *ListObjectsArgs, r |
|
|
|
|
readable := globalPolicySys.IsAllowed(policy.Args{ |
|
|
|
|
Action: policy.ListBucketAction, |
|
|
|
|
BucketName: args.BucketName, |
|
|
|
|
ConditionValues: getConditionValues(r, "", ""), |
|
|
|
|
ConditionValues: getConditionValues(r, "", "", nil), |
|
|
|
|
IsOwner: false, |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
@ -467,7 +467,7 @@ func (web *webAPIHandlers) ListObjects(r *http.Request, args *ListObjectsArgs, r |
|
|
|
|
writable := globalPolicySys.IsAllowed(policy.Args{ |
|
|
|
|
Action: policy.PutObjectAction, |
|
|
|
|
BucketName: args.BucketName, |
|
|
|
|
ConditionValues: getConditionValues(r, "", ""), |
|
|
|
|
ConditionValues: getConditionValues(r, "", "", nil), |
|
|
|
|
IsOwner: false, |
|
|
|
|
ObjectName: args.Prefix + SlashSeparator, |
|
|
|
|
}) |
|
|
|
@ -498,7 +498,7 @@ func (web *webAPIHandlers) ListObjects(r *http.Request, args *ListObjectsArgs, r |
|
|
|
|
AccountName: claims.Subject, |
|
|
|
|
Action: iampolicy.ListBucketAction, |
|
|
|
|
BucketName: args.BucketName, |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject), |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject, claims.Map()), |
|
|
|
|
IsOwner: owner, |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
@ -506,7 +506,7 @@ func (web *webAPIHandlers) ListObjects(r *http.Request, args *ListObjectsArgs, r |
|
|
|
|
AccountName: claims.Subject, |
|
|
|
|
Action: iampolicy.PutObjectAction, |
|
|
|
|
BucketName: args.BucketName, |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject), |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject, claims.Map()), |
|
|
|
|
IsOwner: owner, |
|
|
|
|
ObjectName: args.Prefix + SlashSeparator, |
|
|
|
|
}) |
|
|
|
@ -598,7 +598,7 @@ func (web *webAPIHandlers) RemoveObject(r *http.Request, args *RemoveObjectArgs, |
|
|
|
|
if !globalPolicySys.IsAllowed(policy.Args{ |
|
|
|
|
Action: policy.DeleteObjectAction, |
|
|
|
|
BucketName: args.BucketName, |
|
|
|
|
ConditionValues: getConditionValues(r, "", ""), |
|
|
|
|
ConditionValues: getConditionValues(r, "", "", nil), |
|
|
|
|
IsOwner: false, |
|
|
|
|
ObjectName: object, |
|
|
|
|
}) { |
|
|
|
@ -672,7 +672,7 @@ next: |
|
|
|
|
AccountName: claims.Subject, |
|
|
|
|
Action: iampolicy.DeleteObjectAction, |
|
|
|
|
BucketName: args.BucketName, |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject), |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject, claims.Map()), |
|
|
|
|
IsOwner: owner, |
|
|
|
|
ObjectName: objectName, |
|
|
|
|
}) { |
|
|
|
@ -690,7 +690,7 @@ next: |
|
|
|
|
AccountName: claims.Subject, |
|
|
|
|
Action: iampolicy.DeleteObjectAction, |
|
|
|
|
BucketName: args.BucketName, |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject), |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject, claims.Map()), |
|
|
|
|
IsOwner: owner, |
|
|
|
|
ObjectName: objectName, |
|
|
|
|
}) { |
|
|
|
@ -930,7 +930,7 @@ func (web *webAPIHandlers) Upload(w http.ResponseWriter, r *http.Request) { |
|
|
|
|
if !globalPolicySys.IsAllowed(policy.Args{ |
|
|
|
|
Action: policy.PutObjectAction, |
|
|
|
|
BucketName: bucket, |
|
|
|
|
ConditionValues: getConditionValues(r, "", ""), |
|
|
|
|
ConditionValues: getConditionValues(r, "", "", nil), |
|
|
|
|
IsOwner: false, |
|
|
|
|
ObjectName: object, |
|
|
|
|
}) { |
|
|
|
@ -949,7 +949,7 @@ func (web *webAPIHandlers) Upload(w http.ResponseWriter, r *http.Request) { |
|
|
|
|
AccountName: claims.Subject, |
|
|
|
|
Action: iampolicy.PutObjectAction, |
|
|
|
|
BucketName: bucket, |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject), |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject, claims.Map()), |
|
|
|
|
IsOwner: owner, |
|
|
|
|
ObjectName: object, |
|
|
|
|
}) { |
|
|
|
@ -1110,7 +1110,7 @@ func (web *webAPIHandlers) Download(w http.ResponseWriter, r *http.Request) { |
|
|
|
|
if !globalPolicySys.IsAllowed(policy.Args{ |
|
|
|
|
Action: policy.GetObjectAction, |
|
|
|
|
BucketName: bucket, |
|
|
|
|
ConditionValues: getConditionValues(r, "", ""), |
|
|
|
|
ConditionValues: getConditionValues(r, "", "", nil), |
|
|
|
|
IsOwner: false, |
|
|
|
|
ObjectName: object, |
|
|
|
|
}) { |
|
|
|
@ -1129,7 +1129,7 @@ func (web *webAPIHandlers) Download(w http.ResponseWriter, r *http.Request) { |
|
|
|
|
AccountName: claims.Subject, |
|
|
|
|
Action: iampolicy.GetObjectAction, |
|
|
|
|
BucketName: bucket, |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject), |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject, claims.Map()), |
|
|
|
|
IsOwner: owner, |
|
|
|
|
ObjectName: object, |
|
|
|
|
}) { |
|
|
|
@ -1259,7 +1259,7 @@ func (web *webAPIHandlers) DownloadZip(w http.ResponseWriter, r *http.Request) { |
|
|
|
|
if !globalPolicySys.IsAllowed(policy.Args{ |
|
|
|
|
Action: policy.GetObjectAction, |
|
|
|
|
BucketName: args.BucketName, |
|
|
|
|
ConditionValues: getConditionValues(r, "", ""), |
|
|
|
|
ConditionValues: getConditionValues(r, "", "", nil), |
|
|
|
|
IsOwner: false, |
|
|
|
|
ObjectName: pathJoin(args.Prefix, object), |
|
|
|
|
}) { |
|
|
|
@ -1280,7 +1280,7 @@ func (web *webAPIHandlers) DownloadZip(w http.ResponseWriter, r *http.Request) { |
|
|
|
|
AccountName: claims.Subject, |
|
|
|
|
Action: iampolicy.GetObjectAction, |
|
|
|
|
BucketName: args.BucketName, |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject), |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject, claims.Map()), |
|
|
|
|
IsOwner: owner, |
|
|
|
|
ObjectName: pathJoin(args.Prefix, object), |
|
|
|
|
}) { |
|
|
|
@ -1426,7 +1426,7 @@ func (web *webAPIHandlers) GetBucketPolicy(r *http.Request, args *GetBucketPolic |
|
|
|
|
AccountName: claims.Subject, |
|
|
|
|
Action: iampolicy.GetBucketPolicyAction, |
|
|
|
|
BucketName: args.BucketName, |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject), |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject, claims.Map()), |
|
|
|
|
IsOwner: owner, |
|
|
|
|
}) { |
|
|
|
|
return toJSONError(ctx, errAccessDenied) |
|
|
|
@ -1523,7 +1523,7 @@ func (web *webAPIHandlers) ListAllBucketPolicies(r *http.Request, args *ListAllB |
|
|
|
|
AccountName: claims.Subject, |
|
|
|
|
Action: iampolicy.GetBucketPolicyAction, |
|
|
|
|
BucketName: args.BucketName, |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject), |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject, claims.Map()), |
|
|
|
|
IsOwner: owner, |
|
|
|
|
}) { |
|
|
|
|
return toJSONError(ctx, errAccessDenied) |
|
|
|
@ -1613,7 +1613,7 @@ func (web *webAPIHandlers) SetBucketPolicy(r *http.Request, args *SetBucketPolic |
|
|
|
|
AccountName: claims.Subject, |
|
|
|
|
Action: iampolicy.PutBucketPolicyAction, |
|
|
|
|
BucketName: args.BucketName, |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject), |
|
|
|
|
ConditionValues: getConditionValues(r, "", claims.Subject, claims.Map()), |
|
|
|
|
IsOwner: owner, |
|
|
|
|
}) { |
|
|
|
|
return toJSONError(ctx, errAccessDenied) |
|
|
|
|