From 6f3bd76754c73cd2f1f90bf2a91348a564ad2a76 Mon Sep 17 00:00:00 2001
From: Aakash Muttineni <aakash.muttineni@gmail.com>
Date: Thu, 9 Jun 2016 14:23:56 +0530
Subject: [PATCH] api: Add new bucket policy nesting error (#1883)

* Added ErrPolicyNesting which is returned when nesting of policies has occured
* Replaces ErrMalformedPolicy in the case of nesting
* Changed test case in bucket-policy-parser_test.go (ErrMalformedPolicy -> ErrPolicyNesting)
---
 api-errors.go                | 6 ++++++
 bucket-policy-parser.go      | 2 +-
 bucket-policy-parser_test.go | 4 ++--
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/api-errors.go b/api-errors.go
index 4fd2ef3c9..e5841149a 100644
--- a/api-errors.go
+++ b/api-errors.go
@@ -109,6 +109,7 @@ const (
 	ErrWriteQuorum
 	ErrStorageFull
 	ErrObjectExistsAsDirectory
+	ErrPolicyNesting
 )
 
 // error code to APIError structure, these fields carry respective
@@ -415,6 +416,11 @@ var errorCodeResponse = map[APIErrorCode]APIError{
 		Description:    "Multiple disks failures, unable to write data.",
 		HTTPStatusCode: http.StatusServiceUnavailable,
 	},
+	ErrPolicyNesting: {
+		Code:           "XMinioPolicyNesting",
+		Description:    "Policy nesting conflict has occurred.",
+		HTTPStatusCode: http.StatusConflict,
+	},
 	// Add your error structure here.
 }
 
diff --git a/bucket-policy-parser.go b/bucket-policy-parser.go
index ebf52dc6f..ed17449c0 100644
--- a/bucket-policy-parser.go
+++ b/bucket-policy-parser.go
@@ -255,7 +255,7 @@ func checkBucketPolicyResources(bucket string, bucketPolicy BucketPolicy) APIErr
 		for _, otherResource := range resources {
 			// Common prefix reject such rules.
 			if strings.HasPrefix(otherResource, resource) {
-				return ErrMalformedPolicy
+				return ErrPolicyNesting
 			}
 		}
 	}
diff --git a/bucket-policy-parser_test.go b/bucket-policy-parser_test.go
index b893828d2..fa3f79b60 100644
--- a/bucket-policy-parser_test.go
+++ b/bucket-policy-parser_test.go
@@ -514,8 +514,8 @@ func TestCheckBucketPolicyResources(t *testing.T) {
 		{bucketAccessPolicies[4], ErrMalformedPolicy, false},
 		// Test case - 6.
 		// contructing policy statement with recursive resources.
-		// should result in ErrMalformedPolicy.
-		{bucketAccessPolicies[5], ErrMalformedPolicy, false},
+		// should result in ErrPolicyNesting.
+		{bucketAccessPolicies[5], ErrPolicyNesting, false},
 		// Test case - 7.
 		// constructing policy statement with lexically close
 		// characters.