Filter listing buckets based on user level access (#6940)

Fixes #6701
master
Harshavardhana 6 years ago committed by Nitish Tiwari
parent 4c7c571875
commit 76d9d54603
  1. 21
      cmd/web-handlers.go

@ -258,7 +258,8 @@ func (web *webAPIHandlers) ListBuckets(r *http.Request, args *WebGenericArgs, re
listBuckets = web.CacheAPI().ListBuckets
}
if _, _, authErr := webRequestAuthenticate(r); authErr != nil {
claims, owner, authErr := webRequestAuthenticate(r)
if authErr != nil {
return toJSONError(authErr)
}
@ -270,23 +271,41 @@ func (web *webAPIHandlers) ListBuckets(r *http.Request, args *WebGenericArgs, re
}
for _, dnsRecord := range dnsBuckets {
bucketName := strings.Trim(dnsRecord.Key, "/")
if globalIAMSys.IsAllowed(iampolicy.Args{
AccountName: claims.Subject,
Action: iampolicy.Action(policy.GetObjectAction),
BucketName: bucketName,
ConditionValues: getConditionValues(r, ""),
IsOwner: owner,
ObjectName: "",
}) {
reply.Buckets = append(reply.Buckets, WebBucketInfo{
Name: bucketName,
CreationDate: dnsRecord.CreationDate,
})
}
}
} else {
buckets, err := listBuckets(context.Background())
if err != nil {
return toJSONError(err)
}
for _, bucket := range buckets {
if globalIAMSys.IsAllowed(iampolicy.Args{
AccountName: claims.Subject,
Action: iampolicy.Action(policy.GetObjectAction),
BucketName: bucket.Name,
ConditionValues: getConditionValues(r, ""),
IsOwner: owner,
ObjectName: "",
}) {
reply.Buckets = append(reply.Buckets, WebBucketInfo{
Name: bucket.Name,
CreationDate: bucket.Created,
})
}
}
}
reply.UIVersion = browser.UIVersion
return nil

Loading…
Cancel
Save