mirror of
https://github.com/OpenMaxIO/openmaxio-object-browser
synced 2026-07-01 07:41:18 -07:00
Allow Put* actions in console (#2544)
This commit is contained in:
@@ -29,6 +29,7 @@ export const IAM_SCOPES = {
|
||||
S3_PUT_BUCKET_POLICY: "s3:PutBucketPolicy",
|
||||
S3_GET_OBJECT: "s3:GetObject",
|
||||
S3_PUT_OBJECT: "s3:PutObject",
|
||||
S3_PUT_ACTIONS: "s3:Put*",
|
||||
S3_GET_OBJECT_LEGAL_HOLD: "s3:GetObjectLegalHold",
|
||||
S3_PUT_OBJECT_LEGAL_HOLD: "s3:PutObjectLegalHold",
|
||||
S3_DELETE_OBJECT: "s3:DeleteObject",
|
||||
@@ -238,6 +239,7 @@ export const IAM_PAGES = {
|
||||
export const IAM_PERMISSIONS = {
|
||||
[IAM_ROLES.BUCKET_OWNER]: [
|
||||
IAM_SCOPES.S3_PUT_OBJECT,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
IAM_SCOPES.S3_DELETE_OBJECT,
|
||||
],
|
||||
[IAM_ROLES.BUCKET_VIEWER]: [
|
||||
@@ -298,10 +300,12 @@ export const IAM_PERMISSIONS = {
|
||||
IAM_SCOPES.ADMIN_LIST_USER_POLICIES,
|
||||
IAM_SCOPES.ADMIN_LIST_USERS,
|
||||
IAM_SCOPES.ADMIN_HEAL,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
],
|
||||
[IAM_ROLES.BUCKET_LIFECYCLE]: [
|
||||
IAM_SCOPES.S3_GET_LIFECYCLE_CONFIGURATION,
|
||||
IAM_SCOPES.S3_PUT_LIFECYCLE_CONFIGURATION,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
IAM_SCOPES.ADMIN_LIST_TIERS,
|
||||
IAM_SCOPES.ADMIN_SET_TIER,
|
||||
],
|
||||
|
||||
@@ -105,6 +105,7 @@ const AccessRule = () => {
|
||||
|
||||
const editAccessRules = hasPermission(bucketName, [
|
||||
IAM_SCOPES.S3_PUT_BUCKET_POLICY,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]);
|
||||
|
||||
useEffect(() => {
|
||||
@@ -199,6 +200,7 @@ const AccessRule = () => {
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_GET_BUCKET_POLICY,
|
||||
IAM_SCOPES.S3_PUT_BUCKET_POLICY,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
matchAll
|
||||
|
||||
@@ -524,6 +524,7 @@ const BrowserHandler = () => {
|
||||
IAM_SCOPES.S3_LIST_BUCKET_VERSIONS,
|
||||
IAM_SCOPES.S3_GET_BUCKET_POLICY_STATUS,
|
||||
IAM_SCOPES.S3_DELETE_BUCKET_POLICY,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]);
|
||||
|
||||
const searchBar = (
|
||||
|
||||
@@ -361,6 +361,7 @@ const BucketDetails = ({ classes }: IBucketDetailsProps) => {
|
||||
disabled: !hasPermission(bucketName, [
|
||||
IAM_SCOPES.S3_GET_BUCKET_NOTIFICATIONS,
|
||||
IAM_SCOPES.S3_PUT_BUCKET_NOTIFICATIONS,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]),
|
||||
to: getRoutePath("events"),
|
||||
},
|
||||
@@ -377,6 +378,7 @@ const BucketDetails = ({ classes }: IBucketDetailsProps) => {
|
||||
!hasPermission(bucketName, [
|
||||
IAM_SCOPES.S3_GET_REPLICATION_CONFIGURATION,
|
||||
IAM_SCOPES.S3_PUT_REPLICATION_CONFIGURATION,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]),
|
||||
to: getRoutePath("replication"),
|
||||
},
|
||||
@@ -391,6 +393,7 @@ const BucketDetails = ({ classes }: IBucketDetailsProps) => {
|
||||
!hasPermission(bucketName, [
|
||||
IAM_SCOPES.S3_GET_LIFECYCLE_CONFIGURATION,
|
||||
IAM_SCOPES.S3_PUT_LIFECYCLE_CONFIGURATION,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]),
|
||||
to: getRoutePath("lifecycle"),
|
||||
},
|
||||
|
||||
@@ -155,6 +155,7 @@ const BucketEventsPanel = ({ classes }: IBucketEventsProps) => {
|
||||
<SecureComponent
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_PUT_BUCKET_NOTIFICATIONS,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
IAM_SCOPES.ADMIN_SERVER_INFO,
|
||||
]}
|
||||
resource={bucketName}
|
||||
|
||||
@@ -275,7 +275,10 @@ const BucketLifecyclePanel = ({ classes }: IBucketLifecyclePanelProps) => {
|
||||
<Grid item xs={12} className={classes.actionsTray}>
|
||||
<PanelTitle>Lifecycle Rules</PanelTitle>
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_PUT_LIFECYCLE_CONFIGURATION]}
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_PUT_LIFECYCLE_CONFIGURATION,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
matchAll
|
||||
errorProps={{ disabled: true }}
|
||||
|
||||
@@ -210,7 +210,10 @@ const BucketReplicationPanel = ({ classes }: IBucketReplicationProps) => {
|
||||
onClick: editReplicationRule,
|
||||
disableButtonFunction: !hasPermission(
|
||||
bucketName,
|
||||
[IAM_SCOPES.S3_PUT_REPLICATION_CONFIGURATION],
|
||||
[
|
||||
IAM_SCOPES.S3_PUT_REPLICATION_CONFIGURATION,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
],
|
||||
true
|
||||
),
|
||||
},
|
||||
@@ -253,7 +256,10 @@ const BucketReplicationPanel = ({ classes }: IBucketReplicationProps) => {
|
||||
<PanelTitle>Replication</PanelTitle>
|
||||
<div style={{ display: "flex" }}>
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_PUT_REPLICATION_CONFIGURATION]}
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_PUT_REPLICATION_CONFIGURATION,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
matchAll
|
||||
errorProps={{ disabled: true }}
|
||||
@@ -273,7 +279,10 @@ const BucketReplicationPanel = ({ classes }: IBucketReplicationProps) => {
|
||||
</TooltipWrapper>
|
||||
</SecureComponent>
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_PUT_REPLICATION_CONFIGURATION]}
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_PUT_REPLICATION_CONFIGURATION,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
matchAll
|
||||
errorProps={{ disabled: true }}
|
||||
|
||||
@@ -428,7 +428,10 @@ const BucketSummary = ({ classes }: IBucketSummaryProps) => {
|
||||
resource={bucketName}
|
||||
>
|
||||
<EditablePropertyItem
|
||||
iamScopes={[IAM_SCOPES.S3_PUT_BUCKET_POLICY]}
|
||||
iamScopes={[
|
||||
IAM_SCOPES.S3_PUT_BUCKET_POLICY,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]}
|
||||
resourceName={bucketName}
|
||||
property={"Access Policy:"}
|
||||
value={accessPolicy.toLowerCase()}
|
||||
@@ -446,6 +449,7 @@ const BucketSummary = ({ classes }: IBucketSummaryProps) => {
|
||||
<EditablePropertyItem
|
||||
iamScopes={[
|
||||
IAM_SCOPES.S3_PUT_BUCKET_ENCRYPTION_CONFIGURATION,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]}
|
||||
resourceName={bucketName}
|
||||
property={"Encryption:"}
|
||||
@@ -549,7 +553,10 @@ const BucketSummary = ({ classes }: IBucketSummaryProps) => {
|
||||
}}
|
||||
>
|
||||
<EditablePropertyItem
|
||||
iamScopes={[IAM_SCOPES.S3_PUT_BUCKET_VERSIONING]}
|
||||
iamScopes={[
|
||||
IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]}
|
||||
resourceName={bucketName}
|
||||
property={"Current Status:"}
|
||||
value={isVersioned ? "Versioned" : "Unversioned (Default)"}
|
||||
|
||||
@@ -113,7 +113,10 @@ const BucketTags = ({ bucketName }: BucketTagProps) => {
|
||||
return (
|
||||
<SecureComponent
|
||||
key={`chip-${index}`}
|
||||
scopes={[IAM_SCOPES.S3_PUT_BUCKET_TAGGING]}
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_PUT_BUCKET_TAGGING,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
matchAll
|
||||
errorProps={{
|
||||
@@ -142,7 +145,10 @@ const BucketTags = ({ bucketName }: BucketTagProps) => {
|
||||
</Box>
|
||||
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_PUT_BUCKET_TAGGING]}
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_PUT_BUCKET_TAGGING,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
errorProps={{ disabled: true, onClick: null }}
|
||||
>
|
||||
|
||||
@@ -171,12 +171,14 @@ const AddBucket = ({ classes }: IsetProps) => {
|
||||
[
|
||||
IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
|
||||
IAM_SCOPES.S3_PUT_BUCKET_OBJECT_LOCK_CONFIGURATION,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
],
|
||||
true
|
||||
);
|
||||
|
||||
const versioningAllowed = hasPermission("*", [
|
||||
IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]);
|
||||
|
||||
useEffect(() => {
|
||||
@@ -330,7 +332,10 @@ const AddBucket = ({ classes }: IsetProps) => {
|
||||
? "You must disable Locking before Versioning can be disabled"
|
||||
: ""
|
||||
: permissionTooltipHelper(
|
||||
[IAM_SCOPES.S3_PUT_BUCKET_VERSIONING],
|
||||
[
|
||||
IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
],
|
||||
"Versioning"
|
||||
)
|
||||
}
|
||||
@@ -362,6 +367,7 @@ const AddBucket = ({ classes }: IsetProps) => {
|
||||
[
|
||||
IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
|
||||
IAM_SCOPES.S3_PUT_BUCKET_OBJECT_LOCK_CONFIGURATION,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
],
|
||||
"Locking"
|
||||
)
|
||||
|
||||
@@ -312,7 +312,7 @@ const ListObjects = () => {
|
||||
const canDelete = hasPermission(bucketName, [IAM_SCOPES.S3_DELETE_OBJECT]);
|
||||
const canUpload = hasPermission(
|
||||
uploadPath,
|
||||
[IAM_SCOPES.S3_PUT_OBJECT],
|
||||
[IAM_SCOPES.S3_PUT_OBJECT, IAM_SCOPES.S3_PUT_ACTIONS],
|
||||
true,
|
||||
true
|
||||
);
|
||||
@@ -696,7 +696,7 @@ const ListObjects = () => {
|
||||
setErrorSnackMessage({
|
||||
errorMessage: "Upload not allowed",
|
||||
detailedError: permissionTooltipHelper(
|
||||
[IAM_SCOPES.S3_PUT_OBJECT],
|
||||
[IAM_SCOPES.S3_PUT_OBJECT, IAM_SCOPES.S3_PUT_ACTIONS],
|
||||
"upload objects to this location"
|
||||
),
|
||||
})
|
||||
|
||||
@@ -443,14 +443,20 @@ const ObjectDetailPanel = ({
|
||||
];
|
||||
const canSetLegalHold = hasPermission(bucketName, [
|
||||
IAM_SCOPES.S3_PUT_OBJECT_LEGAL_HOLD,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]);
|
||||
const canSetTags = hasPermission(objectResources, [
|
||||
IAM_SCOPES.S3_PUT_OBJECT_TAGGING,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]);
|
||||
|
||||
const canChangeRetention = hasPermission(
|
||||
objectResources,
|
||||
[IAM_SCOPES.S3_GET_OBJECT_RETENTION, IAM_SCOPES.S3_PUT_OBJECT_RETENTION],
|
||||
[
|
||||
IAM_SCOPES.S3_GET_OBJECT_RETENTION,
|
||||
IAM_SCOPES.S3_PUT_OBJECT_RETENTION,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
],
|
||||
true
|
||||
);
|
||||
const canInspect = hasPermission(objectResources, [
|
||||
@@ -460,6 +466,7 @@ const ObjectDetailPanel = ({
|
||||
IAM_SCOPES.S3_GET_BUCKET_VERSIONING,
|
||||
IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
|
||||
IAM_SCOPES.S3_GET_OBJECT_VERSION,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]);
|
||||
const canGetObject = hasPermission(objectResources, [
|
||||
IAM_SCOPES.S3_GET_OBJECT,
|
||||
@@ -532,7 +539,7 @@ const ObjectDetailPanel = ({
|
||||
? "Change Legal Hold rules for this File"
|
||||
: "Object Locking must be enabled on this bucket in order to set Legal Hold"
|
||||
: permissionTooltipHelper(
|
||||
[IAM_SCOPES.S3_PUT_OBJECT_LEGAL_HOLD],
|
||||
[IAM_SCOPES.S3_PUT_OBJECT_LEGAL_HOLD, IAM_SCOPES.S3_PUT_ACTIONS],
|
||||
"change legal hold settings for this object"
|
||||
),
|
||||
},
|
||||
@@ -554,6 +561,7 @@ const ObjectDetailPanel = ({
|
||||
[
|
||||
IAM_SCOPES.S3_GET_OBJECT_RETENTION,
|
||||
IAM_SCOPES.S3_PUT_OBJECT_RETENTION,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
],
|
||||
"change Retention Rules for this object"
|
||||
),
|
||||
@@ -572,6 +580,7 @@ const ObjectDetailPanel = ({
|
||||
[
|
||||
IAM_SCOPES.S3_PUT_OBJECT_TAGGING,
|
||||
IAM_SCOPES.S3_GET_OBJECT_TAGGING,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
],
|
||||
"set Tags on this object"
|
||||
),
|
||||
@@ -617,6 +626,7 @@ const ObjectDetailPanel = ({
|
||||
[
|
||||
IAM_SCOPES.S3_GET_BUCKET_VERSIONING,
|
||||
IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
IAM_SCOPES.S3_GET_OBJECT_VERSION,
|
||||
],
|
||||
"display all versions of this object"
|
||||
|
||||
@@ -298,7 +298,10 @@ const AddTagModal = ({
|
||||
</Box>
|
||||
</SecureComponent>
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_PUT_OBJECT_TAGGING]}
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_PUT_OBJECT_TAGGING,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
errorProps={{ disabled: true, onClick: null }}
|
||||
>
|
||||
|
||||
@@ -69,10 +69,11 @@ const UploadFilesButton = ({
|
||||
|
||||
const uploadObjectAllowed = hasPermission(uploadPath, [
|
||||
IAM_SCOPES.S3_PUT_OBJECT,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]);
|
||||
const uploadFolderAllowed = hasPermission(
|
||||
bucketName,
|
||||
[IAM_SCOPES.S3_PUT_OBJECT],
|
||||
[IAM_SCOPES.S3_PUT_OBJECT, IAM_SCOPES.S3_PUT_ACTIONS],
|
||||
false,
|
||||
true
|
||||
);
|
||||
@@ -86,7 +87,7 @@ const UploadFilesButton = ({
|
||||
uploadEnabled
|
||||
? "Upload Files"
|
||||
: permissionTooltipHelper(
|
||||
[IAM_SCOPES.S3_PUT_OBJECT],
|
||||
[IAM_SCOPES.S3_PUT_OBJECT, IAM_SCOPES.S3_PUT_ACTIONS],
|
||||
"upload files to this bucket"
|
||||
)
|
||||
}
|
||||
|
||||
@@ -82,7 +82,10 @@ const BrowserBreadcrumbs = ({
|
||||
|
||||
const [createFolderOpen, setCreateFolderOpen] = useState<boolean>(false);
|
||||
|
||||
const canCreatePath = hasPermission(bucketName, [IAM_SCOPES.S3_PUT_OBJECT]);
|
||||
const canCreatePath = hasPermission(bucketName, [
|
||||
IAM_SCOPES.S3_PUT_OBJECT,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]);
|
||||
|
||||
let paths = internalPaths;
|
||||
|
||||
@@ -227,7 +230,7 @@ const BrowserBreadcrumbs = ({
|
||||
canCreatePath
|
||||
? "Choose or create a new path"
|
||||
: permissionTooltipHelper(
|
||||
[IAM_SCOPES.S3_PUT_OBJECT],
|
||||
[IAM_SCOPES.S3_PUT_OBJECT, IAM_SCOPES.S3_PUT_ACTIONS],
|
||||
"create a new path"
|
||||
)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user