Skip to content

Permissions refactor #1162

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 3, 2021
Merged

Permissions refactor #1162

merged 3 commits into from
Nov 3, 2021

Conversation

Alevsk
Copy link
Contributor

@Alevsk Alevsk commented Oct 28, 2021
edited
Loading

Hide/Show UI components based on the IAM policy of the current user

  • Buckets lists: hide/show manage button
  • Bucket admin page: left menu items enable/disable
  • Bucket admin page: bucket configuration buttons are enabled/disabled
  • Bucket admin page: hide/show create buttons
  • Bucket admin page: enable/disable requests to backend service
  • Object browser: hide/show bucket buttons for upload, delete, etc
  • Object browser: hide/show bucket configuration button
  • Object details: hide/show object buttons, ie: delete
  • Object details: hide/show object attributes, ie: legal hold,
    retention, tags, etc

Signed-off-by: Lenin Alevski alevsk.8772@gmail.com

Manage bucket button only shows when theres something to manage

Screen Shot 2021-11-01 at 13 40 26

mybucket-admin/

    {
      "Effect": "Allow",
      "Action": [
        "s3:*"
      ],
      "Resource": [
        "arn:aws:s3:::mybucket-admin/*"
      ]
    },

Screen Shot 2021-11-01 at 13 40 51

mybucket-encryption

    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetObject",
        "s3:PutEncryptionConfiguration",
        "s3:GetEncryptionConfiguration"
      ],
      "Resource": [
        "arn:aws:s3:::mybucket-encryption/*"
      ]
    },

Screen Shot 2021-11-01 at 13 41 33

mybucket-readonly-admin

    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketPolicy",
        "s3:ListBucket",
        "s3:GetObject",
        "s3:GetEncryptionConfiguration",
        "s3:GetReplicationConfiguration",
        "s3:GetBucketObjectLockConfiguration",
        "s3:GetBucketVersioning",
        "s3:GetObjectRetention",
        "s3:GetBucketNotification",
        "s3:GetLifecycleConfiguration"
      ],
      "Resource": [
        "arn:aws:s3:::mybucket-readonly-admin/*"
      ]
    },

Screen Shot 2021-11-01 at 13 41 48

mybucket-readonly-admin

    {
      "Effect": "Allow",
      "Action": [
        "admin:ListUserPolicies",
        "admin:ListUsers",
        "admin:ListGroups",
        "admin:GetPolicy"
      ],
      "Resource": [
        "arn:aws:s3:::mybucket-readonly-admin/*"
      ]
    },

Screen Shot 2021-11-01 at 13 41 23

@Alevsk Alevsk changed the title Permissions refactor [WIP] Permissions refactor Oct 29, 2021
@Alevsk Alevsk self-assigned this Oct 29, 2021
@Alevsk Alevsk added the WIP This PR is WIP and cannot be merged yet label Oct 29, 2021
harshavardhana
harshavardhana previously requested changes Oct 29, 2021
View reviewed changes
@Alevsk Alevsk force-pushed the permissions-refactor branch 2 times, most recently from caf5fb7 to 4399acb Compare November 2, 2021 23:03
@Alevsk Alevsk requested a review from harshavardhana November 2, 2021 23:03
@Alevsk Alevsk changed the title [WIP] Permissions refactor Permissions refactor Nov 2, 2021
@Alevsk Alevsk removed the WIP This PR is WIP and cannot be merged yet label Nov 2, 2021
@Alevsk
Dynamic UI components
6c8ff3b 
Hide/Show UI components based on the IAM policy of the current user

- Buckets lists: hide/show manage button
- Bucket admin page: left menu items enable/disable
- Bucket admin page: bucket configuration buttons are enabled/disabled
- Bucket admin page: hide/show create buttons
- Bucket admin page: enable/disable requests to backend service
- Object browser: hide/show bucket buttons for upload, delete, etc
- Object browser: hide/show bucket configuration button
- Object details: hide/show object buttons, ie: delete
- Object details: hide/show object attributes, ie: legal hold,
  retention, tags, etc

Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
@Alevsk Alevsk force-pushed the permissions-refactor branch from 4399acb to 6c8ff3b Compare November 2, 2021 23:40
@dvaldivia dvaldivia merged commit 184f864 into minio:master Nov 3, 2021
@Alevsk Alevsk deleted the permissions-refactor branch November 3, 2021 00:37
@dvaldivia dvaldivia mentioned this pull request Nov 3, 2021
Closed
@harshavardhana harshavardhana mentioned this pull request Nov 8, 2021
Closed
@flixr flixr mentioned this pull request Nov 10, 2021
Closed
@mshanmu mshanmu mentioned this pull request Dec 17, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dvaldivia dvaldivia dvaldivia approved these changes

@bexsoft bexsoft bexsoft approved these changes

@harshavardhana harshavardhana Awaiting requested review from harshavardhana

@adfost adfost Awaiting requested review from adfost

@jinapurapu jinapurapu Awaiting requested review from jinapurapu

Assignees

@Alevsk Alevsk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Alevsk @harshavardhana @dvaldivia @bexsoft