Tests for Object delete button on SideBar (#1746)

Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>

Author: Alevsk

portal-ui/src/common/SecureComponent/__tests__/accessControl.test.ts

@@ -116,6 +116,23 @@ const setPolicy3 = () => {
   });
 };
 
+const setPolicy4 = () => {
+  store.dispatch({
+    type: SESSION_RESPONSE,
+    message: {
+      distributedMode: true,
+      features: [],
+      permissions: {
+        "arn:aws:s3:::test/*": ["s3:ListBucket"],
+        "arn:aws:s3:::test": ["s3:GetBucketLocation"],
+        "arn:aws:s3:::test/digitalinsights/xref_cust_guid_actd*": ["s3:*"],
+      },
+      status: "ok",
+      operator: false,
+    },
+  });
+};
+
 test("Upload button disabled", () => {
   setPolicy1();
   expect(hasPermission("testcafe", ["s3:PutObject"])).toBe(false);
@@ -157,3 +174,26 @@ test("Can browse a bucket for a policy with a wildcard", () => {
     )
   ).toBe(true);
 });
+
+test("Can delete an object inside a bucket prefix", () => {
+  setPolicy4();
+  expect(
+    hasPermission(
+      [
+        "xref_cust_guid_actd-v1.jpg",
+        "test/digitalinsights/xref_cust_guid_actd-v1.jpg",
+      ],
+      [IAM_SCOPES.S3_DELETE_OBJECT]
+    )
+  ).toBe(true);
+});
+
+test("Can't delete an object inside a bucket prefix", () => {
+  setPolicy4();
+  expect(
+    hasPermission(
+      ["xref_cust_guid_actd-v1.jpg", "test/xref_cust_guid_actd-v1.jpg"],
+      [IAM_SCOPES.S3_DELETE_OBJECT]
+    )
+  ).toBe(false);
+});

portal-ui/src/common/SecureComponent/accessControl.ts

@@ -54,16 +54,15 @@ const hasPermission = (
         const replaceWildcard = wildcardItemSection
           .replace("/", "\\/")
           .replace("*", "($|\\/?(.*?))");
-
-        const inRegExp = new RegExp(`${replaceWildcard}$`, "gm");
-
-        if (inRegExp.exec(path)) {
+        const inRegExp = new RegExp(`${replaceWildcard}`, "gm");
+        // Avoid calling inRegExp multiple times and instead use the stored value if need it:
+        // https://stackoverflow.com/questions/59694142/regex-testvalue-returns-true-when-logged-but-false-within-an-if-statement
+        const matches = inRegExp.test(path);
+        if (matches) {
           return element;
         }
-
         return null;
       });
-
       return items.filter((itm) => itm !== null);
     };
 

portal-ui/tests/permissions-2/deleteObjectWithPrefixOnly.ts

@@ -0,0 +1,122 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import * as roles from "../utils/roles";
+import { Selector } from "testcafe";
+import * as functions from "../utils/functions";
+import { testBucketBrowseButtonFor } from "../utils/functions";
+
+fixture("Delete Objects With Prefix Only policy").page(
+  "http://localhost:9090/"
+);
+
+export const sideBar = Selector("div.MuiGrid-root.MuiGrid-item");
+export const sideBarDeleteButton = sideBar.find("button").withText("Delete");
+const bucket1 = "test-1";
+const test1BucketBrowseButton = testBucketBrowseButtonFor(bucket1);
+const bucket2 = "test-2";
+const test2BucketBrowseButton = testBucketBrowseButtonFor(bucket2);
+const bucket3 = "test-3";
+const test3BucketBrowseButton = testBucketBrowseButtonFor(bucket3);
+test
+  .before(async (t) => {
+    await functions.setUpBucket(t, bucket1);
+    await functions.uploadObjectToBucket(
+      t,
+      bucket1,
+      "test.txt",
+      "portal-ui/tests/uploads/test.txt"
+    );
+  })("Delete button is disabled for object inside bucket", async (t) => {
+    await t
+      .useRole(roles.deleteObjectWithPrefixOnly)
+      .navigateTo(`http://localhost:9090/buckets`)
+      .click(test1BucketBrowseButton)
+      .click(
+        Selector(".ReactVirtualized__Table__rowColumn").withText("test.txt")
+      )
+      .expect(sideBarDeleteButton.hasAttribute("disabled"))
+      .ok();
+  })
+  .after(async (t) => {
+    await functions.cleanUpBucketAndUploads(t, bucket1);
+  });
+
+test
+  .before(async (t) => {
+    await functions.setUpBucket(t, bucket2);
+    await functions.uploadObjectToBucket(
+      t,
+      bucket2,
+      "digitalinsights/xref_cust_guid_actd-v1.txt",
+      "portal-ui/tests/uploads/test.txt"
+    );
+  })(
+    "Delete button is enabled for object that matches prefix inside bucket",
+    async (t) => {
+      await t
+        .useRole(roles.deleteObjectWithPrefixOnly)
+        .navigateTo(`http://localhost:9090/buckets`)
+        .click(test2BucketBrowseButton)
+        .click(
+          Selector(".ReactVirtualized__Table__rowColumn").withText(
+            "digitalinsights"
+          )
+        )
+        .click(
+          Selector(".ReactVirtualized__Table__rowColumn").withText(
+            "xref_cust_guid_actd-v1.txt"
+          )
+        )
+        .expect(sideBarDeleteButton.hasAttribute("disabled"))
+        .notOk();
+    }
+  )
+  .after(async (t) => {
+    await functions.cleanUpBucketAndUploads(t, bucket2);
+  });
+
+test
+  .before(async (t) => {
+    await functions.setUpBucket(t, bucket3);
+    await functions.uploadObjectToBucket(
+      t,
+      bucket3,
+      "digitalinsights/test.txt",
+      "portal-ui/tests/uploads/test.txt"
+    );
+  })(
+    "Delete button is disabled for object that doesn't matches prefix inside bucket",
+    async (t) => {
+      await t
+        .useRole(roles.deleteObjectWithPrefixOnly)
+        .navigateTo(`http://localhost:9090/buckets`)
+        .click(test3BucketBrowseButton)
+        .click(
+          Selector(".ReactVirtualized__Table__rowColumn").withText(
+            "digitalinsights"
+          )
+        )
+        .click(
+          Selector(".ReactVirtualized__Table__rowColumn").withText("test.txt")
+        )
+        .expect(sideBarDeleteButton.hasAttribute("disabled"))
+        .ok();
+    }
+  )
+  .after(async (t) => {
+    await functions.cleanUpBucketAndUploads(t, bucket3);
+  });

portal-ui/tests/policies/deleteObjectWithPrefix.json

@@ -0,0 +1,58 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": ["s3:ListBucket"],
+      "Resource": ["arn:aws:s3:::testbucket-*-test-1/*"]
+    },
+    {
+      "Effect": "Allow",
+      "Action": ["s3:GetBucketLocation"],
+      "Resource": ["arn:aws:s3:::testbucket-*-test-1"]
+    },
+    {
+      "Effect": "Allow",
+      "Action": ["s3:*"],
+      "Resource": [
+        "arn:aws:s3:::testbucket-*-test-1/digitalinsights/xref_cust_guid_actd*"
+      ]
+    },
+
+    {
+      "Effect": "Allow",
+      "Action": ["s3:ListBucket"],
+      "Resource": ["arn:aws:s3:::testbucket-*-test-2/*"]
+    },
+    {
+      "Effect": "Allow",
+      "Action": ["s3:GetBucketLocation"],
+      "Resource": ["arn:aws:s3:::testbucket-*-test-2"]
+    },
+    {
+      "Effect": "Allow",
+      "Action": ["s3:*"],
+      "Resource": [
+        "arn:aws:s3:::testbucket-*-test-2/digitalinsights/xref_cust_guid_actd*"
+      ]
+    },
+
+    {
+      "Effect": "Allow",
+      "Action": ["s3:ListBucket"],
+      "Resource": ["arn:aws:s3:::testbucket-*-test-3/*"]
+    },
+    {
+      "Effect": "Allow",
+      "Action": ["s3:GetBucketLocation"],
+      "Resource": ["arn:aws:s3:::testbucket-*-test-3"]
+    },
+    {
+      "Effect": "Allow",
+      "Action": ["s3:*"],
+      "Resource": [
+        "arn:aws:s3:::testbucket-*-test-3/digitalinsights/xref_cust_guid_actd*"
+      ]
+    }
+  ]
+}

portal-ui/tests/scripts/common.sh

@@ -45,6 +45,7 @@ create_policies() {
   mc admin policy add minio inspect-allowed-$TIMESTAMP portal-ui/tests/policies/inspect-allowed.json
   mc admin policy add minio inspect-not-allowed-$TIMESTAMP portal-ui/tests/policies/inspect-not-allowed.json
   mc admin policy add minio fix-prefix-policy-ui-crash-$TIMESTAMP portal-ui/tests/policies/fix-prefix-policy-ui-crash.json
+  mc admin policy add minio delete-object-with-prefix-$TIMESTAMP portal-ui/tests/policies/deleteObjectWithPrefix.json
 }
 
 create_users() {
@@ -71,10 +72,12 @@ create_users() {
   mc admin user add minio inspect-allowed-$TIMESTAMP insallowed1234
   mc admin user add minio inspect-not-allowed-$TIMESTAMP insnotallowed1234
   mc admin user add minio prefix-policy-ui-crash-$TIMESTAMP poluicrashfix1234
+  mc admin user add minio delete-object-with-prefix-$TIMESTAMP deleteobjectwithprefix1234
 }
 
 create_buckets() {
   mc mb minio/testcafe && mc cp ./portal-ui/tests/uploads/test.txt minio/testcafe/write/test.txt
+  mc mb minio/test && mc cp ./portal-ui/tests/uploads/test.txt minio/test/test.txt && mc cp ./portal-ui/tests/uploads/test.txt minio/test/digitalinsights/xref_cust_guid_actd-v1.txt && mc cp ./portal-ui/tests/uploads/test.txt minio/test/digitalinsights/test.txt
 }
 
 assign_policies() {
@@ -100,4 +103,5 @@ assign_policies() {
   mc admin policy set minio bucketwriteprefixonlypolicy-$TIMESTAMP user=bucketwriteprefixonlypolicy-$TIMESTAMP
   mc admin policy set minio inspect-allowed-$TIMESTAMP user=inspect-allowed-$TIMESTAMP
   mc admin policy set minio inspect-not-allowed-$TIMESTAMP user=inspect-not-allowed-$TIMESTAMP
+  mc admin policy set minio delete-object-with-prefix-$TIMESTAMP user=delete-object-with-prefix-$TIMESTAMP
 }

portal-ui/tests/scripts/permissions.sh

@@ -16,51 +16,54 @@ export SCRIPT_DIR
 source "${SCRIPT_DIR}/common.sh"
 
 remove_users() {
-  mc admin user remove minio bucketassignpolicy-$TIMESTAMP
-  mc admin user remove minio bucketread-$TIMESTAMP
-  mc admin user remove minio bucketwrite-$TIMESTAMP
-  mc admin user remove minio dashboard-$TIMESTAMP
-  mc admin user remove minio diagnostics-$TIMESTAMP
-  mc admin user remove minio groups-$TIMESTAMP
-  mc admin user remove minio heal-$TIMESTAMP
-  mc admin user remove minio iampolicies-$TIMESTAMP
-  mc admin user remove minio logs-$TIMESTAMP
-  mc admin user remove minio notificationendpoints-$TIMESTAMP
-  mc admin user remove minio settings-$TIMESTAMP
-  mc admin user remove minio tiers-$TIMESTAMP
-  mc admin user remove minio trace-$TIMESTAMP
-  mc admin user remove minio users-$TIMESTAMP
-  mc admin user remove minio watch-$TIMESTAMP
-  mc admin user remove minio bucketwriteprefixonlypolicy-$TIMESTAMP
-  mc admin user remove minio inspect-allowed-$TIMESTAMP
-  mc admin user remove minio inspect-not-allowed-$TIMESTAMP
-  mc admin user remove minio prefix-policy-ui-crash-$TIMESTAMP
+  mc admin user remove minio bucketassignpolicy-"$TIMESTAMP"
+  mc admin user remove minio bucketread-"$TIMESTAMP"
+  mc admin user remove minio bucketwrite-"$TIMESTAMP"
+  mc admin user remove minio dashboard-"$TIMESTAMP"
+  mc admin user remove minio diagnostics-"$TIMESTAMP"
+  mc admin user remove minio groups-"$TIMESTAMP"
+  mc admin user remove minio heal-"$TIMESTAMP"
+  mc admin user remove minio iampolicies-"$TIMESTAMP"
+  mc admin user remove minio logs-"$TIMESTAMP"
+  mc admin user remove minio notificationendpoints-"$TIMESTAMP"
+  mc admin user remove minio settings-"$TIMESTAMP"
+  mc admin user remove minio tiers-"$TIMESTAMP"
+  mc admin user remove minio trace-"$TIMESTAMP"
+  mc admin user remove minio users-"$TIMESTAMP"
+  mc admin user remove minio watch-"$TIMESTAMP"
+  mc admin user remove minio bucketwriteprefixonlypolicy-"$TIMESTAMP"
+  mc admin user remove minio inspect-allowed-"$TIMESTAMP"
+  mc admin user remove minio inspect-not-allowed-"$TIMESTAMP"
+  mc admin user remove minio prefix-policy-ui-crash-"$TIMESTAMP"
+  mc admin user remove minio delete-object-with-prefix-"$TIMESTAMP"
 }
 
 remove_policies() {
-  mc admin policy remove minio bucketassignpolicy-$TIMESTAMP
-  mc admin policy remove minio bucketread-$TIMESTAMP
-  mc admin policy remove minio bucketwrite-$TIMESTAMP
-  mc admin policy remove minio dashboard-$TIMESTAMP
-  mc admin policy remove minio diagnostics-$TIMESTAMP
-  mc admin policy remove minio groups-$TIMESTAMP
-  mc admin policy remove minio heal-$TIMESTAMP
-  mc admin policy remove minio iampolicies-$TIMESTAMP
-  mc admin policy remove minio logs-$TIMESTAMP
-  mc admin policy remove minio notificationendpoints-$TIMESTAMP
-  mc admin policy remove minio settings-$TIMESTAMP
-  mc admin policy remove minio tiers-$TIMESTAMP
-  mc admin policy remove minio trace-$TIMESTAMP
-  mc admin policy remove minio users-$TIMESTAMP
-  mc admin policy remove minio watch-$TIMESTAMP
-  mc admin policy remove minio bucketwriteprefixonlypolicy-$TIMESTAMP
-  mc admin policy remove minio inspect-allowed-$TIMESTAMP
-  mc admin policy remove minio inspect-not-allowed-$TIMESTAMP
-  mc admin policy remove minio fix-prefix-policy-ui-crash-$TIMESTAMP
+  mc admin policy remove minio bucketassignpolicy-"$TIMESTAMP"
+  mc admin policy remove minio bucketread-"$TIMESTAMP"
+  mc admin policy remove minio bucketwrite-"$TIMESTAMP"
+  mc admin policy remove minio dashboard-"$TIMESTAMP"
+  mc admin policy remove minio diagnostics-"$TIMESTAMP"
+  mc admin policy remove minio groups-"$TIMESTAMP"
+  mc admin policy remove minio heal-"$TIMESTAMP"
+  mc admin policy remove minio iampolicies-"$TIMESTAMP"
+  mc admin policy remove minio logs-"$TIMESTAMP"
+  mc admin policy remove minio notificationendpoints-"$TIMESTAMP"
+  mc admin policy remove minio settings-"$TIMESTAMP"
+  mc admin policy remove minio tiers-"$TIMESTAMP"
+  mc admin policy remove minio trace-"$TIMESTAMP"
+  mc admin policy remove minio users-"$TIMESTAMP"
+  mc admin policy remove minio watch-"$TIMESTAMP"
+  mc admin policy remove minio bucketwriteprefixonlypolicy-"$TIMESTAMP"
+  mc admin policy remove minio inspect-allowed-"$TIMESTAMP"
+  mc admin policy remove minio inspect-not-allowed-"$TIMESTAMP"
+  mc admin policy remove minio fix-prefix-policy-ui-crash-"$TIMESTAMP"
+  mc admin policy remove minio delete-object-with-prefix-"$TIMESTAMP"
 }
 
 remove_buckets() {
   mc rm minio/testcafe/write/test.txt && mc rm minio/testcafe
+  mc rm minio/test/test.txt && mc rm minio/test/digitalinsights/xref_cust_guid_actd-v1.txt && mc rm minio/test/digitalinsights/test.txt && mc rm minio/test
 }
 
 cleanup() {
@@ -70,8 +73,8 @@ cleanup() {
 }
 
 __init__() {
-  export TIMESTAMP=$(date "+%s")
-  echo $TIMESTAMP > portal-ui/tests/constants/timestamp.txt
+  TIMESTAMP=$(date "+%s")
+  echo "$TIMESTAMP" > portal-ui/tests/constants/timestamp.txt
   export GOPATH=/tmp/gopath
   export PATH=${PATH}:${GOPATH}/bin