Add support for matching multiple resources in SecureComponent (#1536)

Alevsk · web-flow · commit 302c0dd8f10f · 2022-02-09T17:52:17.000-08:00
Signed-off-by: Lenin Alevski &lt;alevsk.8772@gmail.com&gt;
diff --git a/portal-ui/src/common/SecureComponent/SecureComponent.tsx b/portal-ui/src/common/SecureComponent/SecureComponent.tsx
@@ -19,7 +19,7 @@ import { store } from "../../store";
 import { hasAccessToResource } from "./permissions";
 
 export const hasPermission = (
-  resource: string | undefined,
+  resource: string | string[] | undefined,
   scopes: string[],
   matchAll?: boolean,
   containsResource?: boolean
@@ -29,17 +29,31 @@ export const hasPermission = (
   }
   const state = store.getState();
   const sessionGrants = state.console.session.permissions || {};
-  const resourceGrants =
-    sessionGrants[resource] ||
-    sessionGrants[`arn:aws:s3:::${resource}/*`] ||
-    [];
+
   const globalGrants = sessionGrants["arn:aws:s3:::*"] || [];
+  let resources: string[] = [];
+  let resourceGrants: string[] = [];
   let containsResourceGrants: string[] = [];
-  if (containsResource) {
-    const matchResource = `arn:aws:s3:::${resource}`;
-    for (const [key, value] of Object.entries(sessionGrants)) {
-      if (key.includes(matchResource)) {
-        containsResourceGrants = containsResourceGrants.concat(value);
+
+  if (Array.isArray(resource)) {
+    resources = resources.concat(resource);
+  } else {
+    resources.push(resource);
+  }
+  for (let i = 0; i < resources.length; i++) {
+    if (resources[i]) {
+      resourceGrants = resourceGrants.concat(
+        sessionGrants[resources[i]] ||
+          sessionGrants[`arn:aws:s3:::${resources[i]}/*`] ||
+          []
+      );
+      if (containsResource) {
+        const matchResource = `arn:aws:s3:::${resources[i]}`;
+        for (const [key, value] of Object.entries(sessionGrants)) {
+          if (key.includes(matchResource)) {
+            containsResourceGrants = containsResourceGrants.concat(value);
+          }
+        }
       }
     }
   }
@@ -56,7 +70,7 @@ interface ISecureComponentProps {
   matchAll?: boolean;
   children: any;
   scopes: string[];
-  resource: string;
+  resource: string | string[];
   containsResource?: boolean;
 }
 
diff --git a/portal-ui/src/screens/Console/Buckets/ListBuckets/ListBuckets.tsx b/portal-ui/src/screens/Console/Buckets/ListBuckets/ListBuckets.tsx
@@ -176,7 +176,6 @@ const ListBuckets = ({
 
   const renderItemLine = (index: number) => {
     const bucket = filteredRecords[index] || null;
-
     if (bucket) {
       return (
         <BucketListItem
@@ -188,10 +187,12 @@ const ListBuckets = ({
         />
       );
     }
-
     return null;
   };
 
+  const createBucketButtonResources: string[] =
+    Array.from(Object.keys(session.permissions)) || [];
+
   return (
     <Fragment>
       {deleteOpen && (
@@ -263,7 +264,7 @@ const ListBuckets = ({
 
             <SecureComponent
               scopes={[IAM_SCOPES.S3_CREATE_BUCKET]}
-              resource={CONSOLE_UI_RESOURCE}
+              resource={createBucketButtonResources}
               errorProps={{ disabled: true }}
             >
               <RBIconButton
diff --git a/portal-ui/src/screens/Console/Console.tsx b/portal-ui/src/screens/Console/Console.tsx
@@ -218,6 +218,14 @@ const Console = ({
     {
       component: Buckets,
       path: IAM_PAGES.ADD_BUCKETS,
+      customPermissionFnc: () => {
+        const createBucketResources: string[] =
+          Array.from(Object.keys(session.permissions)) || [];
+        return hasPermission(
+          createBucketResources,
+          IAM_PAGES_PERMISSIONS[IAM_PAGES.ADD_BUCKETS]
+        );
+      },
     },
     {
       component: Buckets,
