Allow policy with "s3:*Object" to download using Console (#2396)

jinapurapu · web-flow · commit 483d25c3f3f2 · 2022-10-20T20:40:23.000-05:00
diff --git a/portal-ui/src/common/SecureComponent/permissions.ts b/portal-ui/src/common/SecureComponent/permissions.ts
@@ -26,6 +26,7 @@ export const IAM_SCOPES = {
   S3_GET_BUCKET_POLICY: "s3:GetBucketPolicy",
   S3_PUT_BUCKET_POLICY: "s3:PutBucketPolicy",
   S3_GET_OBJECT: "s3:GetObject",
+  S3_STAR_OBJECT: "s3:*Object",
   S3_PUT_OBJECT: "s3:PutObject",
   S3_GET_OBJECT_LEGAL_HOLD: "s3:GetObjectLegalHold",
   S3_PUT_OBJECT_LEGAL_HOLD: "s3:PutObjectLegalHold",
diff --git a/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx b/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx
@@ -1236,9 +1236,18 @@ const ListObjects = () => {
     uploadPath = uploadPath.concat(currentPath);
   }
 
-  const canDownload = hasPermission(bucketName, [IAM_SCOPES.S3_GET_OBJECT]);
-  const canDelete = hasPermission(bucketName, [IAM_SCOPES.S3_DELETE_OBJECT]);
-  const canUpload = hasPermission(uploadPath, [IAM_SCOPES.S3_PUT_OBJECT]);
+  const canDownload = hasPermission(bucketName, [
+    IAM_SCOPES.S3_GET_OBJECT,
+    IAM_SCOPES.S3_STAR_OBJECT,
+  ]);
+  const canDelete = hasPermission(bucketName, [
+    IAM_SCOPES.S3_DELETE_OBJECT,
+    IAM_SCOPES.S3_STAR_OBJECT,
+  ]);
+  const canUpload = hasPermission(uploadPath, [
+    IAM_SCOPES.S3_PUT_OBJECT,
+    IAM_SCOPES.S3_STAR_OBJECT,
+  ]);
 
   const onClosePanel = (forceRefresh: boolean) => {
     dispatch(setSelectedObjectView(null));
diff --git a/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx b/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
@@ -45,7 +45,6 @@ import {
   IAM_SCOPES,
   permissionTooltipHelper,
 } from "../../../../../../common/SecureComponent/permissions";
-
 import { AppState, useAppDispatch } from "../../../../../../store";
 import {
   DeleteIcon,
@@ -431,6 +430,7 @@ const ObjectDetailPanel = ({
   ]);
   const canGetObject = hasPermission(objectResources, [
     IAM_SCOPES.S3_GET_OBJECT,
+    IAM_SCOPES.S3_STAR_OBJECT,
   ]);
   const canDelete = hasPermission(
     [bucketName, currentItem, [bucketName, actualInfo.name].join("/")],
diff --git a/portal-ui/src/screens/Console/Buckets/ListBuckets/UploadFilesButton.tsx b/portal-ui/src/screens/Console/Buckets/ListBuckets/UploadFilesButton.tsx
@@ -69,10 +69,11 @@ const UploadFilesButton = ({
 
   const uploadObjectAllowed = hasPermission(uploadPath, [
     IAM_SCOPES.S3_PUT_OBJECT,
+    IAM_SCOPES.S3_STAR_OBJECT,
   ]);
   const uploadFolderAllowed = hasPermission(
     bucketName,
-    [IAM_SCOPES.S3_PUT_OBJECT],
+    [IAM_SCOPES.S3_PUT_OBJECT, IAM_SCOPES.S3_STAR_OBJECT],
     false,
     true
   );
