Allow console to recognize s3.Delete* (#3507)

Author: allanrogerr

Makefile

@@ -64,7 +64,7 @@ swagger-console:
 
 assets:
 	@(if [ -f "${NVM_DIR}/nvm.sh" ]; then \. "${NVM_DIR}/nvm.sh" && nvm install && nvm use && npm install -g yarn ; fi &&\
-	  cd web-app; corepack enable; yarn install --prefer-offline; make build-static; yarn prettier --write . --loglevel warn; cd ..)
+	  cd web-app; corepack enable; yarn install --prefer-offline; make build-static; yarn prettier --write . --log-level warn; cd ..)
 
 test-integration:
 	@(docker stop pgsqlcontainer || true)

web-app/package.json

@@ -96,7 +96,8 @@
     "semver": "^7.5.2",
     "ws": "^8.17.1",
     "rollup": "^4.24.0",
-    "cookie": "^0.7.2"
+    "cookie": "^0.7.2",
+    "jspdf": "^3.0.0"
   },
   "main": "index.js",
   "packageManager": "yarn@4.4.0"

web-app/src/common/SecureComponent/__tests__/accessControl.test.ts

@@ -176,7 +176,7 @@ test("Can delete an object inside a bucket prefix", () => {
         "xref_cust_guid_actd-v1.jpg",
         "test/digitalinsights/xref_cust_guid_actd-v1.jpg",
       ],
-      [IAM_SCOPES.S3_DELETE_OBJECT],
+      [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
     ),
   ).toBe(true);
 });
@@ -186,7 +186,7 @@ test("Can't delete an object inside a bucket prefix", () => {
   expect(
     hasPermission(
       ["xref_cust_guid_actd-v1.jpg", "test/xref_cust_guid_actd-v1.jpg"],
-      [IAM_SCOPES.S3_DELETE_OBJECT],
+      [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
     ),
   ).toBe(false);
 });

web-app/src/common/SecureComponent/permissions.ts

@@ -30,6 +30,7 @@ export const IAM_SCOPES = {
   S3_PUT_OBJECT: "s3:PutObject",
   S3_GET_ACTIONS: "s3:Get*",
   S3_PUT_ACTIONS: "s3:Put*",
+  S3_DELETE_ACTIONS: "s3:Delete*",
   S3_GET_OBJECT_LEGAL_HOLD: "s3:GetObjectLegalHold",
   S3_PUT_OBJECT_LEGAL_HOLD: "s3:PutObjectLegalHold",
   S3_DELETE_OBJECT: "s3:DeleteObject",
@@ -197,6 +198,7 @@ export const IAM_PERMISSIONS = {
     IAM_SCOPES.S3_PUT_OBJECT,
     IAM_SCOPES.S3_PUT_ACTIONS,
     IAM_SCOPES.S3_DELETE_OBJECT,
+    IAM_SCOPES.S3_DELETE_ACTIONS,
   ],
   [IAM_ROLES.BUCKET_VIEWER]: [
     IAM_SCOPES.S3_LIST_BUCKET,

web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx

@@ -278,7 +278,7 @@ const ListObjects = () => {
   ]);
   const canDelete = hasPermission(
     [pathAsResourceInPolicy, ...sessionGrantWildCards],
-    [IAM_SCOPES.S3_DELETE_OBJECT],
+    [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
   );
   const canUpload =
     hasPermission(
@@ -912,7 +912,7 @@ const ListObjects = () => {
       tooltip: canDelete
         ? "Delete Selected Files"
         : permissionTooltipHelper(
-            [IAM_SCOPES.S3_DELETE_OBJECT],
+            [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
             "delete objects in this bucket",
           ),
     },

web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx

@@ -352,7 +352,7 @@ const ObjectDetailPanel = ({
   ]);
   const canDelete = hasPermission(
     [bucketName, currentItem, [bucketName, actualInfo.name].join("/")],
-    [IAM_SCOPES.S3_DELETE_OBJECT],
+    [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
   );
 
   let objectType: AllowedPreviews = previewObjectType(metaData, currentItem);
@@ -649,7 +649,7 @@ const ObjectDetailPanel = ({
               canDelete
                 ? ""
                 : permissionTooltipHelper(
-                    [IAM_SCOPES.S3_DELETE_OBJECT],
+                    [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
                     "delete this object",
                   )
             }
@@ -665,7 +665,10 @@ const ObjectDetailPanel = ({
                   currentItem,
                   [bucketName, actualInfo.name].join("/"),
                 ]}
-                scopes={[IAM_SCOPES.S3_DELETE_OBJECT]}
+                scopes={[
+                  IAM_SCOPES.S3_DELETE_OBJECT,
+                  IAM_SCOPES.S3_DELETE_ACTIONS,
+                ]}
                 errorProps={{ disabled: true }}
               >
                 <Button

web-app/src/screens/Console/Buckets/ListBuckets/Objects/ObjectDetails/TagsModal.tsx

@@ -232,7 +232,10 @@ const AddTagModal = ({
                         return (
                           <SecureComponent
                             key={`chip-${index}`}
-                            scopes={[IAM_SCOPES.S3_DELETE_OBJECT_TAGGING]}
+                            scopes={[
+                              IAM_SCOPES.S3_DELETE_OBJECT_TAGGING,
+                              IAM_SCOPES.S3_DELETE_ACTIONS,
+                            ]}
                             resource={bucketName}
                             errorProps={{
                               deleteIcon: null,

web-app/yarn.lock

@@ -1655,6 +1655,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@babel/runtime@npm:^7.26.0":
+  version: 7.26.9
+  resolution: "@babel/runtime@npm:7.26.9"
+  dependencies:
+    regenerator-runtime: "npm:^0.14.0"
+  checksum: 10c0/e8517131110a6ec3a7360881438b85060e49824e007f4a64b5dfa9192cf2bb5c01e84bfc109f02d822c7edb0db926928dd6b991e3ee460b483fb0fac43152d9b
+  languageName: node
+  linkType: hard
+
 "@babel/template@npm:^7.25.9, @babel/template@npm:^7.3.3":
   version: 7.25.9
   resolution: "@babel/template@npm:7.25.9"
@@ -3839,7 +3848,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@types/trusted-types@npm:^2.0.2":
+"@types/trusted-types@npm:^2.0.2, @types/trusted-types@npm:^2.0.7":
   version: 2.0.7
   resolution: "@types/trusted-types@npm:2.0.7"
   checksum: 10c0/4c4855f10de7c6c135e0d32ce462419d8abbbc33713b31d294596c0cc34ae1fa6112a2f9da729c8f7a20707782b0d69da3b1f8df6645b0366d08825ca1522e0c
@@ -7142,10 +7151,15 @@ __metadata:
   languageName: node
   linkType: hard
 
-"dompurify@npm:^2.5.4":
-  version: 2.5.7
-  resolution: "dompurify@npm:2.5.7"
-  checksum: 10c0/23c4f737182fcf3e731e458c3930ef4d2916191e4180e1e345f153124dfa7ec117d2810af1754e8854c581131fc75dac914a8391183d1511852ef32b4055f711
+"dompurify@npm:^3.2.4":
+  version: 3.2.4
+  resolution: "dompurify@npm:3.2.4"
+  dependencies:
+    "@types/trusted-types": "npm:^2.0.7"
+  dependenciesMeta:
+    "@types/trusted-types":
+      optional: true
+  checksum: 10c0/6be56810fb7ad2776155c8fc2967af5056783c030094362c7d0cf1ad13f2129cf922d8eefab528a34bdebfb98e2f44b306a983ab93aefb9d6f24c18a3d027a05
   languageName: node
   linkType: hard
 
@@ -11204,16 +11218,16 @@ __metadata:
   languageName: node
   linkType: hard
 
-"jspdf@npm:^2.3.1":
-  version: 2.5.2
-  resolution: "jspdf@npm:2.5.2"
+"jspdf@npm:^3.0.0":
+  version: 3.0.0
+  resolution: "jspdf@npm:3.0.0"
   dependencies:
-    "@babel/runtime": "npm:^7.23.2"
+    "@babel/runtime": "npm:^7.26.0"
     atob: "npm:^2.1.2"
     btoa: "npm:^1.2.1"
     canvg: "npm:^3.0.6"
     core-js: "npm:^3.6.0"
-    dompurify: "npm:^2.5.4"
+    dompurify: "npm:^3.2.4"
     fflate: "npm:^0.8.1"
     html2canvas: "npm:^1.0.0-rc.5"
   dependenciesMeta:
@@ -11225,7 +11239,7 @@ __metadata:
       optional: true
     html2canvas:
       optional: true
-  checksum: 10c0/0e715ba51fab41d7de85f76585a6a2b7d224f43e510993f17f071b608cf32f2107a66f3a04cbfb4d2e60b73dbd2a90f3092bcc70b9d30601cbc060caadc4d90a
+  checksum: 10c0/cf1422322ac72d3b38096143475cfe00549fdfc924dd4199ca6a3472138bcb9467176954b89bcc99287b42ff0278b6e67b7362709a8c1415354c4e33520c9fd6
   languageName: node
   linkType: hard