// SetBucketPolicy set the access permissions on an existing bucket. // // For example // // none - owner gets full access [default]. // readonly - anonymous get access for everyone at a given object prefix. // readwrite - anonymous list/put/delete access to a given object prefix. // writeonly - anonymous put/delete access to a given object prefix. func (c Client) SetBucketPolicy(bucketName string, objectPrefix string, bucketPolicy policy.BucketPolicy) error { // Input validation. if err := isValidBucketName(bucketName); err != nil { return err } if err := isValidObjectPrefix(objectPrefix); err != nil { return err } if !bucketPolicy.IsValidBucketPolicy() { return ErrInvalidArgument(fmt.Sprintf("Invalid bucket policy provided. %s", bucketPolicy)) } policyInfo, err := c.getBucketPolicy(bucketName, objectPrefix) if err != nil { return err } if bucketPolicy == policy.BucketPolicyNone && policyInfo.Statements == nil { // As the request is for removing policy and the bucket // has empty policy statements, just return success. return nil } policyInfo.Statements = policy.SetPolicy(policyInfo.Statements, bucketPolicy, bucketName, objectPrefix) // Save the updated policies. return c.putBucketPolicy(bucketName, policyInfo) }
// SetBucketPolicy - set bucket policy. func (web *webAPIHandlers) SetBucketPolicy(r *http.Request, args *SetBucketPolicyArgs, reply *WebGenericRep) error { if !isJWTReqAuthenticated(r) { return &json2.Error{Message: "Unauthorized request"} } bucketPolicy := policy.BucketPolicy(args.Policy) if !bucketPolicy.IsValidBucketPolicy() { return &json2.Error{Message: "Invalid policy " + args.Policy} } objectAPI := web.ObjectAPI() if objectAPI == nil { return &json2.Error{Message: "Server not initialized"} } policyInfo, err := readBucketAccessPolicy(objectAPI, args.BucketName) if err != nil { return &json2.Error{Message: err.Error()} } policyInfo.Statements = policy.SetPolicy(policyInfo.Statements, bucketPolicy, args.BucketName, args.Prefix) data, err := json.Marshal(policyInfo) if err != nil { return &json2.Error{Message: err.Error()} } // TODO: update policy statements according to bucket name, prefix and policy arguments. if err := writeBucketPolicy(args.BucketName, objectAPI, bytes.NewReader(data), int64(len(data))); err != nil { return &json2.Error{Message: err.Error()} } reply.UIVersion = miniobrowser.UIVersion return nil }
// SetBucketPolicy - set bucket policy. func (web *webAPIHandlers) SetBucketPolicy(r *http.Request, args *SetBucketPolicyArgs, reply *WebGenericRep) error { objectAPI := web.ObjectAPI() if objectAPI == nil { return toJSONError(errServerNotInitialized) } if !isJWTReqAuthenticated(r) { return toJSONError(errAuthentication) } bucketP := policy.BucketPolicy(args.Policy) if !bucketP.IsValidBucketPolicy() { return &json2.Error{ Message: "Invalid policy type " + args.Policy, } } policyInfo, err := readBucketAccessPolicy(objectAPI, args.BucketName) if err != nil { return toJSONError(err, args.BucketName) } policyInfo.Statements = policy.SetPolicy(policyInfo.Statements, bucketP, args.BucketName, args.Prefix) if len(policyInfo.Statements) == 0 { err = persistAndNotifyBucketPolicyChange(args.BucketName, policyChange{true, nil}, objectAPI) if err != nil { return toJSONError(err, args.BucketName) } reply.UIVersion = miniobrowser.UIVersion return nil } data, err := json.Marshal(policyInfo) if err != nil { return toJSONError(err) } // Parse validate and save bucket policy. if s3Error := parseAndPersistBucketPolicy(args.BucketName, data, objectAPI); s3Error != ErrNone { apiErr := getAPIError(s3Error) var err error if apiErr.Code == "XMinioPolicyNesting" { err = PolicyNesting{} } else { err = errors.New(apiErr.Description) } return toJSONError(err, args.BucketName) } reply.UIVersion = miniobrowser.UIVersion return nil }
// SetBucketPolicy - set bucket policy. func (web *webAPIHandlers) SetBucketPolicy(r *http.Request, args *SetBucketPolicyArgs, reply *WebGenericRep) error { objectAPI := web.ObjectAPI() if objectAPI == nil { return toJSONError(errServerNotInitialized) } if !isJWTReqAuthenticated(r) { return toJSONError(errAuthentication) } bucketP := policy.BucketPolicy(args.Policy) if !bucketP.IsValidBucketPolicy() { return &json2.Error{ Message: "Invalid policy type " + args.Policy, } } policyInfo, err := readBucketAccessPolicy(objectAPI, args.BucketName) if err != nil { return toJSONError(err, args.BucketName) } policyInfo.Statements = policy.SetPolicy(policyInfo.Statements, bucketP, args.BucketName, args.Prefix) if len(policyInfo.Statements) == 0 { err = persistAndNotifyBucketPolicyChange(args.BucketName, policyChange{true, nil}, objectAPI) if err != nil { return toJSONError(err, args.BucketName) } reply.UIVersion = miniobrowser.UIVersion return nil } data, err := json.Marshal(policyInfo) if err != nil { return toJSONError(err) } // Parse bucket policy. var policy = &bucketPolicy{} err = parseBucketPolicy(bytes.NewReader(data), policy) if err != nil { errorIf(err, "Unable to parse bucket policy.") return toJSONError(err, args.BucketName) } // Parse check bucket policy. if s3Error := checkBucketPolicyResources(args.BucketName, policy); s3Error != ErrNone { apiErr := getAPIError(s3Error) var err error if apiErr.Code == "XMinioPolicyNesting" { err = PolicyNesting{} } else { err = errors.New(apiErr.Description) } return toJSONError(err, args.BucketName) } // TODO: update policy statements according to bucket name, // prefix and policy arguments. if err := persistAndNotifyBucketPolicyChange(args.BucketName, policyChange{false, policy}, objectAPI); err != nil { return toJSONError(err, args.BucketName) } reply.UIVersion = miniobrowser.UIVersion return nil }