gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

admin ui adds object lock permissions

Browse Source
This commit is contained in:
chrislu
2025-07-13 20:29:25 -07:00
parent 7cb1ca1308
commit e7dfc3552c
4 changed files with 98 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
weed/admin/view/app/object_store_users.templ
View File

@@ -205,12 +205,21 @@ templ ObjectStoreUsers(data dash.ObjectStoreUsersData) {
</div> </div>
<div class="mb-3"> <div class="mb-3">
<label for="actions" class="form-label">Permissions</label> <label for="actions" class="form-label">Permissions</label>
<select multiple class="form-control" id="actions" name="actions"> <select multiple class="form-control" id="actions" name="actions" size="10">
<option value="Admin">Admin (Full Access)</option> <option value="Admin">Admin (Full Access)</option>
<option value="Read">Read</option> <option value="Read">Read</option>
<option value="Write">Write</option> <option value="Write">Write</option>
<option value="List">List</option> <option value="List">List</option>
<option value="Tagging">Tagging</option> <option value="Tagging">Tagging</option>
<optgroup label="Object Lock Permissions">
<option value="BypassGovernanceRetention">Bypass Governance Retention</option>
<option value="GetObjectRetention">Get Object Retention</option>
<option value="PutObjectRetention">Put Object Retention</option>
<option value="GetObjectLegalHold">Get Object Legal Hold</option>
<option value="PutObjectLegalHold">Put Object Legal Hold</option>
<option value="GetBucketObjectLockConfiguration">Get Bucket Object Lock Configuration</option>
<option value="PutBucketObjectLockConfiguration">Put Bucket Object Lock Configuration</option>
</optgroup>
</select> </select>
<small class="form-text text-muted">Hold Ctrl/Cmd to select multiple permissions</small> <small class="form-text text-muted">Hold Ctrl/Cmd to select multiple permissions</small>
</div> </div>
@@ -249,12 +258,21 @@ templ ObjectStoreUsers(data dash.ObjectStoreUsersData) {
</div> </div>
<div class="mb-3"> <div class="mb-3">
<label for="editActions" class="form-label">Permissions</label> <label for="editActions" class="form-label">Permissions</label>
<select multiple class="form-control" id="editActions" name="actions"> <select multiple class="form-control" id="editActions" name="actions" size="10">
<option value="Admin">Admin (Full Access)</option> <option value="Admin">Admin (Full Access)</option>
<option value="Read">Read</option> <option value="Read">Read</option>
<option value="Write">Write</option> <option value="Write">Write</option>
<option value="List">List</option> <option value="List">List</option>
<option value="Tagging">Tagging</option> <option value="Tagging">Tagging</option>
<optgroup label="Object Lock Permissions">
<option value="BypassGovernanceRetention">Bypass Governance Retention</option>
<option value="GetObjectRetention">Get Object Retention</option>
<option value="PutObjectRetention">Put Object Retention</option>
<option value="GetObjectLegalHold">Get Object Legal Hold</option>
<option value="PutObjectLegalHold">Put Object Legal Hold</option>
<option value="GetBucketObjectLockConfiguration">Get Bucket Object Lock Configuration</option>
<option value="PutBucketObjectLockConfiguration">Put Bucket Object Lock Configuration</option>
</optgroup>
</select> </select>
</div> </div>
</form> </form>

2
weed/admin/view/app/object_store_users_templ.go
View File

File diff suppressed because one or more lines are too long

62
weed/s3api/policy_engine/integration.go
View File

@@ -213,6 +213,50 @@ func convertSingleAction(action, bucketName string) (*PolicyStatement, error) {
resources = []string{fmt.Sprintf("arn:aws:s3:::%s/*", resourcePattern)} resources = []string{fmt.Sprintf("arn:aws:s3:::%s/*", resourcePattern)}
} }
case "GetObjectRetention":
s3Actions = []string{"s3:GetObjectRetention"}
if strings.HasSuffix(resourcePattern, "/*") {
bucket := strings.TrimSuffix(resourcePattern, "/*")
resources = []string{fmt.Sprintf("arn:aws:s3:::%s/*", bucket)}
} else {
resources = []string{fmt.Sprintf("arn:aws:s3:::%s/*", resourcePattern)}
}
case "PutObjectRetention":
s3Actions = []string{"s3:PutObjectRetention"}
if strings.HasSuffix(resourcePattern, "/*") {
bucket := strings.TrimSuffix(resourcePattern, "/*")
resources = []string{fmt.Sprintf("arn:aws:s3:::%s/*", bucket)}
} else {
resources = []string{fmt.Sprintf("arn:aws:s3:::%s/*", resourcePattern)}
}
case "GetObjectLegalHold":
s3Actions = []string{"s3:GetObjectLegalHold"}
if strings.HasSuffix(resourcePattern, "/*") {
bucket := strings.TrimSuffix(resourcePattern, "/*")
resources = []string{fmt.Sprintf("arn:aws:s3:::%s/*", bucket)}
} else {
resources = []string{fmt.Sprintf("arn:aws:s3:::%s/*", resourcePattern)}
}
case "PutObjectLegalHold":
s3Actions = []string{"s3:PutObjectLegalHold"}
if strings.HasSuffix(resourcePattern, "/*") {
bucket := strings.TrimSuffix(resourcePattern, "/*")
resources = []string{fmt.Sprintf("arn:aws:s3:::%s/*", bucket)}
} else {
resources = []string{fmt.Sprintf("arn:aws:s3:::%s/*", resourcePattern)}
}
case "GetBucketObjectLockConfiguration":
s3Actions = []string{"s3:GetBucketObjectLockConfiguration"}
resources = []string{fmt.Sprintf("arn:aws:s3:::%s", resourcePattern)}
case "PutBucketObjectLockConfiguration":
s3Actions = []string{"s3:PutBucketObjectLockConfiguration"}
resources = []string{fmt.Sprintf("arn:aws:s3:::%s", resourcePattern)}
default: default:
return nil, fmt.Errorf("unknown action type: %s", actionType) return nil, fmt.Errorf("unknown action type: %s", actionType)
} }
@@ -280,6 +324,24 @@ func GetActionMappings() map[string][]string {
"BypassGovernanceRetention": { "BypassGovernanceRetention": {
"s3:BypassGovernanceRetention", "s3:BypassGovernanceRetention",
}, },
"GetObjectRetention": {
"s3:GetObjectRetention",
},
"PutObjectRetention": {
"s3:PutObjectRetention",
},
"GetObjectLegalHold": {
"s3:GetObjectLegalHold",
},
"PutObjectLegalHold": {
"s3:PutObjectLegalHold",
},
"GetBucketObjectLockConfiguration": {
"s3:GetBucketObjectLockConfiguration",
},
"PutBucketObjectLockConfiguration": {
"s3:PutBucketObjectLockConfiguration",
},
} }
} }

24
weed/s3api/s3_constants/s3_actions.go
View File

@@ -1,15 +1,21 @@
package s3_constants package s3_constants
const ( const (
ACTION_READ = "Read" ACTION_READ = "Read"
ACTION_READ_ACP = "ReadAcp" ACTION_READ_ACP = "ReadAcp"
ACTION_WRITE = "Write" ACTION_WRITE = "Write"
ACTION_WRITE_ACP = "WriteAcp" ACTION_WRITE_ACP = "WriteAcp"
ACTION_ADMIN = "Admin" ACTION_ADMIN = "Admin"
ACTION_TAGGING = "Tagging" ACTION_TAGGING = "Tagging"
ACTION_LIST = "List" ACTION_LIST = "List"
ACTION_DELETE_BUCKET = "DeleteBucket" ACTION_DELETE_BUCKET = "DeleteBucket"
ACTION_BYPASS_GOVERNANCE_RETENTION = "BypassGovernanceRetention" ACTION_BYPASS_GOVERNANCE_RETENTION = "BypassGovernanceRetention"
ACTION_GET_OBJECT_RETENTION = "GetObjectRetention"
ACTION_PUT_OBJECT_RETENTION = "PutObjectRetention"
ACTION_GET_OBJECT_LEGAL_HOLD = "GetObjectLegalHold"
ACTION_PUT_OBJECT_LEGAL_HOLD = "PutObjectLegalHold"
ACTION_GET_BUCKET_OBJECT_LOCK_CONFIG = "GetBucketObjectLockConfiguration"
ACTION_PUT_BUCKET_OBJECT_LOCK_CONFIG = "PutBucketObjectLockConfiguration"
SeaweedStorageDestinationHeader = "x-seaweedfs-destination" SeaweedStorageDestinationHeader = "x-seaweedfs-destination"
MultipartUploadsFolder = ".uploads" MultipartUploadsFolder = ".uploads"