GetPolicy - Returns policy of given bucket name, prefix in given statements.
(statements []Statement, bucketName, prefix string)
| 552 | |
| 553 | // GetPolicy - Returns policy of given bucket name, prefix in given statements. |
| 554 | func GetPolicy(statements []Statement, bucketName, prefix string) BucketPolicy { |
| 555 | bucketResource := awsResourcePrefix + bucketName |
| 556 | objectResource := awsResourcePrefix + bucketName + "/" + prefix + "*" |
| 557 | |
| 558 | bucketCommonFound := false |
| 559 | bucketReadOnly := false |
| 560 | bucketWriteOnly := false |
| 561 | matchedResource := "" |
| 562 | objReadOnly := false |
| 563 | objWriteOnly := false |
| 564 | |
| 565 | for _, s := range statements { |
| 566 | matchedObjResources := set.NewStringSet() |
| 567 | if s.Resources.Contains(objectResource) { |
| 568 | matchedObjResources.Add(objectResource) |
| 569 | } else { |
| 570 | matchedObjResources = s.Resources.FuncMatch(resourceMatch, objectResource) |
| 571 | } |
| 572 | if !matchedObjResources.IsEmpty() { |
| 573 | readOnly, writeOnly := getObjectPolicy(s) |
| 574 | for resource := range matchedObjResources { |
| 575 | if len(matchedResource) < len(resource) { |
| 576 | objReadOnly = readOnly |
| 577 | objWriteOnly = writeOnly |
| 578 | matchedResource = resource |
| 579 | } else if len(matchedResource) == len(resource) { |
| 580 | objReadOnly = objReadOnly || readOnly |
| 581 | objWriteOnly = objWriteOnly || writeOnly |
| 582 | matchedResource = resource |
| 583 | } |
| 584 | } |
| 585 | } |
| 586 | if s.Resources.Contains(bucketResource) { |
| 587 | commonFound, readOnly, writeOnly := getBucketPolicy(s, prefix) |
| 588 | bucketCommonFound = bucketCommonFound || commonFound |
| 589 | bucketReadOnly = bucketReadOnly || readOnly |
| 590 | bucketWriteOnly = bucketWriteOnly || writeOnly |
| 591 | } |
| 592 | } |
| 593 | |
| 594 | policy := BucketPolicyNone |
| 595 | if bucketCommonFound { |
| 596 | if bucketReadOnly && bucketWriteOnly && objReadOnly && objWriteOnly { |
| 597 | policy = BucketPolicyReadWrite |
| 598 | } else if bucketReadOnly && objReadOnly { |
| 599 | policy = BucketPolicyReadOnly |
| 600 | } else if bucketWriteOnly && objWriteOnly { |
| 601 | policy = BucketPolicyWriteOnly |
| 602 | } |
| 603 | } |
| 604 | |
| 605 | return policy |
| 606 | } |
| 607 | |
| 608 | // GetPolicies - returns a map of policies of given bucket name, prefix in given statements. |
| 609 | func GetPolicies(statements []Statement, bucketName, prefix string) map[string]BucketPolicy { |