MCPcopy
hub / github.com/minio/minio-go / GetPolicy

Function GetPolicy

pkg/policy/bucket-policy.go:554–606  ·  view source on GitHub ↗

GetPolicy - Returns policy of given bucket name, prefix in given statements.

(statements []Statement, bucketName, prefix string)

Source from the content-addressed store, hash-verified

552
553// GetPolicy - Returns policy of given bucket name, prefix in given statements.
554func GetPolicy(statements []Statement, bucketName, prefix string) BucketPolicy {
555 bucketResource := awsResourcePrefix + bucketName
556 objectResource := awsResourcePrefix + bucketName + "/" + prefix + "*"
557
558 bucketCommonFound := false
559 bucketReadOnly := false
560 bucketWriteOnly := false
561 matchedResource := ""
562 objReadOnly := false
563 objWriteOnly := false
564
565 for _, s := range statements {
566 matchedObjResources := set.NewStringSet()
567 if s.Resources.Contains(objectResource) {
568 matchedObjResources.Add(objectResource)
569 } else {
570 matchedObjResources = s.Resources.FuncMatch(resourceMatch, objectResource)
571 }
572 if !matchedObjResources.IsEmpty() {
573 readOnly, writeOnly := getObjectPolicy(s)
574 for resource := range matchedObjResources {
575 if len(matchedResource) < len(resource) {
576 objReadOnly = readOnly
577 objWriteOnly = writeOnly
578 matchedResource = resource
579 } else if len(matchedResource) == len(resource) {
580 objReadOnly = objReadOnly || readOnly
581 objWriteOnly = objWriteOnly || writeOnly
582 matchedResource = resource
583 }
584 }
585 }
586 if s.Resources.Contains(bucketResource) {
587 commonFound, readOnly, writeOnly := getBucketPolicy(s, prefix)
588 bucketCommonFound = bucketCommonFound || commonFound
589 bucketReadOnly = bucketReadOnly || readOnly
590 bucketWriteOnly = bucketWriteOnly || writeOnly
591 }
592 }
593
594 policy := BucketPolicyNone
595 if bucketCommonFound {
596 if bucketReadOnly && bucketWriteOnly && objReadOnly && objWriteOnly {
597 policy = BucketPolicyReadWrite
598 } else if bucketReadOnly && objReadOnly {
599 policy = BucketPolicyReadOnly
600 } else if bucketWriteOnly && objWriteOnly {
601 policy = BucketPolicyWriteOnly
602 }
603 }
604
605 return policy
606}
607
608// GetPolicies - returns a map of policies of given bucket name, prefix in given statements.
609func GetPolicies(statements []Statement, bucketName, prefix string) map[string]BucketPolicy {

Callers 2

GetPoliciesFunction · 0.85
TestGetPolicyFunction · 0.85

Calls 7

AddMethod · 0.95
IsEmptyMethod · 0.95
NewStringSetFunction · 0.92
getObjectPolicyFunction · 0.85
getBucketPolicyFunction · 0.85
ContainsMethod · 0.45
FuncMatchMethod · 0.45

Tested by 1

TestGetPolicyFunction · 0.68