Returns policy of given bucket statement.
(statement Statement, prefix string)
| 483 | |
| 484 | // Returns policy of given bucket statement. |
| 485 | func getBucketPolicy(statement Statement, prefix string) (commonFound, readOnly, writeOnly bool) { |
| 486 | if statement.Effect != "Allow" || !statement.Principal.AWS.Contains("*") { |
| 487 | return commonFound, readOnly, writeOnly |
| 488 | } |
| 489 | |
| 490 | if statement.Actions.Intersection(commonBucketActions).Equals(commonBucketActions) && |
| 491 | statement.Conditions == nil { |
| 492 | commonFound = true |
| 493 | } |
| 494 | |
| 495 | if statement.Actions.Intersection(writeOnlyBucketActions).Equals(writeOnlyBucketActions) && |
| 496 | statement.Conditions == nil { |
| 497 | writeOnly = true |
| 498 | } |
| 499 | |
| 500 | if statement.Actions.Intersection(readOnlyBucketActions).Equals(readOnlyBucketActions) { |
| 501 | if prefix != "" && statement.Conditions != nil { |
| 502 | if stringEqualsValue, ok := statement.Conditions["StringEquals"]; ok { |
| 503 | if s3PrefixValues, ok := stringEqualsValue["s3:prefix"]; ok { |
| 504 | if s3PrefixValues.Contains(prefix) { |
| 505 | readOnly = true |
| 506 | } |
| 507 | } |
| 508 | } else if stringNotEqualsValue, ok := statement.Conditions["StringNotEquals"]; ok { |
| 509 | if s3PrefixValues, ok := stringNotEqualsValue["s3:prefix"]; ok { |
| 510 | if !s3PrefixValues.Contains(prefix) { |
| 511 | readOnly = true |
| 512 | } |
| 513 | } |
| 514 | } else if stringLikeValue, ok := statement.Conditions["StringLike"]; ok { |
| 515 | if s3PrefixValues, ok := stringLikeValue["s3:prefix"]; ok { |
| 516 | if s3PrefixValues.Contains(prefix + "*") { |
| 517 | readOnly = true |
| 518 | } |
| 519 | } |
| 520 | } else if stringNotLikeValue, ok := statement.Conditions["StringNotLike"]; ok { |
| 521 | if s3PrefixValues, ok := stringNotLikeValue["s3:prefix"]; ok { |
| 522 | if !s3PrefixValues.Contains(prefix + "*") { |
| 523 | readOnly = true |
| 524 | } |
| 525 | } |
| 526 | } |
| 527 | } else if prefix == "" && statement.Conditions == nil { |
| 528 | readOnly = true |
| 529 | } else if prefix != "" && statement.Conditions == nil { |
| 530 | readOnly = true |
| 531 | } |
| 532 | } |
| 533 | |
| 534 | return commonFound, readOnly, writeOnly |
| 535 | } |
| 536 | |
| 537 | // Returns policy of given object statement. |
| 538 | func getObjectPolicy(statement Statement) (readOnly, writeOnly bool) { |