MCPcopy
hub / github.com/minio/minio-go / getBucketPolicy

Function getBucketPolicy

pkg/policy/bucket-policy.go:485–535  ·  view source on GitHub ↗

Returns policy of given bucket statement.

(statement Statement, prefix string)

Source from the content-addressed store, hash-verified

483
484// Returns policy of given bucket statement.
485func getBucketPolicy(statement Statement, prefix string) (commonFound, readOnly, writeOnly bool) {
486 if statement.Effect != "Allow" || !statement.Principal.AWS.Contains("*") {
487 return commonFound, readOnly, writeOnly
488 }
489
490 if statement.Actions.Intersection(commonBucketActions).Equals(commonBucketActions) &&
491 statement.Conditions == nil {
492 commonFound = true
493 }
494
495 if statement.Actions.Intersection(writeOnlyBucketActions).Equals(writeOnlyBucketActions) &&
496 statement.Conditions == nil {
497 writeOnly = true
498 }
499
500 if statement.Actions.Intersection(readOnlyBucketActions).Equals(readOnlyBucketActions) {
501 if prefix != "" && statement.Conditions != nil {
502 if stringEqualsValue, ok := statement.Conditions["StringEquals"]; ok {
503 if s3PrefixValues, ok := stringEqualsValue["s3:prefix"]; ok {
504 if s3PrefixValues.Contains(prefix) {
505 readOnly = true
506 }
507 }
508 } else if stringNotEqualsValue, ok := statement.Conditions["StringNotEquals"]; ok {
509 if s3PrefixValues, ok := stringNotEqualsValue["s3:prefix"]; ok {
510 if !s3PrefixValues.Contains(prefix) {
511 readOnly = true
512 }
513 }
514 } else if stringLikeValue, ok := statement.Conditions["StringLike"]; ok {
515 if s3PrefixValues, ok := stringLikeValue["s3:prefix"]; ok {
516 if s3PrefixValues.Contains(prefix + "*") {
517 readOnly = true
518 }
519 }
520 } else if stringNotLikeValue, ok := statement.Conditions["StringNotLike"]; ok {
521 if s3PrefixValues, ok := stringNotLikeValue["s3:prefix"]; ok {
522 if !s3PrefixValues.Contains(prefix + "*") {
523 readOnly = true
524 }
525 }
526 }
527 } else if prefix == "" && statement.Conditions == nil {
528 readOnly = true
529 } else if prefix != "" && statement.Conditions == nil {
530 readOnly = true
531 }
532 }
533
534 return commonFound, readOnly, writeOnly
535}
536
537// Returns policy of given object statement.
538func getObjectPolicy(statement Statement) (readOnly, writeOnly bool) {

Callers 2

GetPolicyFunction · 0.85
TestGetBucketPolicyFunction · 0.85

Calls 3

ContainsMethod · 0.45
EqualsMethod · 0.45
IntersectionMethod · 0.45

Tested by 1

TestGetBucketPolicyFunction · 0.68