github.com/minio/mc@v0.0.0-20240503112107-b471de8d1882/cmd/access-perms.go

github.com/minio/mc@v0.0.0-20240503112107-b471de8d1882/cmd/access-perms.go (about)

     1  // Copyright (c) 2015-2022 MinIO, Inc.
     2  //
     3  // This file is part of MinIO Object Storage stack
     4  //
     5  // This program is free software: you can redistribute it and/or modify
     6  // it under the terms of the GNU Affero General Public License as published by
     7  // the Free Software Foundation, either version 3 of the License, or
     8  // (at your option) any later version.
     9  //
    10  // This program is distributed in the hope that it will be useful
    11  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    12  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13  // GNU Affero General Public License for more details.
    14  //
    15  // You should have received a copy of the GNU Affero General Public License
    16  // along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17  
    18  package cmd
    19  
    20  import (
    21  	"os"
    22  
    23  	json "github.com/minio/colorjson"
    24  	"github.com/minio/minio-go/v7/pkg/policy"
    25  )
    26  
    27  // isValidAccessPERM - is provided access perm string supported.
    28  func (b accessPerms) isValidAccessPERM() bool {
    29  	switch b {
    30  	case accessNone, accessDownload, accessUpload, accessPrivate, accessPublic:
    31  		return true
    32  	}
    33  	return false
    34  }
    35  
    36  func (b accessPerms) isValidAccessFile() bool {
    37  	file, err := os.Open(string(b))
    38  	if err != nil {
    39  		return false
    40  	}
    41  	defer file.Close()
    42  
    43  	var policy policy.BucketAccessPolicy
    44  	if json.NewDecoder(file).Decode(&policy) != nil {
    45  		fatalIf(errDummy().Trace(), "Unable to parse access file.")
    46  		return false
    47  	}
    48  
    49  	if policy.Version != "2012-10-17" {
    50  		fatalIf(errDummy().Trace(), "Invalid policy version. Only 2012-10-17 is supported.")
    51  		return false
    52  	}
    53  
    54  	for _, statement := range policy.Statements {
    55  		if statement.Effect != "Allow" && statement.Effect != "Deny" {
    56  			fatalIf(errDummy().Trace(), "Invalid policy effect. Only Allow and Deny are supported.")
    57  			return false
    58  		}
    59  	}
    60  
    61  	return true
    62  }
    63  
    64  // accessPerms - access level.
    65  type accessPerms string
    66  
    67  // different types of Access perm's currently supported by policy command.
    68  const (
    69  	accessNone     = accessPerms("none")
    70  	accessDownload = accessPerms("download")
    71  	accessUpload   = accessPerms("upload")
    72  	accessPrivate  = accessPerms("private")
    73  	accessPublic   = accessPerms("public")
    74  	accessCustom   = accessPerms("custom")
    75  )