Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 14 for IsAllowed (0.05 sec)

  1. internal/config/policy/opa/config.go

    		return nil
    	}
    	return &Opa{
    		args:   args,
    		client: &http.Client{Transport: args.Transport},
    	}
    }
    
    // IsAllowed - checks given policy args is allowed to continue the REST API.
    func (o *Opa) IsAllowed(args policy.Args) (bool, error) {
    	if o == nil {
    		return false, nil
    	}
    
    	// OPA input
    	body := make(map[string]interface{})
    	body["input"] = args
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Wed Jul 10 20:16:44 UTC 2024
    - 5.3K bytes
    - Viewed (0)
  2. cmd/auth-handler.go

    		byPassSet = globalIAMSys.IsAllowed(policy.Args{
    			AccountName:     cred.AccessKey,
    			Groups:          cred.Groups,
    			Action:          policy.BypassGovernanceRetentionAction,
    			BucketName:      bucketName,
    			ObjectName:      objectName,
    			ConditionValues: conditions,
    			IsOwner:         owner,
    			Claims:          cred.Claims,
    		})
    	}
    	if globalIAMSys.IsAllowed(policy.Args{
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Sep 17 16:45:46 UTC 2024
    - 26.1K bytes
    - Viewed (0)
  3. cmd/admin-handlers-users.go

    	}
    
    	checkDenyOnly := false
    	if name == cred.AccessKey {
    		// Check that there is no explicit deny - otherwise it's allowed
    		// to view one's own info.
    		checkDenyOnly = true
    	}
    
    	if !globalIAMSys.IsAllowed(policy.Args{
    		AccountName:     cred.AccessKey,
    		Groups:          cred.Groups,
    		Action:          policy.GetUserAdminAction,
    		ConditionValues: getConditionValues(r, "", cred),
    		IsOwner:         owner,
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Oct 03 23:11:02 UTC 2024
    - 85.1K bytes
    - Viewed (0)
  4. cmd/bucket-policy.go

    	policy, _, err := globalBucketMetadataSys.GetPolicyConfig(bucket)
    	return policy, err
    }
    
    // IsAllowed - checks given policy args is allowed to continue the Rest API.
    func (sys *PolicySys) IsAllowed(args policy.BucketPolicyArgs) bool {
    	p, err := sys.Get(args.BucketName)
    	if err == nil {
    		return p.IsAllowed(args)
    	}
    
    	// Log unhandled errors.
    	if _, ok := err.(BucketPolicyNotFound); !ok {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri May 24 23:05:23 UTC 2024
    - 8K bytes
    - Viewed (0)
  5. cmd/iam.go

    	}
    
    	// Sub policy not set, this is most common since subPolicy
    	// is optional, use the inherited policies.
    	return isOwnerDerived || combinedPolicy.IsAllowed(args)
    }
    
    func isAllowedBySessionPolicyForServiceAccount(args policy.Args) (hasSessionPolicy bool, isAllowed bool) {
    	hasSessionPolicy = false
    	isAllowed = false
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Oct 29 16:01:48 UTC 2024
    - 74.6K bytes
    - Viewed (0)
  6. internal/config/policy/plugin/config.go

    		return nil
    	}
    	return &AuthZPlugin{
    		args:   args,
    		client: &http.Client{Transport: args.Transport},
    	}
    }
    
    // IsAllowed - checks given policy args is allowed to continue the REST API.
    func (o *AuthZPlugin) IsAllowed(args policy.Args) (bool, error) {
    	if o == nil {
    		return false, nil
    	}
    
    	// Access Management Plugin Input
    	body := make(map[string]interface{})
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri May 24 23:05:23 UTC 2024
    - 5.8K bytes
    - Viewed (0)
  7. cmd/admin-handlers-idp-ldap.go

    	// If listing is requested for a specific user (who is not the request
    	// sender), check that the user has permissions.
    	if userDN != "" && userDN != cred.ParentUser {
    		if !globalIAMSys.IsAllowed(policy.Args{
    			AccountName:     cred.AccessKey,
    			Groups:          cred.Groups,
    			Action:          policy.ListServiceAccountsAdminAction,
    			ConditionValues: getConditionValues(r, "", cred),
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Sat Sep 21 11:35:40 UTC 2024
    - 19.1K bytes
    - Viewed (0)
  8. cmd/bucket-handlers.go

    	readable := globalPolicySys.IsAllowed(policy.BucketPolicyArgs{
    		Action:          policy.ListBucketAction,
    		BucketName:      bucket,
    		ConditionValues: getConditionValues(r, "", auth.AnonymousCredentials),
    		IsOwner:         false,
    	})
    
    	// Check if anonymous (non-owner) has access to upload objects.
    	writable := globalPolicySys.IsAllowed(policy.BucketPolicyArgs{
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Sep 12 12:24:04 UTC 2024
    - 63.4K bytes
    - Viewed (0)
  9. cmd/kms-handlers.go

    // checkKMSActionAllowed checks for authorization for a specific action on a resource.
    func checkKMSActionAllowed(r *http.Request, owner bool, cred auth.Credentials, action policy.KMSAction, resource string) bool {
    	return globalIAMSys.IsAllowed(policy.Args{
    		AccountName:     cred.AccessKey,
    		Groups:          cred.Groups,
    		Action:          policy.Action(action),
    		ConditionValues: getConditionValues(r, "", cred),
    		IsOwner:         owner,
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Sun Aug 18 06:43:03 UTC 2024
    - 10.1K bytes
    - Viewed (0)
  10. cmd/s3-zip-handlers.go

    			//   error.
    			// * if you don’t have the s3:ListBucket
    			//   permission, Amazon S3 will return an HTTP
    			//   status code 403 ("access denied") error.`
    			if globalPolicySys.IsAllowed(policy.BucketPolicyArgs{
    				Action:          policy.ListBucketAction,
    				BucketName:      bucket,
    				ConditionValues: getConditionValues(r, "", auth.AnonymousCredentials),
    				IsOwner:         false,
    			}) {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Mon Jun 10 15:31:51 UTC 2024
    - 15.8K bytes
    - Viewed (0)
Back to top