- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 14 for IsAllowed (0.07 sec)
-
internal/config/policy/opa/config.go
return nil } return &Opa{ args: args, client: &http.Client{Transport: args.Transport}, } } // IsAllowed - checks given policy args is allowed to continue the REST API. func (o *Opa) IsAllowed(args policy.Args) (bool, error) { if o == nil { return false, nil } // OPA input body := make(map[string]interface{}) body["input"] = args
Registered: Sun Nov 03 19:28:11 UTC 2024 - Last Modified: Wed Jul 10 20:16:44 UTC 2024 - 5.3K bytes - Viewed (0) -
cmd/auth-handler.go
byPassSet = globalIAMSys.IsAllowed(policy.Args{ AccountName: cred.AccessKey, Groups: cred.Groups, Action: policy.BypassGovernanceRetentionAction, BucketName: bucketName, ObjectName: objectName, ConditionValues: conditions, IsOwner: owner, Claims: cred.Claims, }) } if globalIAMSys.IsAllowed(policy.Args{
Registered: Sun Nov 03 19:28:11 UTC 2024 - Last Modified: Tue Sep 17 16:45:46 UTC 2024 - 26.1K bytes - Viewed (0) -
cmd/admin-handlers-users.go
} checkDenyOnly := false if name == cred.AccessKey { // Check that there is no explicit deny - otherwise it's allowed // to view one's own info. checkDenyOnly = true } if !globalIAMSys.IsAllowed(policy.Args{ AccountName: cred.AccessKey, Groups: cred.Groups, Action: policy.GetUserAdminAction, ConditionValues: getConditionValues(r, "", cred), IsOwner: owner,
Registered: Sun Nov 03 19:28:11 UTC 2024 - Last Modified: Thu Oct 03 23:11:02 UTC 2024 - 85.1K bytes - Viewed (0) -
cmd/bucket-policy.go
policy, _, err := globalBucketMetadataSys.GetPolicyConfig(bucket) return policy, err } // IsAllowed - checks given policy args is allowed to continue the Rest API. func (sys *PolicySys) IsAllowed(args policy.BucketPolicyArgs) bool { p, err := sys.Get(args.BucketName) if err == nil { return p.IsAllowed(args) } // Log unhandled errors. if _, ok := err.(BucketPolicyNotFound); !ok {
Registered: Sun Nov 03 19:28:11 UTC 2024 - Last Modified: Fri May 24 23:05:23 UTC 2024 - 8K bytes - Viewed (0) -
cmd/iam.go
} // Sub policy not set, this is most common since subPolicy // is optional, use the inherited policies. return isOwnerDerived || combinedPolicy.IsAllowed(args) } func isAllowedBySessionPolicyForServiceAccount(args policy.Args) (hasSessionPolicy bool, isAllowed bool) { hasSessionPolicy = false isAllowed = false
Registered: Sun Nov 03 19:28:11 UTC 2024 - Last Modified: Tue Oct 29 16:01:48 UTC 2024 - 74.6K bytes - Viewed (0) -
internal/config/policy/plugin/config.go
return nil } return &AuthZPlugin{ args: args, client: &http.Client{Transport: args.Transport}, } } // IsAllowed - checks given policy args is allowed to continue the REST API. func (o *AuthZPlugin) IsAllowed(args policy.Args) (bool, error) { if o == nil { return false, nil } // Access Management Plugin Input body := make(map[string]interface{})
Registered: Sun Nov 03 19:28:11 UTC 2024 - Last Modified: Fri May 24 23:05:23 UTC 2024 - 5.8K bytes - Viewed (0) -
cmd/admin-handlers-idp-ldap.go
// If listing is requested for a specific user (who is not the request // sender), check that the user has permissions. if userDN != "" && userDN != cred.ParentUser { if !globalIAMSys.IsAllowed(policy.Args{ AccountName: cred.AccessKey, Groups: cred.Groups, Action: policy.ListServiceAccountsAdminAction, ConditionValues: getConditionValues(r, "", cred),
Registered: Sun Nov 03 19:28:11 UTC 2024 - Last Modified: Sat Sep 21 11:35:40 UTC 2024 - 19.1K bytes - Viewed (0) -
cmd/kms-handlers.go
// checkKMSActionAllowed checks for authorization for a specific action on a resource. func checkKMSActionAllowed(r *http.Request, owner bool, cred auth.Credentials, action policy.KMSAction, resource string) bool { return globalIAMSys.IsAllowed(policy.Args{ AccountName: cred.AccessKey, Groups: cred.Groups, Action: policy.Action(action), ConditionValues: getConditionValues(r, "", cred), IsOwner: owner,
Registered: Sun Nov 03 19:28:11 UTC 2024 - Last Modified: Sun Aug 18 06:43:03 UTC 2024 - 10.1K bytes - Viewed (0) -
cmd/bucket-handlers.go
readable := globalPolicySys.IsAllowed(policy.BucketPolicyArgs{ Action: policy.ListBucketAction, BucketName: bucket, ConditionValues: getConditionValues(r, "", auth.AnonymousCredentials), IsOwner: false, }) // Check if anonymous (non-owner) has access to upload objects. writable := globalPolicySys.IsAllowed(policy.BucketPolicyArgs{
Registered: Sun Nov 03 19:28:11 UTC 2024 - Last Modified: Thu Sep 12 12:24:04 UTC 2024 - 63.4K bytes - Viewed (0) -
cmd/s3-zip-handlers.go
// error. // * if you don’t have the s3:ListBucket // permission, Amazon S3 will return an HTTP // status code 403 ("access denied") error.` if globalPolicySys.IsAllowed(policy.BucketPolicyArgs{ Action: policy.ListBucketAction, BucketName: bucket, ConditionValues: getConditionValues(r, "", auth.AnonymousCredentials), IsOwner: false, }) {
Registered: Sun Nov 03 19:28:11 UTC 2024 - Last Modified: Mon Jun 10 15:31:51 UTC 2024 - 15.8K bytes - Viewed (0)