(anonClient *s3.Client, authClient *s3.Client, b *bucket.Bucket, doDestructiveChecks bool)
| 192 | } |
| 193 | |
| 194 | func checkPermissionsWithAuth(anonClient *s3.Client, authClient *s3.Client, b *bucket.Bucket, doDestructiveChecks bool) error { |
| 195 | /* |
| 196 | // 1. Check if b exists |
| 197 | // 2. Check for READ_ACP |
| 198 | // 3. If FullControl is allowed for either AllUsers or AuthorizedUsers, skip the remainder of those tests |
| 199 | // 4. Check for READ |
| 200 | // 5. If doing destructive checks: |
| 201 | // 5a. Check for Write |
| 202 | // 5b. Check for WriteACP |
| 203 | */ |
| 204 | |
| 205 | b.DateScanned = time.Now() |
| 206 | |
| 207 | // Check for anon READ_ACP permission. If allowed, exit |
| 208 | anonReadACL, err := permission.CheckPermReadACL(anonClient, b) |
| 209 | if err != nil { |
| 210 | return fmt.Errorf("error occurred while checking for anon ReadACL: %v", err.Error()) |
| 211 | } |
| 212 | b.PermAllUsersReadACL = bucket.Permission(anonReadACL) |
| 213 | if b.PermAllUsersReadACL == bucket.PermissionAllowed { |
| 214 | return nil |
| 215 | } |
| 216 | |
| 217 | // Check for auth READ_ACP permission. If allowed, exit |
| 218 | if authClient != nil { |
| 219 | authReadACL, authACLErr := permission.CheckPermReadACL(authClient, b) |
| 220 | if authACLErr != nil { |
| 221 | return fmt.Errorf("error occurred while checking for auth ReadACL: %v", authACLErr.Error()) |
| 222 | } |
| 223 | b.PermAuthUsersReadACL = bucket.Permission(authReadACL) |
| 224 | if b.PermAuthUsersReadACL == bucket.PermissionAllowed { |
| 225 | return nil |
| 226 | } |
| 227 | } |
| 228 | |
| 229 | // Check for anon READ |
| 230 | canRead, err := permission.CheckPermRead(anonClient, b) |
| 231 | if err != nil { |
| 232 | return fmt.Errorf("error occurred while checking for anon READ: %v", err.Error()) |
| 233 | } |
| 234 | b.PermAllUsersRead = bucket.Permission(canRead) |
| 235 | |
| 236 | // Check for auth READ |
| 237 | if authClient != nil { |
| 238 | authCanRead, authReadErr := permission.CheckPermRead(authClient, b) |
| 239 | if authReadErr != nil { |
| 240 | return fmt.Errorf("error occurred while checking for auth READ: %v", authReadErr.Error()) |
| 241 | } |
| 242 | b.PermAuthUsersRead = bucket.Permission(authCanRead) |
| 243 | } |
| 244 | |
| 245 | if doDestructiveChecks { |
| 246 | // Check for WRITE permission |
| 247 | permWrite, writeErr := permission.CheckPermWrite(anonClient, b) |
| 248 | if writeErr != nil { |
| 249 | return fmt.Errorf("%v | error occurred while checking for WRITE: %v", b.Name, writeErr.Error()) |
| 250 | } |
| 251 | b.PermAllUsersWrite = bucket.Permission(permWrite) |
no test coverage detected