From fe0942f94764c1594e8e2c8dc55fcce5eb066ddd Mon Sep 17 00:00:00 2001 From: bsatoriu Date: Tue, 22 Oct 2024 09:40:16 -0700 Subject: [PATCH 1/2] expand inline folder policy to support reading/writing --- api/endpoints/members.py | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/api/endpoints/members.py b/api/endpoints/members.py index e263e0c..b5d6e71 100755 --- a/api/endpoints/members.py +++ b/api/endpoints/members.py @@ -691,13 +691,17 @@ def get(self): "Sid": "GrantAccessToUserFolder", "Effect": "Allow", "Action": [ - "s3:ListBucket", - "s3:DeleteObject", - "s3:GetObject", - "s3:PutObject", - "s3:RestoreObject", - "s3:ListMultipartUploadParts", - "s3:AbortMultipartUpload" + "s3:*" + ], + "Resource": [ + "arn:aws:s3:::{settings.WORKSPACE_BUCKET}/{maap_user.username}/*" + ] + }}, + {{ + "Sid": "GrantListAccess", + "Effect": "Allow", + "Action": [ + "s3:ListBucket" ], "Resource": "arn:aws:s3:::{settings.WORKSPACE_BUCKET}", "Condition": {{ From 8aab8b61687902ca55bc497b5190a3219792706a Mon Sep 17 00:00:00 2001 From: bsatoriu <27687558+bsatoriu@users.noreply.github.com> Date: Tue, 22 Oct 2024 09:56:11 -0700 Subject: [PATCH 2/2] Update members.py --- api/endpoints/members.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/api/endpoints/members.py b/api/endpoints/members.py index b5d6e71..fecebc6 100755 --- a/api/endpoints/members.py +++ b/api/endpoints/members.py @@ -691,7 +691,13 @@ def get(self): "Sid": "GrantAccessToUserFolder", "Effect": "Allow", "Action": [ - "s3:*" + "s3:ListBucket", + "s3:DeleteObject", + "s3:GetObject", + "s3:PutObject", + "s3:RestoreObject", + "s3:ListMultipartUploadParts", + "s3:AbortMultipartUpload" ], "Resource": [ "arn:aws:s3:::{settings.WORKSPACE_BUCKET}/{maap_user.username}/*"