Skip to content

Commit fa2a6e2

Browse files
TimCsakyTimCsaky
authored
Merge pull request #294 from bcgov/SC3828
Sc3828
2 parents cd5e836 + d9557bc commit fa2a6e2

36 files changed

+690
-199
lines changed

.github/environments/values.dev.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ config:
1313
enabled: true
1414
configMap:
1515
BASICAUTH_ENABLED: "true"
16+
S3ACCESSMODE_ENABLED: "true"
1617
DB_PORT: "5432"
1718
KC_ENABLED: "true"
1819
KC_IDENTITYKEY: idir_user_guid,bceid_user_guid,github_id

.github/environments/values.prod.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ config:
1313
enabled: true
1414
configMap:
1515
BASICAUTH_ENABLED: "true"
16+
S3ACCESSMODE_ENABLED: "true"
1617
DB_PORT: "5432"
1718
KC_ENABLED: "true"
1819
KC_IDENTITYKEY: idir_user_guid,bceid_user_guid

.github/environments/values.test.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ config:
1313
enabled: true
1414
configMap:
1515
BASICAUTH_ENABLED: "true"
16+
S3ACCESSMODE_ENABLED: "true"
1617
DB_PORT: "5432"
1718
KC_ENABLED: "true"
1819
KC_IDENTITYKEY: idir_user_guid,bceid_user_guid

app/README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -145,6 +145,7 @@ docker run -it --rm -p 3000:3000 \
145145
-e BASICAUTH_ENABLED=true \
146146
-e BASICAUTH_USERNAME=<Your chosen Basic Auth Username> \
147147
-e BASICAUTH_PASSWORD=<Your chosen Basic Auth Password> \
148+
-e S3ACCESSMODE_ENABLED=true \
148149
docker.io/bcgovimages/common-object-management-service:latest
149150
```
150151

@@ -192,6 +193,7 @@ docker run -it --rm -p 3000:3000 \
192193
-e BASICAUTH_USERNAME=<Your chosen Basic Auth Username> \
193194
-e BASICAUTH_PASSWORD=<Your chosen Basic Auth Password> \
194195
-e KC_ENABLED=true \
196+
-e S3ACCESSMODE_ENABLED=true \
195197
-e KC_CLIENTID=<id> \
196198
-e KC_CLIENTSECRET=<secret> \
197199
-e KC_PUBLICKEY=<publickey> \

app/config/custom-environment-variables.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
{
22
"basicAuth": {
33
"enabled": "BASICAUTH_ENABLED",
4+
"s3AccessMode": "S3ACCESSMODE_ENABLED",
45
"password": "BASICAUTH_PASSWORD",
56
"username": "BASICAUTH_USERNAME"
67
},

app/src/components/utils.js

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -53,10 +53,11 @@ const utils = {
5353
getAppAuthMode() {
5454
const basicAuth = utils.getConfigBoolean('basicAuth.enabled');
5555
const oidcAuth = utils.getConfigBoolean('keycloak.enabled');
56+
const s3AccessMode = utils.getConfigBoolean('basicAuth.s3AccessMode');
5657

57-
if (!basicAuth && !oidcAuth) return AuthMode.NOAUTH;
58-
else if (basicAuth && !oidcAuth) return AuthMode.BASICAUTH;
59-
else if (!basicAuth && oidcAuth) return AuthMode.OIDCAUTH;
58+
if (!basicAuth && !oidcAuth && !s3AccessMode) return AuthMode.NOAUTH;
59+
else if ((basicAuth || !s3AccessMode) && !oidcAuth) return AuthMode.BASICAUTH;
60+
else if (!basicAuth && oidcAuth && !s3AccessMode) return AuthMode.OIDCAUTH;
6061
else return AuthMode.FULLAUTH; // basicAuth && oidcAuth
6162
},
6263

app/src/controllers/bucket.js

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -305,7 +305,12 @@ const controller = {
305305
endpoint: req.body.endpoint ? stripDelimit(req.body.endpoint) : currentBucket.endpoint
306306
});
307307

308-
const userId = await userService.getCurrentUserId(getCurrentIdentity(req.currentUser, SYSTEM_USER), SYSTEM_USER);
308+
let userId = await userService.getCurrentUserId(getCurrentIdentity(req.currentUser, SYSTEM_USER), SYSTEM_USER);
309+
310+
if ((userId === SYSTEM_USER || userId === undefined) && req.currentUser?.bucketSettings) {
311+
userId = req.currentUser.bucketSettings.accessKeyId;
312+
}
313+
309314
const response = await bucketService.update({
310315
bucketId: bucketId,
311316
bucketName: req.body.bucketName,

app/src/controllers/object.js

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1105,7 +1105,11 @@ const controller = {
11051105
*/
11061106
async updateObject(req, res, next) {
11071107
try {
1108-
const userId = await userService.getCurrentUserId(getCurrentIdentity(req.currentUser, SYSTEM_USER));
1108+
let userId = await userService.getCurrentUserId(getCurrentIdentity(req.currentUser, SYSTEM_USER));
1109+
1110+
if ((userId === SYSTEM_USER || userId === undefined) && req.currentUser?.bucketSettings) {
1111+
userId = req.currentUser.bucketSettings.accessKeyId;
1112+
}
11091113

11101114
// Preflight existence check for bucketId
11111115
const bucketId = req.currentObject?.bucketId;

app/src/controllers/version.js

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ const controller = {
2828
const versionIds = mixedQueryToArray(req.query.versionId);
2929
const s3VersionIds = mixedQueryToArray(req.query.s3VersionId);
3030
const metadata = getMetadata(req.headers);
31+
const bucketId = mixedQueryToArray(req.query.bucketId);
3132

3233
const params = {
3334
versionIds: versionIds ? versionIds.map(id => addDashesToUuid(id)) : versionIds,
@@ -37,6 +38,7 @@ const controller = {
3738
// if scoping to current user permissions on objects
3839
if (getConfigBoolean('server.privacyMask')) {
3940
params.userId = await userService.getCurrentUserId(getCurrentIdentity(req.currentUser, SYSTEM_USER));
41+
params.bucketId = bucketId?.length ? bucketId : undefined;
4042
}
4143
const response = await metadataService.fetchMetadataForVersion(params);
4244
res.status(200).json(response);
@@ -58,6 +60,7 @@ const controller = {
5860
const versionIds = mixedQueryToArray(req.query.versionId);
5961
const s3VersionIds = mixedQueryToArray(req.query.s3VersionId);
6062
const tagging = req.query.tagset;
63+
const bucketId = mixedQueryToArray(req.query.bucketId);
6164

6265
const params = {
6366
versionIds: versionIds ? versionIds.map(id => addDashesToUuid(id)) : versionIds,
@@ -67,6 +70,7 @@ const controller = {
6770
// if scoping to current user permissions on objects
6871
if (getConfigBoolean('server.privacyMask')) {
6972
params.userId = await userService.getCurrentUserId(getCurrentIdentity(req.currentUser, SYSTEM_USER));
73+
params.bucketId = bucketId?.length ? bucketId : undefined;
7074
}
7175
const response = await tagService.fetchTagsForVersion(params);
7276
res.status(200).json(response);

app/src/db/models/tables/objectModel.js

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@ class ObjectModel extends Timestamps(Model) {
7878
filterActive(query, value) {
7979
if (value !== undefined) query.where('object.active', value);
8080
},
81-
filterVersionAttributes(query, mimeType, deleteMarker, isLatest) {
81+
filterVersionAttributes(query, mimeType, deleteMarker, isLatest, versionId, s3VersionId) {
8282
query
8383
.withGraphJoined('version')
8484
.leftJoinRelated('version')
@@ -92,6 +92,8 @@ class ObjectModel extends Timestamps(Model) {
9292
if (isLatest !== undefined) {
9393
query.where('version.isLatest', isLatest);
9494
}
95+
filterOneOrMany(query, versionId, 'version.id');
96+
filterOneOrMany(query, s3VersionId, 'version.s3VersionId');
9597
});
9698
},
9799
filterMetadataTag(query, value) {

0 commit comments

Comments
 (0)