diff --git a/api/handler/acl.go b/api/handler/acl.go index f0fdc9f0..50ab0e9d 100644 --- a/api/handler/acl.go +++ b/api/handler/acl.go @@ -1186,73 +1186,6 @@ func resourceInfoFromName(name, bucketName string) resourceInfo { return resInfo } -func astToPolicy(ast *ast) *bucketPolicy { - bktPolicy := &bucketPolicy{} - - for _, resource := range ast.Resources { - allowed, denied := triageOperations(resource.Operations) - handleResourceOperations(bktPolicy, allowed, eacl.ActionAllow, resource.Name()) - handleResourceOperations(bktPolicy, denied, eacl.ActionDeny, resource.Name()) - } - - return bktPolicy -} - -func handleResourceOperations(bktPolicy *bucketPolicy, list []*astOperation, eaclAction eacl.Action, resourceName string) { - userOpsMap := make(map[string][]eacl.Operation) - - for _, op := range list { - if !op.IsGroupGrantee() { - for _, user := range op.Users { - userOps := userOpsMap[user] - userOps = append(userOps, op.Op) - userOpsMap[user] = userOps - } - } else { - userOps := userOpsMap[allUsersGroup] - userOps = append(userOps, op.Op) - userOpsMap[allUsersGroup] = userOps - } - } - - for user, userOps := range userOpsMap { - var actions []string - LOOP: - for action, ops := range actionToOpMap { - for _, op := range ops { - if !contains(userOps, op) { - continue LOOP - } - } - actions = append(actions, action) - } - if len(actions) != 0 { - state := statement{ - Effect: actionToEffect(eaclAction), - Principal: principal{CanonicalUser: user}, - Action: actions, - Resource: []string{arnAwsPrefix + resourceName}, - } - if user == allUsersGroup { - state.Principal = principal{AWS: allUsersWildcard} - } - bktPolicy.Statement = append(bktPolicy.Statement, state) - } - } -} - -func triageOperations(operations []*astOperation) ([]*astOperation, []*astOperation) { - var allowed, denied []*astOperation - for _, op := range operations { - if op.Action == eacl.ActionAllow { - allowed = append(allowed, op) - } else { - denied = append(denied, op) - } - } - return allowed, denied -} - func addTo(list []*astOperation, userID string, op eacl.Operation, groupGrantee bool, action eacl.Action) []*astOperation { var found *astOperation for _, astop := range list { @@ -1439,17 +1372,6 @@ func effectToAction(effect string) eacl.Action { return eacl.ActionUnknown } -func actionToEffect(action eacl.Action) string { - switch action { - case eacl.ActionAllow: - return "Allow" - case eacl.ActionDeny: - return "Deny" - default: - return "" - } -} - func permissionToOperations(permission AWSACL) []eacl.Operation { switch permission { case aclFullControl: