Implement RBAC for Bucket Permissions

Bucket Permission

List permissions for bucket

GET /permissions/bucket/:bucket_name?status={active,inactive}&type={read,write,readwrite}
Permission bucket_permission:list_bucket | bucket_permission:list_all

• S3PS asks AS if user is allowed to request this resource
• query status, optional
  • filter permissions that are currently active/inactive (time sensitive)
• query type, optional
  • filter permissions that have the specific type

List permissions for user

GET /permissions/user/:uid?status={active,inactive}&type={read,write,readwrite}
Permission bucket_permission:list_user | bucket_permission:list_all

• S3PS asks AS if user is allowed to request this resource
• query status, optional
  • filter permissions that are currently active/inactive (time sensitive)
• query type, optional
  • filter permissions that have the specific type

Get specific bucket permission

GET /permissions/bucket/:bucket_name/user/:uid
Permission bucket_permission:read | bucket_permission:read_any

• S3PS asks AS if user is allowed to request this resource

Create bucket permission

POST /permissions
Permission bucket_permission:create

• S3PS asks AS if user is allowed to create this resource

Update bucket permission

POST /permissions/bucket/:bucket_name/user/:uid
Permission bucket_permission:update

• S3PS asks AS if user is allowed to request this resource

Delete bucket permission

DELETE /permissions/bucket/:bucket_name/user/:uid
Permission bucket_permission:delete | bucket_permission:delete_any

• S3PS asks AS if user is allowed to request this resource
• Owner of bucket and grantee can delete a bucket permission