This is an archived project. Repository and other project resources are read-only.

Implement RBAC for Buckets

Buckets

Get Bucket

GET /buckets/:bucket_name
Permission bucket:read | bucket:read_any

S3PS asks AS if user is allowed to request this resource

List Buckets

GET /buckets?user=:uid&buckettype={own,all,permission}
Permission bucket:list | bucket:list_all

S3PS asks AS if user is allowed to request this resource
query buckettype, optional
- only valid in combination with user
- own: only list buckets that the user owns
- all: include buckets that the user has permission for, default
- permission: only list foreign buckets that the user has access to
query user, optional for bucket:list_all, otherwise required
- filter buckets that belong to user :uid

Create Bucket

POST /buckets/:bucket_name
Permission bucket:create

S3PS asks AS if user is allowed to create this resource

Delete Bucket

DELETE /buckets/:bucket_name
Permission bucket:delete | bucket:delete_any

S3PS asks AS if user is allowed to delete this resource

List objetcs in Bucket

GET /buckets/:bucket_name/objects?file_prefix=:prefix
Permission bucket:read | bucket:read_any

S3PS asks AS if user is allowed to request this resource
query file_prefix, optional
- filter keys that have this prefix

Get object in Bucket

GET /buckets/:bucket_name/objects/:object_path
Permission bucket:read | bucket:read_any

S3PS asks AS if user is allowed to request this resource

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information