Added permissions guidance on ListBuckets and AddBuckets screens (#2319)

Added helpbox and tooltip guidance on ListBucketsand AddBuckets screens
Added bucketname to resource checking for bucket level config permissions

Author: jinapurapu

portal-ui/src/screens/Console/Buckets/BucketDetails/BrowserHandler.tsx

@@ -46,6 +46,7 @@ import { selFeatures } from "../../consoleSlice";
 import AutoColorIcon from "../../Common/Components/AutoColorIcon";
 import TooltipWrapper from "../../Common/TooltipWrapper/TooltipWrapper";
 import { Button } from "mds";
+import hasPermission from "../../../../common/SecureComponent/accessControl";
 
 const styles = (theme: Theme) =>
   createStyles({
@@ -88,6 +89,29 @@ const BrowserHandler = () => {
     navigate(`/buckets/${bucketName}/admin`);
   };
 
+  const configureBucketAllowed = hasPermission(bucketName, [
+    IAM_SCOPES.S3_GET_BUCKET_POLICY,
+    IAM_SCOPES.S3_PUT_BUCKET_POLICY,
+    IAM_SCOPES.S3_GET_BUCKET_VERSIONING,
+    IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
+    IAM_SCOPES.S3_GET_BUCKET_ENCRYPTION_CONFIGURATION,
+    IAM_SCOPES.S3_PUT_BUCKET_ENCRYPTION_CONFIGURATION,
+    IAM_SCOPES.S3_DELETE_BUCKET,
+    IAM_SCOPES.S3_GET_BUCKET_NOTIFICATIONS,
+    IAM_SCOPES.S3_PUT_BUCKET_NOTIFICATIONS,
+    IAM_SCOPES.S3_GET_REPLICATION_CONFIGURATION,
+    IAM_SCOPES.S3_PUT_REPLICATION_CONFIGURATION,
+    IAM_SCOPES.S3_GET_LIFECYCLE_CONFIGURATION,
+    IAM_SCOPES.S3_PUT_LIFECYCLE_CONFIGURATION,
+    IAM_SCOPES.ADMIN_GET_BUCKET_QUOTA,
+    IAM_SCOPES.ADMIN_SET_BUCKET_QUOTA,
+    IAM_SCOPES.S3_PUT_BUCKET_TAGGING,
+    IAM_SCOPES.S3_GET_BUCKET_TAGGING,
+    IAM_SCOPES.S3_LIST_BUCKET_VERSIONS,
+    IAM_SCOPES.S3_GET_BUCKET_POLICY_STATUS,
+    IAM_SCOPES.S3_DELETE_BUCKET_POLICY,
+  ]);
+
   const searchBar = (
     <Fragment>
       {!versionsMode ? (
@@ -129,7 +153,15 @@ const BrowserHandler = () => {
               resource={bucketName}
               errorProps={{ disabled: true }}
             >
-              <TooltipWrapper tooltip={"Configure Bucket"}>
+              <TooltipWrapper
+                tooltip={
+                  configureBucketAllowed
+                    ? "Configure Bucket"
+                    : "You do not have the required permissions to configure this bucket. Please contact your MinIO administrator to request " +
+                      IAM_ROLES.BUCKET_ADMIN +
+                      " permisions."
+                }
+              >
                 <Button
                   id={"configure-bucket-main"}
                   color="primary"

portal-ui/src/screens/Console/Buckets/ListBuckets/AddBucket/AddBucket.tsx

@@ -40,6 +40,7 @@ import PageLayout from "../../../Common/Layout/PageLayout";
 import InputUnitMenu from "../../../Common/FormComponents/InputUnitMenu/InputUnitMenu";
 import FormLayout from "../../../Common/FormLayout";
 import HelpBox from "../../../../../common/HelpBox";
+import TooltipWrapper from "../../../Common/TooltipWrapper/TooltipWrapper";
 import SectionTitle from "../../../Common/SectionTitle";
 import { selDistSet, selSiteRep } from "../../../../../systemSlice";
 import {
@@ -162,9 +163,17 @@ const AddBucket = ({ classes }: IsetProps) => {
     (state: AppState) => state.addBucket.navigateTo
   );
 
-  const lockingAllowed = hasPermission("*", [
+  const lockingAllowed = hasPermission(
+    "*",
+    [
+      IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
+      IAM_SCOPES.S3_PUT_BUCKET_OBJECT_LOCK_CONFIGURATION,
+    ],
+    true
+  );
+
+  const versioningAllowed = hasPermission("*", [
     IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
-    IAM_SCOPES.S3_PUT_BUCKET_OBJECT_LOCK_CONFIGURATION,
   ]);
 
   useEffect(() => {
@@ -243,19 +252,7 @@ const AddBucket = ({ classes }: IsetProps) => {
                   <br />
                   <b>Object Locking</b> prevents objects from being deleted.
                   Required to support retention and legal hold. Can only be
-                  enabled at bucket creation.{" "}
-                  {!lockingAllowed ? (
-                    <Fragment>
-                      <br />
-                      <span>
-                        To enable this option{" "}
-                        <i>s3:PutBucketObjectLockConfiguration</i> and{" "}
-                        <i>s3:PutBucketVersioning</i> permissions must be set.
-                      </span>
-                    </Fragment>
-                  ) : (
-                    ""
-                  )}
+                  enabled at bucket creation.
                   <br />
                   <br />
                   <b>Quota</b> limits the amount of data in the bucket.
@@ -323,39 +320,68 @@ const AddBucket = ({ classes }: IsetProps) => {
                     <br />
                   </Fragment>
                 )}
-                <FormSwitchWrapper
-                  value="versioned"
-                  id="versioned"
-                  name="versioned"
-                  checked={versioningEnabled}
-                  onChange={(event: React.ChangeEvent<HTMLInputElement>) => {
-                    dispatch(setVersioning(event.target.checked));
-                  }}
-                  label={"Versioning"}
-                  disabled={
-                    !distributedSetup ||
-                    lockingEnabled ||
-                    siteReplicationInfo.enabled
+                <TooltipWrapper
+                  tooltip={
+                    versioningAllowed
+                      ? ""
+                      : "You require additional permissions in order to enable Versioning. Please ask your MinIO administrator to grant you " +
+                        IAM_SCOPES.S3_PUT_BUCKET_VERSIONING +
+                        " permission in order to enable Versioning."
                   }
-                />
+                >
+                  <FormSwitchWrapper
+                    value="versioned"
+                    id="versioned"
+                    name="versioned"
+                    checked={versioningEnabled}
+                    onChange={(event: React.ChangeEvent<HTMLInputElement>) => {
+                      dispatch(setVersioning(event.target.checked));
+                    }}
+                    label={"Versioning"}
+                    disabled={
+                      !distributedSetup ||
+                      lockingEnabled ||
+                      siteReplicationInfo.enabled ||
+                      !versioningAllowed
+                    }
+                  />
+                </TooltipWrapper>
               </Grid>
               <Grid item xs={12}>
-                <FormSwitchWrapper
-                  value="locking"
-                  id="locking"
-                  name="locking"
-                  disabled={
-                    lockingFieldDisabled || !distributedSetup || !lockingAllowed
+                <TooltipWrapper
+                  tooltip={
+                    lockingAllowed
+                      ? ""
+                      : "You require additional permissions in order to enable Locking. Please ask your MinIO administrator to grant you " +
+                        (versioningAllowed
+                          ? ""
+                          : IAM_SCOPES.S3_PUT_BUCKET_VERSIONING + " and ") +
+                        IAM_SCOPES.S3_PUT_BUCKET_OBJECT_LOCK_CONFIGURATION +
+                        " permissions in order to enable Locking."
                   }
-                  checked={lockingEnabled}
-                  onChange={(event: React.ChangeEvent<HTMLInputElement>) => {
-                    dispatch(setEnableObjectLocking(event.target.checked));
-                    if (event.target.checked && !siteReplicationInfo.enabled) {
-                      dispatch(setVersioning(true));
+                >
+                  <FormSwitchWrapper
+                    value="locking"
+                    id="locking"
+                    name="locking"
+                    disabled={
+                      lockingFieldDisabled ||
+                      !distributedSetup ||
+                      !lockingAllowed
                     }
-                  }}
-                  label={"Object Locking"}
-                />
+                    checked={lockingEnabled}
+                    onChange={(event: React.ChangeEvent<HTMLInputElement>) => {
+                      dispatch(setEnableObjectLocking(event.target.checked));
+                      if (
+                        event.target.checked &&
+                        !siteReplicationInfo.enabled
+                      ) {
+                        dispatch(setVersioning(true));
+                      }
+                    }}
+                    label={"Object Locking"}
+                  />
+                </TooltipWrapper>
               </Grid>
 
               <Grid item xs={12}>

portal-ui/src/screens/Console/Buckets/ListBuckets/ListBuckets.tsx

@@ -202,6 +202,7 @@ const ListBuckets = ({ classes }: IListBucketsProps) => {
   };
 
   const canCreateBucket = hasPermission("*", [IAM_SCOPES.S3_CREATE_BUCKET]);
+  const canListBuckets = hasPermission("*", [IAM_SCOPES.S3_LIST_BUCKET]);
 
   return (
     <Fragment>
@@ -319,7 +320,15 @@ const ListBuckets = ({ classes }: IListBucketsProps) => {
             </TooltipWrapper>
 
             {!obOnly && (
-              <TooltipWrapper tooltip={"Create Bucket"}>
+              <TooltipWrapper
+                tooltip={
+                  canCreateBucket
+                    ? "Create Bucket"
+                    : "You require additional permissions in order to create a new Bucket. Please ask your MinIO administrator to grant you " +
+                      IAM_SCOPES.S3_CREATE_BUCKET +
+                      " permission in order to create a Bucket."
+                }
+              >
                 <Button
                   id={"create-bucket"}
                   onClick={() => {
@@ -384,6 +393,13 @@ const ListBuckets = ({ classes }: IListBucketsProps) => {
                         MinIO uses buckets to organize objects. A bucket is
                         similar to a folder or directory in a filesystem, where
                         each bucket can hold an arbitrary number of objects.
+                        <br></br>
+                        <br></br>
+                        {canListBuckets
+                          ? ""
+                          : "In order to view the buckets on this server, you require " +
+                            IAM_SCOPES.S3_LIST_BUCKET +
+                            " permission. Please contact your MinIO administrator to establish this permission."}
                         <SecureComponent
                           scopes={[IAM_SCOPES.S3_CREATE_BUCKET]}
                           resource={CONSOLE_UI_RESOURCE}