From 687a6a6c1de0fb67b51ec9bfd1781a6c255ff695 Mon Sep 17 00:00:00 2001
From: Chris Lu <chrislusf@users.noreply.github.com>
Date: Sat, 12 Jul 2025 01:13:11 -0700
Subject: Admin UI: Add policies (#6968)

* add policies to UI, accessing filer directly

* view, edit policies

* add back buttons for "users" page

* remove unused

* fix ui dark mode when modal is closed

* bucket view details button

* fix browser buttons

* filer action button works

* clean up masters page

* fix volume servers action buttons

* fix collections page action button

* fix properties page

* more obvious

* fix directory creation file mode

* Update file_browser_handlers.go

* directory permission
---
 weed/credential/postgres/postgres_policy.go | 130 ++++++++++++++++++++++++++++
 1 file changed, 130 insertions(+)
 create mode 100644 weed/credential/postgres/postgres_policy.go

(limited to 'weed/credential/postgres/postgres_policy.go')

diff --git a/weed/credential/postgres/postgres_policy.go b/weed/credential/postgres/postgres_policy.go
new file mode 100644
index 000000000..8be2b108c
--- /dev/null
+++ b/weed/credential/postgres/postgres_policy.go
@@ -0,0 +1,130 @@
+package postgres
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+
+	"github.com/seaweedfs/seaweedfs/weed/credential"
+)
+
+// GetPolicies retrieves all IAM policies from PostgreSQL
+func (store *PostgresStore) GetPolicies(ctx context.Context) (map[string]credential.PolicyDocument, error) {
+	if !store.configured {
+		return nil, fmt.Errorf("store not configured")
+	}
+
+	policies := make(map[string]credential.PolicyDocument)
+
+	rows, err := store.db.QueryContext(ctx, "SELECT name, document FROM policies")
+	if err != nil {
+		return nil, fmt.Errorf("failed to query policies: %v", err)
+	}
+	defer rows.Close()
+
+	for rows.Next() {
+		var name string
+		var documentJSON []byte
+
+		if err := rows.Scan(&name, &documentJSON); err != nil {
+			return nil, fmt.Errorf("failed to scan policy row: %v", err)
+		}
+
+		var document credential.PolicyDocument
+		if err := json.Unmarshal(documentJSON, &document); err != nil {
+			return nil, fmt.Errorf("failed to unmarshal policy document for %s: %v", name, err)
+		}
+
+		policies[name] = document
+	}
+
+	return policies, nil
+}
+
+// CreatePolicy creates a new IAM policy in PostgreSQL
+func (store *PostgresStore) CreatePolicy(ctx context.Context, name string, document credential.PolicyDocument) error {
+	if !store.configured {
+		return fmt.Errorf("store not configured")
+	}
+
+	documentJSON, err := json.Marshal(document)
+	if err != nil {
+		return fmt.Errorf("failed to marshal policy document: %v", err)
+	}
+
+	_, err = store.db.ExecContext(ctx,
+		"INSERT INTO policies (name, document) VALUES ($1, $2) ON CONFLICT (name) DO UPDATE SET document = $2, updated_at = CURRENT_TIMESTAMP",
+		name, documentJSON)
+	if err != nil {
+		return fmt.Errorf("failed to insert policy: %v", err)
+	}
+
+	return nil
+}
+
+// UpdatePolicy updates an existing IAM policy in PostgreSQL
+func (store *PostgresStore) UpdatePolicy(ctx context.Context, name string, document credential.PolicyDocument) error {
+	if !store.configured {
+		return fmt.Errorf("store not configured")
+	}
+
+	documentJSON, err := json.Marshal(document)
+	if err != nil {
+		return fmt.Errorf("failed to marshal policy document: %v", err)
+	}
+
+	result, err := store.db.ExecContext(ctx,
+		"UPDATE policies SET document = $2, updated_at = CURRENT_TIMESTAMP WHERE name = $1",
+		name, documentJSON)
+	if err != nil {
+		return fmt.Errorf("failed to update policy: %v", err)
+	}
+
+	rowsAffected, err := result.RowsAffected()
+	if err != nil {
+		return fmt.Errorf("failed to get rows affected: %v", err)
+	}
+
+	if rowsAffected == 0 {
+		return fmt.Errorf("policy %s not found", name)
+	}
+
+	return nil
+}
+
+// DeletePolicy deletes an IAM policy from PostgreSQL
+func (store *PostgresStore) DeletePolicy(ctx context.Context, name string) error {
+	if !store.configured {
+		return fmt.Errorf("store not configured")
+	}
+
+	result, err := store.db.ExecContext(ctx, "DELETE FROM policies WHERE name = $1", name)
+	if err != nil {
+		return fmt.Errorf("failed to delete policy: %v", err)
+	}
+
+	rowsAffected, err := result.RowsAffected()
+	if err != nil {
+		return fmt.Errorf("failed to get rows affected: %v", err)
+	}
+
+	if rowsAffected == 0 {
+		return fmt.Errorf("policy %s not found", name)
+	}
+
+	return nil
+}
+
+// GetPolicy retrieves a specific IAM policy by name from PostgreSQL
+func (store *PostgresStore) GetPolicy(ctx context.Context, name string) (*credential.PolicyDocument, error) {
+	policies, err := store.GetPolicies(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	if policy, exists := policies[name]; exists {
+		return &policy, nil
+	}
+
+	return nil, nil // Policy not found
+}
-- 
cgit v1.2.3