Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed error on single (non-list) Statements.

Browse Source
This commit is contained in:
acsbendi 2019-07-11 14:22:42 +02:00
parent 59f091bdea
commit 9d992c9335
1 changed files with 20 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
moto/core/authentication.py
View File

@ -245,27 +245,29 @@ class S3IAMRequest(IAMRequestBase):
class IAMPolicy: class IAMPolicy:
def __init__(self, policy): def __init__(self, policy):
self._policy = policy if isinstance(policy, Policy):
default_version = next(policy_version for policy_version in policy.versions if policy_version.is_default)
policy_document = default_version.document
elif isinstance(policy, string_types):
policy_document = policy
else:
policy_document = policy["policy_document"]
self._policy_json = json.loads(policy_document)
def is_action_permitted(self, action): def is_action_permitted(self, action):
if isinstance(self._policy, Policy):
default_version = next(policy_version for policy_version in self._policy.versions if policy_version.is_default)
policy_document = default_version.document
elif isinstance(self._policy, string_types):
policy_document = self._policy
else:
policy_document = self._policy["policy_document"]
policy_json = json.loads(policy_document)
permitted = False permitted = False
for policy_statement in policy_json["Statement"]: if isinstance(self._policy_json["Statement"], list):
iam_policy_statement = IAMPolicyStatement(policy_statement) for policy_statement in self._policy_json["Statement"]:
permission_result = iam_policy_statement.is_action_permitted(action) iam_policy_statement = IAMPolicyStatement(policy_statement)
if permission_result == PermissionResult.DENIED: permission_result = iam_policy_statement.is_action_permitted(action)
return permission_result if permission_result == PermissionResult.DENIED:
elif permission_result == PermissionResult.PERMITTED: return permission_result
permitted = True elif permission_result == PermissionResult.PERMITTED:
permitted = True
else: # dict
iam_policy_statement = IAMPolicyStatement(self._policy_json["Statement"])
return iam_policy_statement.is_action_permitted(action)
if permitted: if permitted:
return PermissionResult.PERMITTED return PermissionResult.PERMITTED