From 8811bb08e6d5eb024bacdfbb20d039c6b696e1a6 Mon Sep 17 00:00:00 2001
From: Quentin Dufour <quentin@deuxfleurs.fr>
Date: Mon, 22 Nov 2021 12:10:28 +0100
Subject: [PATCH] In ListBuckets, hide entry if no perms

---
 script/test-smoke.sh | 15 +++++++++++++++
 src/api/s3_bucket.rs |  1 +
 2 files changed, 16 insertions(+)

diff --git a/script/test-smoke.sh b/script/test-smoke.sh
index 87d99ca8..3146e637 100755
--- a/script/test-smoke.sh
+++ b/script/test-smoke.sh
@@ -125,6 +125,21 @@ if [ -z "$SKIP_AWS" ]; then
   rm /tmp/garage-index.html
 fi
 
+if [ -z "$SKIP_AWS" ]; then
+  echo "🪣 Test bucket logic "
+  AWS_ACCESS_KEY_ID=`cat /tmp/garage.s3 |cut -d' ' -f1`
+  [ $(aws s3 ls | wc -l) == 1 ]
+  garage -c /tmp/config.1.toml bucket create seau
+  garage -c /tmp/config.1.toml bucket allow --read seau --key $AWS_ACCESS_KEY_ID
+  [ $(aws s3 ls | wc -l) == 2 ]
+  garage -c /tmp/config.1.toml bucket deny --read seau --key $AWS_ACCESS_KEY_ID
+  [ $(aws s3 ls | wc -l) == 1 ]
+  garage -c /tmp/config.1.toml bucket allow --read seau --key $AWS_ACCESS_KEY_ID
+  [ $(aws s3 ls | wc -l) == 2 ]
+  garage -c /tmp/config.1.toml bucket delete --yes seau
+  [ $(aws s3 ls | wc -l) == 1 ]
+fi
+
 echo "🏁 Teardown"
 AWS_ACCESS_KEY_ID=`cat /tmp/garage.s3 |cut -d' ' -f1`
 AWS_SECRET_ACCESS_KEY=`cat /tmp/garage.s3 |cut -d' ' -f2`
diff --git a/src/api/s3_bucket.rs b/src/api/s3_bucket.rs
index c8bbc51b..2be0a818 100644
--- a/src/api/s3_bucket.rs
+++ b/src/api/s3_bucket.rs
@@ -45,6 +45,7 @@ pub fn handle_list_buckets(api_key: &Key) -> Result<Response<Body>, Error> {
 				.authorized_buckets
 				.items()
 				.iter()
+				.filter(|(_, _, perms)| perms.allow_read || perms.allow_write)
 				.map(|(name, ts, _)| s3_xml::Bucket {
 					creation_date: s3_xml::Value(msec_to_rfc3339(*ts)),
 					name: s3_xml::Value(name.to_string()),