Allow sign-in users without policy (#129)

minio · May 19, 2020 · 35d575e · 35d575e
1 parent 92a8aab
commit 35d575e
Showing 1 changed file with 8 additions and 7 deletions.
diff --git a/restapi/user_login.go b/restapi/user_login.go
@@ -123,14 +123,15 @@ func getLoginResponse(lr *models.LoginRequest) (*models.LoginResponse, error) {
 		log.Println("error login:", err)
 		return nil, errInvalidCredentials
 	}
-	policy, err := adminClient.getPolicy(ctx, userInfo.PolicyName)
-	if err != nil {
-		log.Println("error login:", err)
-		return nil, errInvalidCredentials
+	policy, _ := adminClient.getPolicy(ctx, userInfo.PolicyName)
+	// by default every user starts with an empty array of available actions
+	// therefore we would have access only to pages that doesn't require any privilege
+	// ie: service-account page
+	actions := []string{}
+	// if a policy is assigned to this user we parse the actions from there
+	if policy != nil {
+		actions = acl.GetActionsStringFromPolicy(policy)
 	}
-
-	actions := acl.GetActionsStringFromPolicy(policy)
-
 	sessionID, err := login(credentials, actions)
 	if err != nil {
 		return nil, err