From 1df1bf34e0885ab85e7d6ad29bf8b055b8319e21 Mon Sep 17 00:00:00 2001
From: Allan Roger Reid <allanrogerreid@gmail.com>
Date: Tue, 18 Feb 2025 16:41:10 -0800
Subject: [PATCH 1/6] Upgrade dompurify to 3.2.4 Allow console to recognize
 Delete*

---
 Makefile                                        |  2 +-
 .../__tests__/accessControl.test.ts             |  4 ++--
 .../src/common/SecureComponent/permissions.ts   |  2 ++
 .../Objects/ListObjects/ListObjects.tsx         |  4 ++--
 .../Objects/ListObjects/ObjectDetailPanel.tsx   |  9 ++++++---
 .../Objects/ObjectDetails/TagsModal.tsx         |  5 ++++-
 web-app/yarn.lock                               | 17 +++++++++++------
 7 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/Makefile b/Makefile
index 946e786f90..f41ec2cdca 100644
--- a/Makefile
+++ b/Makefile
@@ -64,7 +64,7 @@ swagger-console:
 
 assets:
 	@(if [ -f "${NVM_DIR}/nvm.sh" ]; then \. "${NVM_DIR}/nvm.sh" && nvm install && nvm use && npm install -g yarn ; fi &&\
-	  cd web-app; corepack enable; yarn install --prefer-offline; make build-static; yarn prettier --write . --loglevel warn; cd ..)
+	  cd web-app; corepack enable; yarn install --prefer-offline; make build-static; yarn prettier --write . --log-level warn; cd ..)
 
 test-integration:
 	@(docker stop pgsqlcontainer || true)
diff --git a/web-app/src/common/SecureComponent/__tests__/accessControl.test.ts b/web-app/src/common/SecureComponent/__tests__/accessControl.test.ts
index f616d56ccd..5cd0ceacf9 100644
--- a/web-app/src/common/SecureComponent/__tests__/accessControl.test.ts
+++ b/web-app/src/common/SecureComponent/__tests__/accessControl.test.ts
@@ -176,7 +176,7 @@ test("Can delete an object inside a bucket prefix", () => {
         "xref_cust_guid_actd-v1.jpg",
         "test/digitalinsights/xref_cust_guid_actd-v1.jpg",
       ],
-      [IAM_SCOPES.S3_DELETE_OBJECT],
+      [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
     ),
   ).toBe(true);
 });
@@ -186,7 +186,7 @@ test("Can't delete an object inside a bucket prefix", () => {
   expect(
     hasPermission(
       ["xref_cust_guid_actd-v1.jpg", "test/xref_cust_guid_actd-v1.jpg"],
-      [IAM_SCOPES.S3_DELETE_OBJECT],
+      [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
     ),
   ).toBe(false);
 });
diff --git a/web-app/src/common/SecureComponent/permissions.ts b/web-app/src/common/SecureComponent/permissions.ts
index 481b93f9d6..71d2afc1fa 100644
--- a/web-app/src/common/SecureComponent/permissions.ts
+++ b/web-app/src/common/SecureComponent/permissions.ts
@@ -30,6 +30,7 @@ export const IAM_SCOPES = {
   S3_PUT_OBJECT: "s3:PutObject",
   S3_GET_ACTIONS: "s3:Get*",
   S3_PUT_ACTIONS: "s3:Put*",
+  S3_DELETE_ACTIONS: "s3:Delete*",
   S3_GET_OBJECT_LEGAL_HOLD: "s3:GetObjectLegalHold",
   S3_PUT_OBJECT_LEGAL_HOLD: "s3:PutObjectLegalHold",
   S3_DELETE_OBJECT: "s3:DeleteObject",
@@ -197,6 +198,7 @@ export const IAM_PERMISSIONS = {
     IAM_SCOPES.S3_PUT_OBJECT,
     IAM_SCOPES.S3_PUT_ACTIONS,
     IAM_SCOPES.S3_DELETE_OBJECT,
+    IAM_SCOPES.S3_DELETE_ACTIONS,
   ],
   [IAM_ROLES.BUCKET_VIEWER]: [
     IAM_SCOPES.S3_LIST_BUCKET,
diff --git a/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx b/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx
index 98d929ad7b..f55990a589 100644
--- a/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx
+++ b/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx
@@ -278,7 +278,7 @@ const ListObjects = () => {
   ]);
   const canDelete = hasPermission(
     [pathAsResourceInPolicy, ...sessionGrantWildCards],
-    [IAM_SCOPES.S3_DELETE_OBJECT],
+    [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
   );
   const canUpload =
     hasPermission(
@@ -912,7 +912,7 @@ const ListObjects = () => {
       tooltip: canDelete
         ? "Delete Selected Files"
         : permissionTooltipHelper(
-            [IAM_SCOPES.S3_DELETE_OBJECT],
+            [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
             "delete objects in this bucket",
           ),
     },
diff --git a/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx b/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
index 52a222be00..335edb2400 100644
--- a/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
+++ b/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
@@ -352,7 +352,7 @@ const ObjectDetailPanel = ({
   ]);
   const canDelete = hasPermission(
     [bucketName, currentItem, [bucketName, actualInfo.name].join("/")],
-    [IAM_SCOPES.S3_DELETE_OBJECT],
+    [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
   );
 
   let objectType: AllowedPreviews = previewObjectType(metaData, currentItem);
@@ -649,7 +649,7 @@ const ObjectDetailPanel = ({
               canDelete
                 ? ""
                 : permissionTooltipHelper(
-                    [IAM_SCOPES.S3_DELETE_OBJECT],
+                    [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
                     "delete this object",
                   )
             }
@@ -665,7 +665,10 @@ const ObjectDetailPanel = ({
                   currentItem,
                   [bucketName, actualInfo.name].join("/"),
                 ]}
-                scopes={[IAM_SCOPES.S3_DELETE_OBJECT]}
+                scopes={[
+                  IAM_SCOPES.S3_DELETE_OBJECT,
+                  IAM_SCOPES.S3_DELETE_ACTIONS,
+                ]}
                 errorProps={{ disabled: true }}
               >
                 <Button
diff --git a/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ObjectDetails/TagsModal.tsx b/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ObjectDetails/TagsModal.tsx
index ad38da9780..c588d32211 100644
--- a/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ObjectDetails/TagsModal.tsx
+++ b/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ObjectDetails/TagsModal.tsx
@@ -232,7 +232,10 @@ const AddTagModal = ({
                         return (
                           <SecureComponent
                             key={`chip-${index}`}
-                            scopes={[IAM_SCOPES.S3_DELETE_OBJECT_TAGGING]}
+                            scopes={[
+                              IAM_SCOPES.S3_DELETE_OBJECT_TAGGING,
+                              IAM_SCOPES.S3_DELETE_ACTIONS,
+                            ]}
                             resource={bucketName}
                             errorProps={{
                               deleteIcon: null,
diff --git a/web-app/yarn.lock b/web-app/yarn.lock
index 8e7dd7553f..f0f5ed068d 100644
--- a/web-app/yarn.lock
+++ b/web-app/yarn.lock
@@ -3839,7 +3839,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@types/trusted-types@npm:^2.0.2":
+"@types/trusted-types@npm:^2.0.2, @types/trusted-types@npm:^2.0.7":
   version: 2.0.7
   resolution: "@types/trusted-types@npm:2.0.7"
   checksum: 10c0/4c4855f10de7c6c135e0d32ce462419d8abbbc33713b31d294596c0cc34ae1fa6112a2f9da729c8f7a20707782b0d69da3b1f8df6645b0366d08825ca1522e0c
@@ -7142,10 +7142,15 @@ __metadata:
   languageName: node
   linkType: hard
 
-"dompurify@npm:^2.5.4":
-  version: 2.5.7
-  resolution: "dompurify@npm:2.5.7"
-  checksum: 10c0/23c4f737182fcf3e731e458c3930ef4d2916191e4180e1e345f153124dfa7ec117d2810af1754e8854c581131fc75dac914a8391183d1511852ef32b4055f711
+"dompurify@npm:^3.2.4":
+  version: 3.2.4
+  resolution: "dompurify@npm:3.2.4"
+  dependencies:
+    "@types/trusted-types": "npm:^2.0.7"
+  dependenciesMeta:
+    "@types/trusted-types":
+      optional: true
+  checksum: 10c0/6be56810fb7ad2776155c8fc2967af5056783c030094362c7d0cf1ad13f2129cf922d8eefab528a34bdebfb98e2f44b306a983ab93aefb9d6f24c18a3d027a05
   languageName: node
   linkType: hard
 
@@ -11213,7 +11218,7 @@ __metadata:
     btoa: "npm:^1.2.1"
     canvg: "npm:^3.0.6"
     core-js: "npm:^3.6.0"
-    dompurify: "npm:^2.5.4"
+    dompurify: "npm:^3.2.4"
     fflate: "npm:^0.8.1"
     html2canvas: "npm:^1.0.0-rc.5"
   dependenciesMeta:

From f80bf3af9b106ee597bff1b7726d4e93da12c0f2 Mon Sep 17 00:00:00 2001
From: Allan Roger Reid <allanrogerreid@gmail.com>
Date: Wed, 19 Feb 2025 05:11:53 -0800
Subject: [PATCH 2/6] Upgrade dompurify to 3.2.4

---
 .github/workflows/jobs.yaml | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/jobs.yaml b/.github/workflows/jobs.yaml
index 3b5389453b..c5f86a3d49 100644
--- a/.github/workflows/jobs.yaml
+++ b/.github/workflows/jobs.yaml
@@ -3,12 +3,8 @@
 name: Workflow
 
 on:
-  pull_request:
-    branches:
-      - master
-  push:
-    branches:
-      - master
+  workflow_dispatch:
+
 
 # This ensures that previous jobs for the PR are canceled when the PR is
 # updated.

From be16cae9ae95d0de7d4733ae39c00c48f43fe111 Mon Sep 17 00:00:00 2001
From: Allan Roger Reid <allanrogerreid@gmail.com>
Date: Wed, 19 Feb 2025 05:51:52 -0800
Subject: [PATCH 3/6] Upgrade dompurify to 3.2.4

---
 .github/workflows/jobs.yaml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/jobs.yaml b/.github/workflows/jobs.yaml
index c5f86a3d49..004157abee 100644
--- a/.github/workflows/jobs.yaml
+++ b/.github/workflows/jobs.yaml
@@ -3,8 +3,12 @@
 name: Workflow
 
 on:
-  workflow_dispatch:
-
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
 
 # This ensures that previous jobs for the PR are canceled when the PR is
 # updated.
@@ -69,7 +73,7 @@ jobs:
         id: node_version
         run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
       - name: Enable Corepack
-        run: corepack enable
+        run: corepack enable && corepack prepare yarn@stable --activate
       - uses: actions/setup-node@v4
         with:
           node-version: ${{ env.NVMRC }}

From fbdcc0e30c2d481cc81605b799a7ad1103499896 Mon Sep 17 00:00:00 2001
From: Allan Roger Reid <allanrogerreid@gmail.com>
Date: Wed, 19 Feb 2025 05:56:55 -0800
Subject: [PATCH 4/6] Upgrade dompurify to 3.2.4

---
 .github/workflows/jobs.yaml | 2 +-
 web-app/package.json        | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/jobs.yaml b/.github/workflows/jobs.yaml
index 004157abee..3b5389453b 100644
--- a/.github/workflows/jobs.yaml
+++ b/.github/workflows/jobs.yaml
@@ -73,7 +73,7 @@ jobs:
         id: node_version
         run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
       - name: Enable Corepack
-        run: corepack enable && corepack prepare yarn@stable --activate
+        run: corepack enable
       - uses: actions/setup-node@v4
         with:
           node-version: ${{ env.NVMRC }}
diff --git a/web-app/package.json b/web-app/package.json
index 5217f9ad45..3d12dca894 100644
--- a/web-app/package.json
+++ b/web-app/package.json
@@ -28,7 +28,8 @@
     "recharts": "^2.12.7",
     "styled-components": "5.3.11",
     "superagent": "^9.0.2",
-    "tinycolor2": "^1.6.0"
+    "tinycolor2": "^1.6.0",
+    "dompurify": "^3.2.4"
   },
   "scripts": {
     "start": "PORT=5005 react-scripts start",

From 132f3a62d0993ee658ccf02b0cce12380ce3c2d8 Mon Sep 17 00:00:00 2001
From: Allan Roger Reid <allanrogerreid@gmail.com>
Date: Wed, 19 Feb 2025 05:57:23 -0800
Subject: [PATCH 5/6] Upgrade dompurify to 3.2.4

---
 web-app/package.json | 4 ++--
 web-app/yarn.lock    | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/web-app/package.json b/web-app/package.json
index 3d12dca894..7bf560e21f 100644
--- a/web-app/package.json
+++ b/web-app/package.json
@@ -7,6 +7,7 @@
   "dependencies": {
     "@reduxjs/toolkit": "^1.9.7",
     "clsx": "^2.1.1",
+    "dompurify": "^3.2.4",
     "http-status-codes": "^2.3.0",
     "kbar": "^0.1.0-beta.45",
     "local-storage-fallback": "^4.1.2",
@@ -28,8 +29,7 @@
     "recharts": "^2.12.7",
     "styled-components": "5.3.11",
     "superagent": "^9.0.2",
-    "tinycolor2": "^1.6.0",
-    "dompurify": "^3.2.4"
+    "tinycolor2": "^1.6.0"
   },
   "scripts": {
     "start": "PORT=5005 react-scripts start",
diff --git a/web-app/yarn.lock b/web-app/yarn.lock
index f0f5ed068d..baa5faa1aa 100644
--- a/web-app/yarn.lock
+++ b/web-app/yarn.lock
@@ -18221,6 +18221,7 @@ __metadata:
     babel-plugin-istanbul: "npm:^6.1.1"
     clsx: "npm:^2.1.1"
     customize-cra: "npm:^1.0.0"
+    dompurify: "npm:^3.2.4"
     http-status-codes: "npm:^2.3.0"
     kbar: "npm:^0.1.0-beta.45"
     knip: "npm:^5.27.2"

From 7968d1b61d169e983e903bef3b2934f72d415caa Mon Sep 17 00:00:00 2001
From: Allan Roger Reid <allanrogerreid@gmail.com>
Date: Wed, 19 Feb 2025 06:16:20 -0800
Subject: [PATCH 6/6] Upgrade dompurify to 3.2.4

---
 web-app/package.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web-app/package.json b/web-app/package.json
index 7bf560e21f..2b04906c70 100644
--- a/web-app/package.json
+++ b/web-app/package.json
@@ -79,6 +79,7 @@
     "@types/webpack-env": "^1.18.5",
     "babel-plugin-istanbul": "^6.1.1",
     "customize-cra": "^1.0.0",
+    "dompurify": "^3.2.4",
     "knip": "^5.27.2",
     "minio": "^8.0.1",
     "nyc": "^15.1.0",