Console weird behaviour for user under restricted policy

[masciugo]

Expected Behavior

Console should not show not existing objects

Current Behavior

I defined a policy that allows access only to a specific path in the bucket

After that, I assigned a user that policy and then I tried to verify the access by using mc command line util. Everything is coherent with the policy: I cannot access any home folders other than Davide one.

When I login with the same user into the MINIO console even if I cannot access objects out of his scope policy I see unexpected objects

Steps to Reproduce (for bugs)

I create a my-company bucket and then a policy copying it verbatim from here

this is the mc output

while this is what I see in console

Your Environment

• Version used (minio --version): RELEASE.2023-03-24T21-41-23Z (go1.19.7 linux/amd64)
• Server setup and configuration:
• Operating System and version (uname -a): Linux srvcosr012 4.9.0-2-amd64 minio/minio#1 SMP Debian 4.9.18-1 (2017-03-30) x86_64 GNU/Linux

[harshavardhana]

The UI is trying to populate the prefix via policy lookup.

However it is not resetting itself correctly, in other UI elements.

[dvaldivia]

yep, this looks like an object browser bug, will look into it