Add the authenticated users URI as a Grantee URI to check (#1)

* Add the authenticated users URI as a Grantee URI to check
willh · May 2, 2018 · 4d92132 · 4d92132
1 parent ca269eb
commit 4d92132
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/index.js b/index.js
@@ -1,5 +1,6 @@
 const AWS = require("aws-sdk");
 const allUsersUri = "http://acs.amazonaws.com/groups/global/AllUsers";
+const authenticatedUsersUri = "http://acs.amazonaws.com/groups/global/AuthenticatedUsers";
 const snoozeTopic = process.env.snsTopicArn;
 
 exports.handler = (event, context) => {
@@ -21,7 +22,7 @@ exports.handler = (event, context) => {
         // Grant[0] is always owner, so we only need to check further if we have more than 1 grant
         if (grants.length > 1) {
             for (const grant of grants) {
-                if (grant.Grantee.URI && grant.Grantee.URI == allUsersUri) {
+                if (grant.Grantee.URI && (grant.Grantee.URI == allUsersUri || grant.Grantee.URI == authenticatedUsersUri)) {
                     if (grant.Permission == "READ") {
                         publicPermissions.push("read");
                     } else {
@@ -84,4 +85,4 @@ function getUserDetails(event) {
     }
 
     return userDetails;
-}
+}