]> git.apps.os.sepia.ceph.com Git - ceph.git/commit
projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 731bdbc) | patch
rgw/auth: replace uses of verify_bucket_owner_or_policy()
authorCasey Bodley <cbodley@redhat.com>
Wed, 21 Feb 2024 23:51:44 +0000 (18:51 -0500)
committerCasey Bodley <cbodley@redhat.com>
Wed, 10 Apr 2024 17:09:16 +0000 (13:09 -0400)
commitb021d0f2f133da6ac9e5972b481094d86802e979
treebd37e9b4fe337aa7081031a420ba6aa7b1be374ctree | snapshot
parent731bdbc150967bf77a6649d084f0e9a74e6df65bcommit | diff
rgw/auth: replace uses of verify_bucket_owner_or_policy()

all of the s3 actions that we call verify_bucket_owner_or_policy() for
are already covered by rgw::IAM::op_to_perm(), which maps actions to
acl permissions like RGW_PERM_READ, RGW_PERM_WRITE_ACP etc

that means we can call verify_bucket_permission() as most other bucket
ops do, and rely on its call to verify_bucket_permission_no_policy() to
find the owner's acl grant

i also hadn't implemented the cross-account rules for
verify_bucket_owner_or_policy() yet, and didn't want to

Signed-off-by: Casey Bodley <cbodley@redhat.com>
src/rgw/rgw_common.cc diff | blob | history
src/rgw/rgw_common.h diff | blob | history
src/rgw/rgw_op.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.