rgw/auth: replace uses of verify_bucket_owner_or_policy()
all of the s3 actions that we call verify_bucket_owner_or_policy() for
are already covered by rgw::IAM::op_to_perm(), which maps actions to
acl permissions like RGW_PERM_READ, RGW_PERM_WRITE_ACP etc
that means we can call verify_bucket_permission() as most other bucket
ops do, and rely on its call to verify_bucket_permission_no_policy() to
find the owner's acl grant
i also hadn't implemented the cross-account rules for
verify_bucket_owner_or_policy() yet, and didn't want to
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit
b021d0f2f133da6ac9e5972b481094d86802e979)
projects / ceph-ci.git / commit