users to work with Roles.
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
"bilog",
"mdlog",
"datalog",
- "opstate" };
+ "opstate",
+ "roles"};
for (unsigned int i = 0; i < sizeof(cap_type) / sizeof(char *); ++i) {
if (tp.compare(cap_type[i]) == 0) {
end_header(s);
}
-int RGWRoleRead::verify_permission()
+int RGWRestRole::verify_permission()
{
- if (s->auth.identity->is_anonymous()) {
- return -EACCES;
- }
-
- if (!verify_user_permission(s, RGW_PERM_READ)) {
- return -EACCES;
- }
-
- return 0;
+ int ret = check_caps(s->user->caps);
+ ldout(s->cct, 0) << "INFO: verify_permissions ret" << ret << dendl;
+ return ret;
}
-int RGWRoleWrite::verify_permission()
+int RGWRoleRead::check_caps(RGWUserCaps& caps)
{
- if (s->auth.identity->is_anonymous()) {
- return -EACCES;
- }
-
- if (!verify_user_permission(s, RGW_PERM_WRITE)) {
- return -EACCES;
- }
+ return caps.check_cap("roles", RGW_CAP_READ);
+}
- return 0;
+int RGWRoleWrite::check_caps(RGWUserCaps& caps)
+{
+ return caps.check_cap("roles", RGW_CAP_WRITE);
}
int RGWCreateRole::get_params()
#ifndef CEPH_RGW_REST_ROLE_H
#define CEPH_RGW_REST_ROLE_H
-class RGWRestRole : public RGWOp {
+class RGWRestRole : public RGWRESTOp {
protected:
string role_name;
string role_path;
string path_prefix;
public:
+ int verify_permission() override;
void send_response() override;
};
class RGWRoleRead : public RGWRestRole {
public:
RGWRoleRead() = default;
- int verify_permission() override;
- uint32_t op_mask() override { return RGW_OP_TYPE_READ; }
+ int check_caps(RGWUserCaps& caps) override;
};
class RGWRoleWrite : public RGWRestRole {
public:
RGWRoleWrite() = default;
- int verify_permission() override;
- uint32_t op_mask() override { return RGW_OP_TYPE_WRITE; }
+ int check_caps(RGWUserCaps& caps) override;
};
class RGWCreateRole : public RGWRoleWrite {
projects / ceph.git / commitdiff