]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commitdiff
projects / ceph.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9507d38)
rgw: fix RGWDeleteMultiObj::verify_permission
authorMark Houghton <mhoughton@microfocus.com>
Tue, 3 Nov 2020 11:10:04 +0000 (11:10 +0000)
committerMykola Golub <mgolub@suse.com>
Tue, 27 Apr 2021 10:03:12 +0000 (13:03 +0300)
Signed-off-by: Mark Houghton <mhoughton@microfocus.com>
(cherry picked from commit ba23750bea89a0e9818887abe62db0efef02fe3a)

Conflicts:
src/rgw/rgw_op.cc:
          s->object.empty() vs rgw::sal::RGWObject::empty(s->object.get())
          s->object.instance.empty() vs s->object->get_instance().empty()

src/rgw/rgw_op.cc patch | blob | history

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 78e35339c8a16b6c7ebe5f12d97ba2920badc1fc..2996a461bf6227f8040bb2101df267f2078907be 100644 (file)
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -6469,6 +6469,11 @@ void RGWGetHealthCheck::execute()
 
 int RGWDeleteMultiObj::verify_permission()
 {
+  int op_ret = get_params();
+  if (op_ret) {
+    return op_ret;
+  }
+
   if (s->iam_policy || ! s->iam_user_policies.empty()) {
     if (s->bucket_info.obj_lock_enabled() && bypass_governance_mode) {
       auto r = eval_user_policies(s->iam_user_policies, s->env, boost::none,
@@ -6483,9 +6488,12 @@ int RGWDeleteMultiObj::verify_permission()
         }
       }
     }
+
+    bool empty = s->object.empty() || s->object.instance.empty();
+
     auto usr_policy_res = eval_user_policies(s->iam_user_policies, s->env,
                                               boost::none,
-                                              s->object.instance.empty() ?
+                                              empty ?
                                               rgw::IAM::s3DeleteObject :
                                               rgw::IAM::s3DeleteObjectVersion,
                                               ARN(s->bucket));
@@ -6496,7 +6504,7 @@ int RGWDeleteMultiObj::verify_permission()
     rgw::IAM::Effect r = Effect::Pass;
     if (s->iam_policy) {
       r = s->iam_policy->eval(s->env, *s->auth.identity,
-                                s->object.instance.empty() ?
+                                empty ?
                                 rgw::IAM::s3DeleteObject :
                                 rgw::IAM::s3DeleteObjectVersion,
                                 ARN(s->bucket));
@@ -6529,11 +6537,6 @@ void RGWDeleteMultiObj::execute()
   RGWObjectCtx *obj_ctx = static_cast<RGWObjectCtx *>(s->obj_ctx);
   char* buf;
 
-  op_ret = get_params();
-  if (op_ret < 0) {
-    goto error;
-  }
-
   buf = data.c_str();
   if (!buf) {
     op_ret = -EINVAL;
Unnamed repository; edit this file 'description' to name the repository.