rgw: check appropriate entity permission on put_metadata

Fixes: #8428
Backport: firefly

Cannot use verify_object_permission() to test acls, as the operation
here might either be on object or on bucket.

Signed-off-by: Yehuda Sadeh <yehuda@inktank.com>
(cherry picked from commit 2ceb13af34bc38b418bb88d81131d770a71159bf)

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 53a72ef37b7d7b1aedb5529c6d312df3a930a6b0..26f587d0f15a64a2d5bfe57faba62b0597260204 100644 (file)
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -1843,8 +1843,13 @@ done:
 
 int RGWPutMetadata::verify_permission()
 {
-  if (!verify_object_permission(s, RGW_PERM_WRITE))
-    return -EACCES;
+  if (s->object) {
+    if (!verify_object_permission(s, RGW_PERM_WRITE))
+      return -EACCES;
+  } else {
+    if (!verify_bucket_permission(s, RGW_PERM_WRITE))
+      return -EACCES;
+  }
 
   return 0;
 }