rgw: Policy: add support for PutObject with grants conditionals

Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index efa06d00ad7f2bbd2b1224ed140b5bc01842a0bd..f054e461bf394e57913183eb5d907ca24eb72074 100644 (file)
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -3045,10 +3045,6 @@ int RGWPutObj::verify_permission()
       return -EACCES;
     }
 
-    rgw_add_to_iam_environment(s->env, "s3:x-amz-copy-source", copy_source);
-    rgw_add_to_iam_environment(s->env, "s3:x-amz-metadata-directive", copy_source);
-
-    rgw_add_grant_to_iam_environment(s->env, s);
     /* admin request overrides permission checks */
     if (! s->auth.identity->is_admin_of(cs_acl.get_owner().get_id())) {
       if (policy) {
@@ -3071,7 +3067,6 @@ int RGWPutObj::verify_permission()
     }
   }
 
-
   auto op_ret = get_params();
   if (op_ret < 0) {
     ldout(s->cct, 20) << "get_params() returned ret=" << op_ret << dendl;
@@ -3079,6 +3074,8 @@ int RGWPutObj::verify_permission()
   }
 
   if (s->iam_policy) {
+    rgw_add_grant_to_iam_environment(s->env, s);
+
     if (!s->canned_acl.empty()){
       rgw_add_to_iam_environment(s->env, "s3:x-amz-acl", s->canned_acl);
     }