rgw: get or set realm zonegroup zone need check user's caps

fix: https://tracker.ceph.com/issues/37352

Signed-off-by: yuliyang <yuliyang@cmss.chinamobile.com>
(cherry picked from commit 6ecaec926fb81810f6be43744cd5c48d6ccfaf5a)

Conflicts:
	src/rgw/rgw_rest_config.h
	src/rgw/rgw_rest_realm.cc
- mimic lacks "override" in some places

diff --git a/src/rgw/rgw_rest_config.h b/src/rgw/rgw_rest_config.h
index 5751f8b0687fe4d5567928584d6a484766f99b52..ecac93ae5c89661144ff4adc047976d282e2bc20 100644 (file)
--- a/src/rgw/rgw_rest_config.h
+++ b/src/rgw/rgw_rest_config.h
@@ -22,8 +22,11 @@ public:
   RGWOp_ZoneGroupMap_Get(bool _old_format):old_format(_old_format) {}
   ~RGWOp_ZoneGroupMap_Get() override {}
 
+  int check_caps(RGWUserCaps& caps) override {
+    return caps.check_cap("zone", RGW_CAP_READ);
+  }
   int verify_permission() override {
-    return 0; 
+    return check_caps(s->user->caps);
   }
   void execute() override;
   void send_response() override;
@@ -42,7 +45,7 @@ public:
   RGWOp_ZoneConfig_Get() {}
 
   int check_caps(RGWUserCaps& caps) {
-    return caps.check_cap("admin", RGW_CAP_READ);
+    return caps.check_cap("zone", RGW_CAP_READ);
   }
   int verify_permission() {
     return check_caps(s->user->caps);

diff --git a/src/rgw/rgw_rest_realm.cc b/src/rgw/rgw_rest_realm.cc
index 7289d1389526ae8ac82ec65ecfc40f6039909ae8..a97aaf5252664ec055046e012c75b26664381108 100644 (file)
--- a/src/rgw/rgw_rest_realm.cc
+++ b/src/rgw/rgw_rest_realm.cc
@@ -47,6 +47,12 @@ void RGWOp_Period_Base::send_response()
 class RGWOp_Period_Get : public RGWOp_Period_Base {
  public:
   void execute() override;
+  int check_caps(RGWUserCaps& caps) override {
+    return caps.check_cap("zone", RGW_CAP_READ);
+  }
+  int verify_permission() override {
+    return check_caps(s->user->caps);
+  }
   const string name() override { return "get_period"; }
 };
 
@@ -71,6 +77,12 @@ void RGWOp_Period_Get::execute()
 class RGWOp_Period_Post : public RGWOp_Period_Base {
  public:
   void execute() override;
+  int check_caps(RGWUserCaps& caps) override {
+    return caps.check_cap("zone", RGW_CAP_WRITE);
+  }
+  int verify_permission() override {
+    return check_caps(s->user->caps);
+  }
   const string name() override { return "post_period"; }
 };
 
@@ -240,7 +252,12 @@ class RGWRESTMgr_Period : public RGWRESTMgr {
 class RGWOp_Realm_Get : public RGWRESTOp {
   std::unique_ptr<RGWRealm> realm;
 public:
-  int verify_permission() override { return 0; }
+  int check_caps(RGWUserCaps& caps) override {
+    return caps.check_cap("zone", RGW_CAP_READ);
+  }
+  int verify_permission() override {
+    return check_caps(s->user->caps);
+  }
   void execute() override;
   void send_response() override;
   const string name() override { return "get_realm"; }