rgw: get or set realm zonegroup zone need check user's caps

fix: https://tracker.ceph.com/issues/37352

Signed-off-by: yuliyang <yuliyang@cmss.chinamobile.com>

diff --git a/src/rgw/rgw_rest_config.h b/src/rgw/rgw_rest_config.h
index bff5d45feb04ec5e231dc26d8fd94aec3f3925f7..d4539eb5eaee145d6d046320cd102aeee82b2022 100644 (file)
--- a/src/rgw/rgw_rest_config.h
+++ b/src/rgw/rgw_rest_config.h
@@ -24,8 +24,11 @@ public:
   explicit RGWOp_ZoneGroupMap_Get(bool _old_format):old_format(_old_format) {}
   ~RGWOp_ZoneGroupMap_Get() override {}
 
+  int check_caps(RGWUserCaps& caps) override {
+    return caps.check_cap("zone", RGW_CAP_READ);
+  }
   int verify_permission() override {
-    return 0; 
+    return check_caps(s->user->caps);
   }
   void execute() override;
   void send_response() override;
@@ -44,7 +47,7 @@ public:
   RGWOp_ZoneConfig_Get() {}
 
   int check_caps(RGWUserCaps& caps) override {
-    return caps.check_cap("admin", RGW_CAP_READ);
+    return caps.check_cap("zone", RGW_CAP_READ);
   }
   int verify_permission() override {
     return check_caps(s->user->caps);

diff --git a/src/rgw/rgw_rest_realm.cc b/src/rgw/rgw_rest_realm.cc
index 293599a417490725c523917bd7405f445460c144..31a7c13c42ff73ccc45435553c5783c45dc08263 100644 (file)
--- a/src/rgw/rgw_rest_realm.cc
+++ b/src/rgw/rgw_rest_realm.cc
@@ -50,6 +50,12 @@ void RGWOp_Period_Base::send_response()
 class RGWOp_Period_Get : public RGWOp_Period_Base {
  public:
   void execute() override;
+  int check_caps(RGWUserCaps& caps) override {
+    return caps.check_cap("zone", RGW_CAP_READ);
+  }
+  int verify_permission() override {
+    return check_caps(s->user->caps);
+  }
   const char* name() const override { return "get_period"; }
 };
 
@@ -74,6 +80,12 @@ void RGWOp_Period_Get::execute()
 class RGWOp_Period_Post : public RGWOp_Period_Base {
  public:
   void execute() override;
+  int check_caps(RGWUserCaps& caps) override {
+    return caps.check_cap("zone", RGW_CAP_WRITE);
+  }
+  int verify_permission() override {
+    return check_caps(s->user->caps);
+  }
   const char* name() const override { return "post_period"; }
 };
 
@@ -243,7 +255,12 @@ class RGWRESTMgr_Period : public RGWRESTMgr {
 class RGWOp_Realm_Get : public RGWRESTOp {
   std::unique_ptr<RGWRealm> realm;
 public:
-  int verify_permission() override { return 0; }
+  int check_caps(RGWUserCaps& caps) override {
+    return caps.check_cap("zone", RGW_CAP_READ);
+  }
+  int verify_permission() override {
+    return check_caps(s->user->caps);
+  }
   void execute() override;
   void send_response() override;
   const char* name() const override { return "get_realm"; }