radosgw: first authorize user then try to read the acls

can't read acls if user wasn't authorized yet.

diff --git a/src/rgw/rgw_main.cc b/src/rgw/rgw_main.cc
index 2ff8fb1abae1ceb6e05cc5be7c93b406b1c18e38..25551a9fc788b24e0d6b736d9b6c496b1f08b50d 100644 (file)
--- a/src/rgw/rgw_main.cc
+++ b/src/rgw/rgw_main.cc
@@ -82,8 +82,15 @@ int main(int argc, char *argv[])
   {
     RGWHandler *handler = RGWHandler_REST::init_handler(&s, &fcgx);
     RGWOp *op;
+    int ret;
     
-    int ret = read_acls(&s);
+    if (!handler->authorize(&s)) {
+      RGW_LOG(10) << "failed to authorize request" << endl;
+      abort_early(&s, -EPERM);
+      goto done;
+    }
+
+    ret = read_acls(&s);
     if (ret < 0) {
       switch (ret) {
       case -ENOENT:
@@ -94,12 +101,6 @@ int main(int argc, char *argv[])
         goto done;
       }
     }
-    if (!handler->authorize(&s)) {
-      RGW_LOG(10) << "failed to authorize request" << endl;
-      abort_early(&s, -EPERM);
-      goto done;
-    }
-
     ret = handler->read_permissions();
     if (ret < 0) {
       abort_early(&s, ret);

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 662b7817ad5063047e7b4cf79730ffde1b173acb..faf5abe6702f166480e36ffeac5ee2c7bffff1f4 100644 (file)
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -746,6 +746,7 @@ void RGWHandler::init_state(struct req_state *s, struct fcgx_state *fcgx)
   s->os_user = NULL;
   s->os_groups = NULL;
   s->time = g_clock.now();
+  s->user.clear();
 }
 
 int RGWHandler::do_read_permissions(bool only_bucket)