switch (type.get_type()) {
case ACL_TYPE_REFERER:
referer_list.emplace_back(grant->get_referer(), perm.get_permissions());
+
+ /* We're specially handling the Swift's .r:* as the S3 API has a similar
+ * concept and thus we can have a small portion of compatibility here. */
+ if (grant->get_referer() == RGW_REFERER_WILDCARD) {
+ acl_group_map[ACL_GROUP_ALL_USERS] |= perm.get_permissions();
+ }
break;
case ACL_TYPE_GROUP:
acl_group_map[grant->get_group()] |= perm.get_permissions();
#define RGW_PERM_ALL_S3 RGW_PERM_FULL_CONTROL
#define RGW_PERM_INVALID 0xFF00
+static constexpr char RGW_REFERER_WILDCARD[] = "*";
+
enum ACLGranteeTypeEnum {
/* numbers are encoded, should not change */
ACL_TYPE_CANON_USER = 0,
return false;
}
+ if ("*" == url_spec) {
+ return true;
+ }
+
if (http_host->compare(url_spec) == 0) {
return true;
}
is_negative = false;
}
- /* We're specially handling the .r:* as the S3 API has a similar concept
- * and thus we can have a small portion of compatibility here. */
- if (url_spec == "*") {
- grant.set_group(ACL_GROUP_ALL_USERS, is_negative ? 0 : perm);
- } else {
+ if (url_spec != RGW_REFERER_WILDCARD) {
if ('*' == url_spec[0]) {
url_spec = url_spec.substr(1);
boost::algorithm::trim(url_spec);
if (url_spec.empty() || url_spec == ".") {
return boost::none;
}
-
- grant.set_referer(url_spec, is_negative ? 0 : perm);
+ } else {
+ /* Please be aware we're specially handling the .r:* in _add_grant()
+ * of RGWAccessControlList as the S3 API has a similar concept, and
+ * thus we can have a small portion of compatibility. */
}
+ grant.set_referer(url_spec, is_negative ? 0 : perm);
return grant;
} catch (std::out_of_range) {
return boost::none;
projects / ceph.git / commitdiff