_s->auth.identity.get(),
_s->bucket_info,
_s->perm_mask,
- _s->defer_to_bucket_acls), s(_s) {}
+ _s->defer_to_bucket_acls,
+ _s->bucket_access_conf),
+ s(_s) {}
std::optional<bool> get_request_payer() const override {
const char *request_payer = s->info.env->get("HTTP_X_AMZ_REQUEST_PAYER");
if (!request_payer) {
if ((perm & (int)s->perm_mask) != perm)
return false;
- if (bucket_acl->verify_permission(dpp, *s->auth.identity, perm, perm,
- s->info.env->get("HTTP_REFERER"),
+ if (bucket_acl->verify_permission(dpp, *s->identity, perm, perm,
+ s->get_referer(),
s->bucket_access_conf &&
s->bucket_access_conf->ignore_public_acls()))
return true;
return false;
}
- bool ret = object_acl->verify_permission(dpp, *s->auth.identity, s->perm_mask, perm,
+ bool ret = object_acl->verify_permission(dpp, *s->identity, s->perm_mask, perm,
nullptr, /* http_referrer */
s->bucket_access_conf &&
s->bucket_access_conf->ignore_public_acls());
return false;
}
- bool ret = object_acl->verify_permission(dpp, *s->auth.identity, s->perm_mask, perm,
+ bool ret = object_acl->verify_permission(dpp, *s->identity, s->perm_mask, perm,
nullptr, /* http referrer */
s->bucket_access_conf &&
s->bucket_access_conf->ignore_public_acls());
const RGWBucketInfo& bucket_info;
int perm_mask;
bool defer_to_bucket_acls;
+ boost::optional<PublicAccessBlockConfiguration> bucket_access_conf;
perm_state_base(CephContext *_cct,
const rgw::IAM::Environment& _env,
rgw::auth::Identity *_identity,
const RGWBucketInfo& _bucket_info,
int _perm_mask,
- bool _defer_to_bucket_acls) : cct(_cct),
+ bool _defer_to_bucket_acls,
+ boost::optional<PublicAccessBlockConfiguration> _bucket_acess_conf = boost::none) :
+ cct(_cct),
env(_env),
identity(_identity),
bucket_info(_bucket_info),
perm_mask(_perm_mask),
- defer_to_bucket_acls(_defer_to_bucket_acls) {}
+ defer_to_bucket_acls(_defer_to_bucket_acls),
+ bucket_access_conf(_bucket_acess_conf)
+ {}
+
virtual ~perm_state_base() {}
virtual const char *get_referer() const = 0;
projects / ceph-ci.git / commitdiff