return set_cr_error(retcode);
}
- if (!dest_bucket_perms.verify_bucket_permission(dest_key.value_or(key), rgw::IAM::s3PutObject)) {
+ if (!dest_bucket_perms.verify_bucket_permission(dest_key.value_or(key), rgw::IAM::s3ReplicateObject)) {
ldout(cct, 0) << "ERROR: " << __func__ << ": permission check failed: user not allowed to write into bucket (bucket=" << sync_pipe.info.dest_bucket.get_key() << ")" << dendl;
return set_cr_error(-EPERM);
}
{ "s3:RestoreObject", s3RestoreObject },
{ "s3:DescribeJob", s3DescribeJob },
{ "s3:ReplicateDelete", s3ReplicateDelete },
+ { "s3:ReplicateObject", s3ReplicateObject },
{ "s3-object-lambda:GetObject", s3objectlambdaGetObject },
{ "s3-object-lambda:ListBucket", s3objectlambdaListBucket },
{ "iam:PutUserPolicy", iamPutUserPolicy },
case s3ReplicateDelete:
return "s3:ReplicateDelete";
+ case s3ReplicateObject:
+ return "s3:ReplicateObject";
+
case s3objectlambdaGetObject:
return "s3-object-lambda:GetObject";
s3GetObjectAttributes,
s3GetObjectVersionAttributes,
s3ReplicateDelete,
+ s3ReplicateObject,
s3All,
s3objectlambdaGetObject,
case s3PutObjectLegalHold:
case s3BypassGovernanceRetention:
case s3ReplicateDelete:
+ case s3ReplicateObject:
return RGW_PERM_WRITE;
case s3GetAccelerateConfiguration: