//Create a grant and add grant
ACLGrant grant;
grant.set_canon(new_user.get_id(), new_user.get_display_name(), RGW_PERM_FULL_CONTROL);
- acl.add_grant(&grant);
+ acl.add_grant(grant);
//Update the ACL owner to the new user
owner.id = new_user.get_id();
return !(lhs == rhs);
}
-void RGWAccessControlList::_add_grant(ACLGrant *grant)
+void RGWAccessControlList::register_grant(const ACLGrant& grant)
{
- ACLPermission& perm = grant->get_permission();
- ACLGranteeType& type = grant->get_type();
+ ACLPermission perm = grant.get_permission();
+ ACLGranteeType type = grant.get_type();
switch (type.get_type()) {
case ACL_TYPE_REFERER:
- referer_list.emplace_back(grant->get_referer(), perm.get_permissions());
+ referer_list.emplace_back(grant.get_referer(), perm.get_permissions());
/* We're specially handling the Swift's .r:* as the S3 API has a similar
* concept and thus we can have a small portion of compatibility here. */
- if (grant->get_referer() == RGW_REFERER_WILDCARD) {
+ if (grant.get_referer() == RGW_REFERER_WILDCARD) {
acl_group_map[ACL_GROUP_ALL_USERS] |= perm.get_permissions();
}
break;
case ACL_TYPE_GROUP:
- acl_group_map[grant->get_group()] |= perm.get_permissions();
+ acl_group_map[grant.get_group()] |= perm.get_permissions();
break;
default:
{
rgw_user id;
- grant->get_id(id);
+ grant.get_id(id);
acl_user_map[id.to_str()] |= perm.get_permissions();
}
}
}
-void RGWAccessControlList::add_grant(ACLGrant *grant)
+void RGWAccessControlList::add_grant(const ACLGrant& grant)
{
rgw_user id;
- grant->get_id(id); // not that this will return false for groups, but that's ok, we won't search groups
- grant_map.insert(pair<string, ACLGrant>(id.to_str(), *grant));
- _add_grant(grant);
+ grant.get_id(id); // note that this will return false for groups, but that's ok, we won't search groups
+ grant_map.emplace(id.to_str(), grant);
+ register_grant(grant);
}
void RGWAccessControlList::remove_canon_user_grant(rgw_user& user_id)
{
RGWAccessControlList *acl = new RGWAccessControlList;
- list<ACLGrant *> glist;
- list<ACLGrant *>::iterator iter;
-
- ACLGrant::generate_test_instances(glist);
- for (iter = glist.begin(); iter != glist.end(); ++iter) {
- ACLGrant *grant = *iter;
- acl->add_grant(grant);
-
+ list<ACLGrant *> grants;
+ ACLGrant::generate_test_instances(grants);
+ for (ACLGrant* grant : grants) {
+ acl->add_grant(*grant);
delete grant;
}
o.push_back(acl);
}
}
- ACLGranteeType& get_type() { return type; }
- const ACLGranteeType& get_type() const { return type; }
- ACLPermission& get_permission() { return permission; }
- const ACLPermission& get_permission() const { return permission; }
+ ACLGranteeType get_type() const { return type; }
+ ACLPermission get_permission() const { return permission; }
ACLGroupTypeEnum get_group() const { return group; }
const std::string& get_referer() const { return url_spec; }
std::map<uint32_t, int> acl_group_map;
std::list<ACLReferer> referer_list;
ACLGrantMap grant_map;
- void _add_grant(ACLGrant *grant);
+ // register a grant in the correspoding acl_user/group_map
+ void register_grant(const ACLGrant& grant);
public:
uint32_t get_perm(const DoutPrefixProvider* dpp,
const rgw::auth::Identity& auth_identity,
if (struct_v >= 2) {
decode(acl_group_map, bl);
} else if (!maps_initialized) {
- ACLGrantMap::iterator iter;
- for (iter = grant_map.begin(); iter != grant_map.end(); ++iter) {
- ACLGrant& grant = iter->second;
- _add_grant(&grant);
+ // register everything in the grant_map
+ for (const auto& [id, grant] : grant_map) {
+ register_grant(grant);
}
}
if (struct_v >= 4) {
void dump(Formatter *f) const;
static void generate_test_instances(std::list<RGWAccessControlList*>& o);
- void add_grant(ACLGrant *grant);
+ void add_grant(const ACLGrant& grant);
void remove_canon_user_grant(rgw_user& user_id);
ACLGrantMap& get_grant_map() { return grant_map; }
ACLGrant grant;
grant.set_canon(id, name, RGW_PERM_FULL_CONTROL);
- add_grant(&grant);
+ add_grant(grant);
}
friend bool operator==(const RGWAccessControlList& lhs, const RGWAccessControlList& rhs);
class ACLGranteeType_S3 {
public:
- static const char *to_string(ACLGranteeType& type) {
+ static const char *to_string(ACLGranteeType type) {
switch (type.get_type()) {
case ACL_TYPE_CANON_USER:
return "CanonicalUser";
XMLObjIter iter = find("Grant");
ACLGrant_S3 *grant = static_cast<ACLGrant_S3 *>(iter.get_next());
while (grant) {
- add_grant(grant);
+ add_grant(*grant);
grant = static_cast<ACLGrant_S3 *>(iter.get_next());
}
return true;
/* owner gets full control */
owner_grant.set_canon(owner.id, owner.display_name, RGW_PERM_FULL_CONTROL);
- add_grant(&owner_grant);
+ add_grant(owner_grant);
if (canned_acl.size() == 0 || canned_acl.compare("private") == 0) {
return 0;
ACLGrant group_grant;
if (canned_acl.compare("public-read") == 0) {
group_grant.set_group(ACL_GROUP_ALL_USERS, RGW_PERM_READ);
- add_grant(&group_grant);
+ add_grant(group_grant);
} else if (canned_acl.compare("public-read-write") == 0) {
group_grant.set_group(ACL_GROUP_ALL_USERS, RGW_PERM_READ);
- add_grant(&group_grant);
+ add_grant(group_grant);
group_grant.set_group(ACL_GROUP_ALL_USERS, RGW_PERM_WRITE);
- add_grant(&group_grant);
+ add_grant(group_grant);
} else if (canned_acl.compare("authenticated-read") == 0) {
group_grant.set_group(ACL_GROUP_AUTHENTICATED_USERS, RGW_PERM_READ);
- add_grant(&group_grant);
+ add_grant(group_grant);
} else if (canned_acl.compare("bucket-owner-read") == 0) {
bucket_owner_grant.set_canon(bid, bname, RGW_PERM_READ);
if (bid != owner.id) {
- add_grant(&bucket_owner_grant);
+ add_grant(bucket_owner_grant);
}
} else if (canned_acl.compare("bucket-owner-full-control") == 0) {
bucket_owner_grant.set_canon(bid, bname, RGW_PERM_FULL_CONTROL);
if (bid != owner.id) {
- add_grant(&bucket_owner_grant);
+ add_grant(bucket_owner_grant);
}
} else {
return -EINVAL;
acl_user_map.clear();
grant_map.clear();
- for (std::list<ACLGrant>::iterator it = grants.begin(); it != grants.end(); ++it) {
- ACLGrant g = *it;
- add_grant(&g);
+ for (const auto& g : grants) {
+ add_grant(g);
}
return 0;
multimap<string, ACLGrant>::iterator iter;
for (iter = grant_map.begin(); iter != grant_map.end(); ++iter) {
ACLGrant& src_grant = iter->second;
- ACLGranteeType& type = src_grant.get_type();
+ ACLGranteeType type = src_grant.get_type();
ACLGrant new_grant;
bool grant_ok = false;
rgw_user uid;
grant_user = user->get_info();
}
}
- ACLPermission& perm = src_grant.get_permission();
+ ACLPermission perm = src_grant.get_permission();
new_grant.set_canon(uid, grant_user.display_name, perm.get_permissions());
grant_ok = true;
rgw_user new_id;
break;
}
if (grant_ok) {
- dst_acl.add_grant(&new_grant);
+ dst_acl.add_grant(new_grant);
}
}
}
if (grant) {
- acl.add_grant(&*grant);
+ acl.add_grant(*grant);
} else {
return -EINVAL;
}
}
}
if (perm & rw_mask) {
- acl.add_grant(&grant);
+ acl.add_grant(grant);
}
}
}
if (uid_is_public(uid)) {
grant.set_group(ACL_GROUP_ALL_USERS, perm);
- acl.add_grant(&grant);
+ acl.add_grant(grant);
} else {
std::unique_ptr<rgw::sal::User> user = driver->get_user(rgw_user(uid));
ldpp_dout(dpp, 10) << "grant user does not exist:" << uid << dendl;
/* skipping silently */
grant.set_canon(user->get_id(), std::string(), perm);
- acl.add_grant(&grant);
+ acl.add_grant(grant);
} else {
grant.set_canon(user->get_id(), user->get_display_name(), perm);
- acl.add_grant(&grant);
+ acl.add_grant(grant);
}
}
}
delete out_cb;
}
-static void grants_by_type_add_one_grant(map<int, string>& grants_by_type, int perm, ACLGrant& grant)
+static void grants_by_type_add_one_grant(map<int, string>& grants_by_type, int perm, const ACLGrant& grant)
{
string& s = grants_by_type[perm];
s.append(", ");
string id_type_str;
- ACLGranteeType& type = grant.get_type();
+ ACLGranteeType type = grant.get_type();
switch (type.get_type()) {
case ACL_TYPE_GROUP:
id_type_str = "uri";
{ 0, NULL}
};
-static bool grants_by_type_check_perm(map<int, string>& grants_by_type, int perm, ACLGrant& grant, int check_perm)
+static bool grants_by_type_check_perm(map<int, string>& grants_by_type, int perm, const ACLGrant& grant, int check_perm)
{
if ((perm & check_perm) == check_perm) {
grants_by_type_add_one_grant(grants_by_type, check_perm, grant);
return false;
}
-static void grants_by_type_add_perm(map<int, string>& grants_by_type, int perm, ACLGrant& grant)
+static void grants_by_type_add_perm(map<int, string>& grants_by_type, int perm, const ACLGrant& grant)
{
struct grant_type_to_header *t;
}
}
-void RGWRESTGenerateHTTPHeaders::set_policy(RGWAccessControlPolicy& policy)
+void RGWRESTGenerateHTTPHeaders::set_policy(const RGWAccessControlPolicy& policy)
{
/* update acl headers */
- RGWAccessControlList& acl = policy.get_acl();
- multimap<string, ACLGrant>& grant_map = acl.get_grant_map();
- multimap<string, ACLGrant>::iterator giter;
+ const RGWAccessControlList& acl = policy.get_acl();
map<int, string> grants_by_type;
- for (giter = grant_map.begin(); giter != grant_map.end(); ++giter) {
- ACLGrant& grant = giter->second;
- ACLPermission& perm = grant.get_permission();
+ for (const auto& [id, grant] : acl.get_grant_map()) {
+ ACLPermission perm = grant.get_permission();
grants_by_type_add_perm(grants_by_type, perm.get_permissions(), grant);
}
add_grants_headers(grants_by_type, *new_env, new_info->x_meta_map);
void set_extra_headers(const std::map<std::string, std::string>& extra_headers);
int set_obj_attrs(const DoutPrefixProvider *dpp, std::map<std::string, bufferlist>& rgw_attrs);
void set_http_attrs(const std::map<std::string, std::string>& http_attrs);
- void set_policy(RGWAccessControlPolicy& policy);
+ void set_policy(const RGWAccessControlPolicy& policy);
int sign(const DoutPrefixProvider *dpp, RGWAccessKey& key, const bufferlist *opt_content);
const std::string& get_url() { return url; }
projects / ceph.git / commitdiff