int create_container_policy(const DoutPrefixProvider *dpp,
rgw::sal::Driver* driver,
- const rgw_user& id,
- const std::string& name,
+ const ACLOwner& owner,
const char* read_list,
const char* write_list,
uint32_t& rw_mask,
RGWAccessControlPolicy& policy)
{
- policy.create_default(id, name);
+ policy.create_default(owner.id, owner.display_name);
auto& acl = policy.get_acl();
if (read_list) {
int create_account_policy(const DoutPrefixProvider* dpp,
rgw::sal::Driver* driver,
- const rgw_user& id,
- const std::string& name,
+ const ACLOwner& owner,
const std::string& acl_str,
RGWAccessControlPolicy& policy)
{
- policy.create_default(id, name);
+ policy.create_default(owner.id, owner.display_name);
auto& acl = policy.get_acl();
JSONParser parser;
#include "rgw_sal_fwd.h"
#include "rgw_user_types.h"
+struct ACLOwner;
class DoutPrefixProvider;
class RGWAccessControlPolicy;
/// X-Container-Read/X-Container-Write.
int create_container_policy(const DoutPrefixProvider *dpp,
rgw::sal::Driver* driver,
- const rgw_user& id,
- const std::string& name,
+ const ACLOwner& owner,
const char* read_list,
const char* write_list,
uint32_t& rw_mask,
/// Create a policy based on swift account acl header X-Account-Access-Control.
int create_account_policy(const DoutPrefixProvider* dpp,
rgw::sal::Driver* driver,
- const rgw_user& id,
- const std::string& name,
+ const ACLOwner& owner,
const std::string& acl_str,
RGWAccessControlPolicy& policy);
static int get_obj_policy_from_attr(const DoutPrefixProvider *dpp,
CephContext *cct,
rgw::sal::Driver* driver,
- RGWBucketInfo& bucket_info,
- map<string, bufferlist>& bucket_attrs,
+ const ACLOwner& bucket_owner,
RGWAccessControlPolicy& policy,
string *storage_class,
rgw::sal::Object* obj,
} else if (ret == -ENODATA) {
/* object exists, but policy is broken */
ldpp_dout(dpp, 0) << "WARNING: couldn't find acl header for object, generating default" << dendl;
- std::unique_ptr<rgw::sal::User> user = driver->get_user(bucket_info.owner);
- ret = user->load_user(dpp, y);
- if (ret < 0)
- return ret;
-
- policy.create_default(bucket_info.owner, user->get_display_name());
+ policy.create_default(bucket_owner.id, bucket_owner.display_name);
+ ret = 0;
}
if (storage_class) {
}
policy = get_iam_policy_from_attr(s->cct, bucket_attrs, bucket->get_tenant());
- int ret = get_obj_policy_from_attr(dpp, s->cct, driver, bucket_info,
- bucket_attrs, acl, storage_class, object,
- s->yield);
+ int ret = get_obj_policy_from_attr(dpp, s->cct, driver, s->bucket_owner,
+ acl, storage_class, object, s->yield);
if (ret == -ENOENT) {
/* object does not exist checking the bucket's ACL to make sure
that we send a proper error code */
}
}
- struct {
- rgw_user uid;
- std::string display_name;
- } acct_acl_user = {
- s->user->get_id(),
- s->user->get_display_name(),
- };
+ // ACLOwner for swift's s->user_acl. may be retargeted to s->bucket_owner
+ const ACLOwner* acct_acl_user = &s->owner;
if (!s->bucket_name.empty()) {
s->bucket_exists = true;
ret = read_bucket_policy(dpp, driver, s, s->bucket->get_info(),
s->bucket->get_attrs(),
s->bucket_acl, s->bucket->get_key(), y);
- acct_acl_user = {
- s->bucket->get_info().owner,
- s->bucket_acl.get_owner().display_name,
- };
s->bucket_owner = s->bucket_acl.get_owner();
+ acct_acl_user = &s->bucket_owner;
s->zonegroup_endpoint = rgw::get_zonegroup_endpoint(zonegroup);
s->zonegroup_name = zonegroup.get_name();
/* handle user ACL only for those APIs which support it */
if (s->dialect == "swift" && !s->user->get_id().empty()) {
- std::unique_ptr<rgw::sal::User> acl_user = driver->get_user(acct_acl_user.uid);
+ std::unique_ptr<rgw::sal::User> acl_user = driver->get_user(acct_acl_user->id);
ret = acl_user->read_attrs(dpp, y);
if (!ret) {
* 1. if we try to reach an existing bucket, its owner is considered
* as account owner.
* 2. otherwise account owner is identity stored in s->user->user_id. */
- s->user_acl.create_default(acct_acl_user.uid,
- acct_acl_user.display_name);
+ s->user_acl.create_default(acct_acl_user->id,
+ acct_acl_user->display_name);
ret = 0;
} else if (ret < 0) {
ldpp_dout(dpp, 0) << "NOTICE: couldn't get user attrs for handling ACL "
}
}
- s->bucket_owner.id = s->user->get_id();
- s->bucket_owner.display_name = s->user->get_display_name();
- createparams.owner = s->user->get_id();
+ s->bucket_owner = policy.get_owner();
+ createparams.owner = s->bucket_owner.id;
buffer::list aclbl;
policy.encode(aclbl);
{
// create a default acl
RGWAccessControlPolicy policy;
- policy.create_default(s->user->get_id(), s->user->get_display_name());
+ policy.create_default(s->owner.id, s->owner.display_name);
ceph::bufferlist aclbl;
policy.encode(aclbl);
createparams.attrs[RGW_ATTR_ACL] = std::move(aclbl);
/* Create metadata: ACLs. */
RGWAccessControlPolicy policy;
- policy.create_default(s->user->get_id(), s->user->get_display_name());
+ policy.create_default(s->owner.id, s->owner.display_name);
ceph::bufferlist aclbl;
policy.encode(aclbl);
attrs.emplace(RGW_ATTR_ACL, std::move(aclbl));
if (read_list || write_list) {
int r = rgw::swift::create_container_policy(s, driver,
- s->user->get_id(),
- s->user->get_display_name(),
+ s->owner,
read_list,
write_list,
*rw_mask,
}
if (!has_policy) {
- policy.create_default(s->user->get_id(), s->user->get_display_name());
+ policy.create_default(s->owner.id, s->owner.display_name);
}
location_constraint = driver->get_zone()->get_zonegroup().get_api_name();
}
}
- policy.create_default(s->user->get_id(), s->user->get_display_name());
+ policy.create_default(s->owner.id, s->owner.display_name);
int r = get_delete_at_param(s, delete_at);
if (r < 0) {
const char * const acl_attr = s->info.env->get("HTTP_X_ACCOUNT_ACCESS_CONTROL");
if (acl_attr) {
- int r = rgw::swift::create_account_policy(s, driver,
- s->user->get_id(),
- s->user->get_display_name(),
+ int r = rgw::swift::create_account_policy(s, driver, s->owner,
acl_attr, policy);
if (r < 0) {
return r;
int RGWCopyObj_ObjStore_SWIFT::init_dest_policy()
{
- dest_policy.create_default(s->user->get_id(), s->user->get_display_name());
+ dest_policy.create_default(s->owner.id, s->owner.display_name);
return 0;
}
return ret;
}
- policy.create_default(s->user->get_id(), s->user->get_display_name());
+ policy.create_default(s->owner.id, s->owner.display_name);
/* Let's start parsing the HTTP body by parsing each form part step-
* by-step till encountering the first part with file data. */
projects / ceph-ci.git / commitdiff