Revert "RGW: a subuser with no permission can still list buckets and create buckets"

author Casey Bodley <cbodley@redhat.com>

Thu, 11 Apr 2024 18:48:29 +0000 (14:48 -0400)

committer Casey Bodley <cbodley@redhat.com>

Thu, 11 Apr 2024 19:19:55 +0000 (15:19 -0400)
author Casey Bodley <cbodley@redhat.com>
Thu, 11 Apr 2024 18:48:29 +0000 (14:48 -0400)
committer Casey Bodley <cbodley@redhat.com>
Thu, 11 Apr 2024 19:19:55 +0000 (15:19 -0400)
diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc

index 6b560d8f6e658fde6c8bdd29f60d1034c0d350fe..f5b834e0672d36720bb3901345db6a4bf4b8e52e 100644 (file)
--- a/src/rgw/rgw_common.cc
+++ b/src/rgw/rgw_common.cc
@@ -1273,14 +1273,13 @@ bool verify_user_permission_no_policy(const DoutPrefixProvider* dpp,
    if (s->identity->get_identity_type() == TYPE_ROLE)
      return false;
  
-  /* S3 doesn't have a subuser, it takes user permissions  */
-  if ((perm & (int)s->perm_mask) != perm)
-    return false;
-
    /* S3 doesn't support account ACLs, so user_acl will be uninitialized. */
    if (user_acl.get_owner().empty())
      return true;
-  
+
+  if ((perm & (int)s->perm_mask) != perm)
+    return false;
+
    return user_acl.verify_permission(dpp, *s->identity, perm, perm);
  }
author	Casey Bodley <cbodley@redhat.com>
	Thu, 11 Apr 2024 18:48:29 +0000 (14:48 -0400)
committer	Casey Bodley <cbodley@redhat.com>
	Thu, 11 Apr 2024 19:19:55 +0000 (15:19 -0400)