librgw: move authorize() and read_permissions()

all RGW_Auth_S3::authorize() from process_request().  Add a
read_permissions() primitive replacing RGWHandler's version in
RGWLibRequest.

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>

diff --git a/src/rgw/librgw.cc b/src/rgw/librgw.cc
index 604f141493e024e3ba85936ec514a596681250cc..827f401684f016dec5e830bec0ee2a440c4c1ed2 100644 (file)
--- a/src/rgw/librgw.cc
+++ b/src/rgw/librgw.cc
@@ -363,6 +363,20 @@ void RGWLibIO::init_env(CephContext* cct)
   env.set("SERVER_PORT", port_buf);
 }
 
+int RGWLibRequest::read_permissions(RGWOp *op) {
+  int ret =
+    rgw_build_bucket_policies(librgw.get_store(), s);
+  if (ret < 0) {
+    ldout(s->cct, 10) << "read_permissions on "
+                     << s->bucket << ":" << s->object << " ret=" << ret
+                     << dendl;
+    if (ret == -ENODATA)
+      ret = -EACCES;
+  }
+
+  return ret;
+}
+
 int process_request(RGWRados* store, RGWREST* rest, RGWRequest* base_req,
                    RGWLibIO* io, OpsLogSocket* olog)
 {
@@ -393,8 +407,7 @@ int process_request(RGWRados* store, RGWREST* rest, RGWRequest* base_req,
 
   req->log_format(s, "initializing for trans_id = %s", s->trans_id.c_str());
 
-  /* XXX the following works, but we shouldn't need to pay for a
-   * dynamic cast */
+  /* XXX programmer is enforcing (for now)  */
   RGWOp *op = reinterpret_cast<RGWOp*>(req); // req->op is already correct
 
   bool should_log = true;
@@ -402,15 +415,12 @@ int process_request(RGWRados* store, RGWREST* rest, RGWRequest* base_req,
   // just checks the HTTP header, and that the user can access the gateway
   // may be able to skip this after MOUNT (revalidate the user info)
   req->log(s, "authorizing");
-#warning need new authorize() mechanism
-#if 0
-  ret = handler->authorize(); // validates s->user
+  ret = RGW_Auth_S3::authorize(store, s); // validates s->user
   if (ret < 0) {
     dout(10) << "failed to authorize request" << dendl;
-    abort_early(s, op, ret, handler);
+    abort_early(s, op, ret, nullptr);
     goto done;
   }
-#endif
 
   if (s->user.suspended) {
     dout(10) << "user is suspended, uid=" << s->user.user_id << dendl;
@@ -418,14 +428,11 @@ int process_request(RGWRados* store, RGWREST* rest, RGWRequest* base_req,
     goto done;
   }
   req->log(s, "reading permissions");
-#warning need a new read_permissions(op) mechanism
-#if 0
-  ret = handler->read_permissions(op);
+  ret = req->read_permissions(op);
   if (ret < 0) {
     abort_early(s, op, ret, nullptr);
     goto done;
   }
-#endif
 
   req->log(s, "init op");
   ret = op->init_processing();

diff --git a/src/rgw/rgw_file.cc b/src/rgw/rgw_file.cc
index 83cfe234b887477f25e8dc9beaa2fc74d8a80a82..640cf20c633fd19cad394c0864a76103e103d828 100644 (file)
--- a/src/rgw/rgw_file.cc
+++ b/src/rgw/rgw_file.cc
@@ -303,7 +303,7 @@ public:
     op = this;
   }
 
-  int operator()(const std::string& name, const std::string& marker) {
+  void operator()(const std::string& name, const std::string& marker) {
     (void) rcb(name.c_str(), cb_arg, offset++);
   }
 

diff --git a/src/rgw/rgw_lib.h b/src/rgw/rgw_lib.h
index 47a4a966d4023ca86cad8c42ca5ac1078aa9fe4d..73c5127ce9966ddfa21778b4a47b6c7a914ce1ab 100644 (file)
--- a/src/rgw/rgw_lib.h
+++ b/src/rgw/rgw_lib.h
@@ -120,36 +120,25 @@ public:
 
 }; /* RGWLibIO */
 
-#if 0
-struct RGWLibRequest : public RGWRequest {
-  string method;
-  string resource;
-  int content_length;
-  atomic_t* fail_flag;
-
-  RGWLibRequest(uint64_t req_id, const string& _m, const  string& _r, int _cl,
-               bool user_command, atomic_t* _ff)
-    :  RGWRequest(req_id), method(_m), resource(_r), content_length(_cl),
-       fail_flag(_ff)
-    {
-      s->librgw_user_command =  user_command;
-    }
-
-  virtual RGWHandler* get_handler() = 0; // XXX need req_state arg?
-
-}; /* RGWLibRequest */
-#else
 class RGWLibRequest : public RGWRequest {
-public:
+private:
+  struct req_state* s;
 
+public:
   RGWLibRequest(uint64_t req_id)
-    :  RGWRequest(req_id)
+    :  RGWRequest(req_id), s(nullptr)
     {}
 
+  void set_state(req_state* _s) {
+    s = _s;
+  }
+
+  virtual bool only_bucket() = 0;
+
   virtual RGWHandler* get_handler() /* = 0; */ { return nullptr; }
-  // virtual const char* get_method() = 0;
+
+  int read_permissions(RGWOp *op);
 
 }; /* RGWLibRequest */
-#endif /* 0 */
 
 #endif /* RGW_LIB_H */

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 2ceebaa8059fa3f69461b271b0d58881fe03b13e..4c4fd8dac3a1d88180883e0c6e3c1e723a37ce52 100644 (file)
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -341,7 +341,7 @@ static int read_policy(RGWRados *store, struct req_state *s,
  * only_bucket: If true, reads the bucket ACL rather than the object ACL.
  * Returns: 0 on success, -ERR# otherwise.
  */
-static int rgw_build_bucket_policies(RGWRados *store, struct req_state *s)
+int rgw_build_bucket_policies(RGWRados* store, struct req_state* s)
 {
   int ret = 0;
   rgw_obj_key obj;

diff --git a/src/rgw/rgw_op.h b/src/rgw/rgw_op.h
index 254fbd4f5f70aa242b245ebca9d8cce3b3ad3598..d941294beff6e073e794968ddc3da4b094db2b45 100644 (file)
--- a/src/rgw/rgw_op.h
+++ b/src/rgw/rgw_op.h
@@ -1297,7 +1297,6 @@ public:
   virtual uint32_t op_mask() { return RGW_OP_TYPE_DELETE; }
 };
 
-
 class RGWHandler {
 protected:
   RGWRados *store;
@@ -1333,4 +1332,6 @@ public:
   virtual int error_handler(int err_no, string *error_content);
 };
 
-#endif
+extern int rgw_build_bucket_policies(RGWRados* store, struct req_state* s);
+
+#endif /* CEPH_RGW_OP_H */