auto apl = \
apl_factory->create_apl_local(cct, s, user_info,
rgw::auth::LocalApplier::NO_SUBUSER,
- boost::none);
+ boost::none, boost::none);
return result_t::grant(std::move(apl));
}
}
const RGWUserInfo user_info;
const std::string subuser;
vector<std::string> role_policies;
+ uint32_t perm_mask;
uint32_t get_perm_mask(const std::string& subuser_name,
const RGWUserInfo &uinfo) const;
LocalApplier(CephContext* const cct,
const RGWUserInfo& user_info,
std::string subuser,
- const boost::optional<vector<std::string> >& role_policies)
+ const boost::optional<vector<std::string> >& role_policies,
+ const boost::optional<uint32_t>& perm_mask)
: user_info(user_info),
- subuser(std::move(subuser)){
+ subuser(std::move(subuser)) {
if (role_policies) {
this->role_policies = role_policies.get();
}
+ if (perm_mask) {
+ this->perm_mask = perm_mask.get();
+ } else {
+ this->perm_mask = RGW_PERM_INVALID;
+ }
}
bool is_owner_of(const rgw_user& uid) const override;
bool is_identity(const idset_t& ids) const override;
uint32_t get_perm_mask() const override {
- return get_perm_mask(subuser, user_info);
+ if (this->perm_mask == RGW_PERM_INVALID) {
+ return get_perm_mask(subuser, user_info);
+ } else {
+ return this->perm_mask;
+ }
}
void to_str(std::ostream& out) const override;
void load_acct_info(RGWUserInfo& user_info) const override; /* out */
const req_state* s,
const RGWUserInfo& user_info,
const std::string& subuser,
- const boost::optional<vector<std::string> >& role_policies) const = 0;
+ const boost::optional<vector<std::string> >& role_policies,
+ const boost::optional<uint32_t>& perm_mask) const = 0;
};
};
const req_state* const s,
const RGWUserInfo& user_info,
const std::string& subuser,
- const boost::optional<vector<std::string> >& role_policies) const override {
+ const boost::optional<vector<std::string> >& role_policies,
+ const boost::optional<uint32_t>& perm_mask) const override {
auto apl = rgw::auth::add_sysreq(cct, store, s,
- rgw::auth::LocalApplier(cct, user_info, subuser, role_policies));
+ rgw::auth::LocalApplier(cct, user_info, subuser, role_policies, perm_mask));
return aplptr_t(new decltype(apl)(std::move(apl)));
}
const req_state* const s,
const RGWUserInfo& user_info,
const std::string& subuser,
- const boost::optional<vector<std::string> >& role_policies) const override {
+ const boost::optional<vector<std::string> >& role_policies,
+ const boost::optional<uint32_t>& perm_mask) const override {
auto apl = rgw::auth::add_sysreq(cct, store, s,
- rgw::auth::LocalApplier(cct, user_info, subuser, role_policies));
+ rgw::auth::LocalApplier(cct, user_info, subuser, role_policies, perm_mask));
/* TODO(rzarzynski): replace with static_ptr. */
return aplptr_t(new decltype(apl)(std::move(apl)));
}
return result_t::deny(-ERR_SIGNATURE_NO_MATCH);
}
- auto apl = apl_factory->create_apl_local(cct, s, user_info, k.subuser, boost::none);
+ auto apl = apl_factory->create_apl_local(cct, s, user_info, k.subuser, boost::none, boost::none);
return result_t::grant(std::move(apl), completer_factory(k.key));
}
return result_t::grant(std::move(apl), completer_factory(boost::none));
} else {
string subuser;
- auto apl = local_apl_factory->create_apl_local(cct, s, user_info, subuser, role_policies);
+ auto apl = local_apl_factory->create_apl_local(cct, s, user_info, subuser, role_policies, token.perm_mask);
return result_t::grant(std::move(apl), completer_factory(token.secret_access_key));
}
}
const req_state* const s,
const RGWUserInfo& user_info,
const std::string& subuser,
- const boost::optional<vector<std::string> >& role_policies) const override {
+ const boost::optional<vector<std::string> >& role_policies,
+ const boost::optional<uint32_t>& perm_mask) const override {
return aplptr_t(
- new rgw::auth::LocalApplier(cct, user_info, subuser, role_policies));
+ new rgw::auth::LocalApplier(cct, user_info, subuser, role_policies, perm_mask));
}
};
auto apl = apl_factory->create_apl_local(cct, s, tmp_uinfo,
extract_swift_subuser(swift_user),
- boost::none);
+ boost::none, boost::none);
return result_t::grant(std::move(apl));
}
auto apl = apl_factory->create_apl_local(cct, s, user_info,
extract_swift_subuser(swift_user),
- boost::none);
+ boost::none, boost::none);
return result_t::grant(std::move(apl));
}
public:
TempURLApplier(CephContext* const cct,
const RGWUserInfo& user_info)
- : LocalApplier(cct, user_info, LocalApplier::NO_SUBUSER, boost::none) {
+ : LocalApplier(cct, user_info, LocalApplier::NO_SUBUSER, boost::none, boost::none) {
};
void modify_request_state(req_state * s) const override; /* in/out */
const req_state* const s,
const RGWUserInfo& user_info,
const std::string& subuser,
- const boost::optional<vector<std::string> >& role_policies) const override {
+ const boost::optional<vector<std::string> >& role_policies,
+ const boost::optional<uint32_t>& perm_mask) const override {
auto apl = \
rgw::auth::add_3rdparty(store, s->account_name,
rgw::auth::add_sysreq(cct, store, s,
- rgw::auth::LocalApplier(cct, user_info, subuser, boost::none)));
+ rgw::auth::LocalApplier(cct, user_info, subuser, role_policies, perm_mask)));
/* TODO(rzarzynski): replace with static_ptr. */
return aplptr_t(new decltype(apl)(std::move(apl)));
}
projects / ceph.git / commitdiff