}
int RGWLibRequest::read_permissions(RGWOp* op) {
+ /* bucket and object ops */
int ret =
rgw_build_bucket_policies(rgwlib.get_store(), get_state());
if (ret < 0) {
- ldout(get_state()->cct, 10) << "read_permissions on "
+ ldout(get_state()->cct, 10) << "read_permissions (bucket policy) on "
<< get_state()->bucket << ":"
<< get_state()->object
<< " only_bucket=" << only_bucket()
<< " ret=" << ret << dendl;
if (ret == -ENODATA)
ret = -EACCES;
+ } else if (! only_bucket()) {
+ /* object ops */
+ ret = rgw_build_object_policies(rgwlib.get_store(), get_state(),
+ op->prefetch_data());
+ if (ret < 0) {
+ ldout(get_state()->cct, 10) << "read_permissions (object policy) on"
+ << get_state()->bucket << ":"
+ << get_state()->object
+ << " ret=" << ret << dendl;
+ if (ret == -ENODATA)
+ ret = -EACCES;
+ }
}
return ret;
} /* RGWLibRequest::read_permissions */
* only_bucket: If true, reads the bucket ACL rather than the object ACL.
* Returns: 0 on success, -ERR# otherwise.
*/
-static int rgw_build_object_policies(RGWRados *store, struct req_state *s, bool prefetch_data)
+int rgw_build_object_policies(RGWRados *store, struct req_state *s,
+ bool prefetch_data)
{
int ret = 0;
};
extern int rgw_build_bucket_policies(RGWRados* store, struct req_state* s);
+extern int rgw_build_object_policies(RGWRados *store, struct req_state *s,
+ bool prefetch_data);
static inline int put_data_and_throttle(RGWPutObjProcessor *processor,
bufferlist& data, off_t ofs,
projects / ceph.git / commitdiff