}
for (iter = multi_delete->objects.begin();
- iter != multi_delete->objects.end() && num_processed < max_to_delete;
- ++iter, num_processed++) {
+ iter != multi_delete->objects.end();
+ ++iter) {
rgw_obj obj(bucket, *iter);
- if (s->iam_policy) {
+ if (s->iam_policy || ! s->iam_user_policies.empty()) {
+ auto usr_policy_res = eval_user_policies(s->iam_user_policies, s->env,
+ *s->auth.identity,
+ iter->instance.empty() ?
+ rgw::IAM::s3DeleteObject :
+ rgw::IAM::s3DeleteObjectVersion,
+ obj);
+ if (usr_policy_res == Effect::Deny) {
+ send_partial_response(*iter, false, "", -EACCES);
+ continue;
+ }
auto e = s->iam_policy->eval(s->env,
*s->auth.identity,
iter->instance.empty() ?
projects / ceph.git / commitdiff