rgw: allow system users to read SLO parts

author Casey Bodley <cbodley@redhat.com>

Tue, 21 Feb 2017 15:27:13 +0000 (10:27 -0500)

committer Casey Bodley <cbodley@redhat.com>

Mon, 20 Mar 2017 15:51:30 +0000 (11:51 -0400)
author Casey Bodley <cbodley@redhat.com>
Tue, 21 Feb 2017 15:27:13 +0000 (10:27 -0500)
committer Casey Bodley <cbodley@redhat.com>
Mon, 20 Mar 2017 15:51:30 +0000 (11:51 -0400)
diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc

index aaf7f96438cf9d629434d5fd2717c44ce2b8cb01..a209eb06ad12844f0dd6c341726201d49ce5f158 100644 (file)
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -876,8 +876,12 @@ int RGWGetObj::read_user_manifest_part(rgw_bucket& bucket,
  
    /* We can use global user_acl because LOs cannot have segments
     * stored inside different accounts. */
-  if (!verify_object_permission(s, s->user_acl.get(), bucket_policy,
-          &obj_policy, RGW_PERM_READ)) {
+  if (s->system_request) {
+    ldout(s->cct, 2) << "overriding permissions due to system operation" << dendl;
+  } else if (s->auth_identity->is_admin_of(s->user->user_id)) {
+    ldout(s->cct, 2) << "overriding permissions due to admin operation" << dendl;
+  } else if (!verify_object_permission(s, s->user_acl.get(), bucket_policy,
+                                       &obj_policy, RGW_PERM_READ)) {
      return -EPERM;
    }
author	Casey Bodley <cbodley@redhat.com>
	Tue, 21 Feb 2017 15:27:13 +0000 (10:27 -0500)
committer	Casey Bodley <cbodley@redhat.com>
	Mon, 20 Mar 2017 15:51:30 +0000 (11:51 -0400)