op_ret = store->create_bucket(*s->user, tmp_bucket, zonegroup_id,
placement_rule,
info.swift_ver_location,
- pquota_info, attrs, info, ep_objv,
+ pquota_info, policy, attrs, info, ep_objv,
true, obj_lock_enabled, &s->bucket_exists, s->info,
&s->bucket);
op_ret = store->create_bucket(*s->user, new_bucket,
store->get_zonegroup().get_id(),
placement_rule, swift_ver_location,
- pquota_info, attrs,
+ pquota_info, policy, attrs,
out_info, ep_objv,
true, false, &bucket_exists,
info, &bucket);
rgw_placement_rule& placement_rule,
std::string& swift_ver_location,
const RGWQuotaInfo * pquota_info,
+ const RGWAccessControlPolicy& policy,
RGWAttrs& attrs,
RGWBucketInfo& info,
obj_version& ep_objv,
rgw_placement_rule& placement_rule,
string& swift_ver_location,
const RGWQuotaInfo * pquota_info,
+ const RGWAccessControlPolicy& policy,
RGWAttrs& attrs,
RGWBucketInfo& info,
obj_version& ep_objv,
rgw_bucket *pmaster_bucket;
uint32_t *pmaster_num_shards;
real_time creation_time;
- RGWAccessControlPolicy old_policy(ctx());
std::unique_ptr<RGWBucket> bucket;
obj_version objv, *pobjv = NULL;
return ret;
if (ret != -ENOENT) {
+ RGWAccessControlPolicy old_policy(ctx());
*existed = true;
if (swift_ver_location.empty()) {
swift_ver_location = bucket->get_info().swift_ver_location;
}
placement_rule.inherit_from(bucket->get_info().placement_rule);
+
+ // don't allow changes to the acl policy
int r = rgw_op_get_bucket_policy_from_attr(this, u, bucket->get_attrs(),
&old_policy);
- if (r >= 0) {
- if (old_policy.get_owner().get_id().compare(u.get_id()) != 0) {
- bucket_out->swap(bucket);
- ret = -EEXIST;
- return ret;
- }
+ if (r >= 0 && old_policy != policy) {
+ bucket_out->swap(bucket);
+ return -EEXIST;
}
} else {
bucket = std::unique_ptr<RGWBucket>(new RGWRadosBucket(this, b, &u));
rgw_placement_rule& placement_rule,
std::string& swift_ver_location,
const RGWQuotaInfo * pquota_info,
+ const RGWAccessControlPolicy& policy,
RGWAttrs& attrs,
RGWBucketInfo& info,
obj_version& ep_objv,
projects / ceph.git / commitdiff