]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commitdiff
projects / ceph.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 22f7d1a)
rgw: get or set realm zonegroup zone need check user's caps
authoryuliyang <yuliyang@cmss.chinamobile.com>
Tue, 20 Nov 2018 09:19:38 +0000 (17:19 +0800)
committerCasey Bodley <cbodley@redhat.com>
Thu, 30 May 2019 20:54:52 +0000 (16:54 -0400)
fix: https://tracker.ceph.com/issues/37352

Signed-off-by: yuliyang <yuliyang@cmss.chinamobile.com>
(cherry picked from commit 6ecaec926fb81810f6be43744cd5c48d6ccfaf5a)

Conflicts: RGWOp::name() returns std::string
src/rgw/rgw_rest_config.h
src/rgw/rgw_rest_realm.cc

src/rgw/rgw_rest_config.h patch | blob | history
src/rgw/rgw_rest_realm.cc patch | blob | history

diff --git a/src/rgw/rgw_rest_config.h b/src/rgw/rgw_rest_config.h
index 5751f8b0687fe4d5567928584d6a484766f99b52..2b9c2d6cf656e5215f0c90f9f821bdd4cfd4c8af 100644 (file)
--- a/src/rgw/rgw_rest_config.h
+++ b/src/rgw/rgw_rest_config.h
@@ -22,8 +22,11 @@ public:
   RGWOp_ZoneGroupMap_Get(bool _old_format):old_format(_old_format) {}
   ~RGWOp_ZoneGroupMap_Get() override {}
 
+  int check_caps(RGWUserCaps& caps) override {
+    return caps.check_cap("zone", RGW_CAP_READ);
+  }
   int verify_permission() override {
-    return 0; 
+    return check_caps(s->user->caps);
   }
   void execute() override;
   void send_response() override;
@@ -41,8 +44,8 @@ class RGWOp_ZoneConfig_Get : public RGWRESTOp {
 public:
   RGWOp_ZoneConfig_Get() {}
 
-  int check_caps(RGWUserCaps& caps) {
-    return caps.check_cap("admin", RGW_CAP_READ);
+  int check_caps(RGWUserCaps& caps) override {
+    return caps.check_cap("zone", RGW_CAP_READ);
   }
   int verify_permission() {
     return check_caps(s->user->caps);
diff --git a/src/rgw/rgw_rest_realm.cc b/src/rgw/rgw_rest_realm.cc
index 7289d1389526ae8ac82ec65ecfc40f6039909ae8..a97aaf5252664ec055046e012c75b26664381108 100644 (file)
--- a/src/rgw/rgw_rest_realm.cc
+++ b/src/rgw/rgw_rest_realm.cc
@@ -47,6 +47,12 @@ void RGWOp_Period_Base::send_response()
 class RGWOp_Period_Get : public RGWOp_Period_Base {
  public:
   void execute() override;
+  int check_caps(RGWUserCaps& caps) override {
+    return caps.check_cap("zone", RGW_CAP_READ);
+  }
+  int verify_permission() override {
+    return check_caps(s->user->caps);
+  }
   const string name() override { return "get_period"; }
 };
 
@@ -71,6 +77,12 @@ void RGWOp_Period_Get::execute()
 class RGWOp_Period_Post : public RGWOp_Period_Base {
  public:
   void execute() override;
+  int check_caps(RGWUserCaps& caps) override {
+    return caps.check_cap("zone", RGW_CAP_WRITE);
+  }
+  int verify_permission() override {
+    return check_caps(s->user->caps);
+  }
   const string name() override { return "post_period"; }
 };
 
@@ -240,7 +252,12 @@ class RGWRESTMgr_Period : public RGWRESTMgr {
 class RGWOp_Realm_Get : public RGWRESTOp {
   std::unique_ptr<RGWRealm> realm;
 public:
-  int verify_permission() override { return 0; }
+  int check_caps(RGWUserCaps& caps) override {
+    return caps.check_cap("zone", RGW_CAP_READ);
+  }
+  int verify_permission() override {
+    return check_caps(s->user->caps);
+  }
   void execute() override;
   void send_response() override;
   const string name() override { return "get_realm"; }
Unnamed repository; edit this file 'description' to name the repository.