From: Casey Bodley <cbodley@redhat.com>
Date: Sat, 27 Jan 2024 00:02:39 +0000 (-0500)
Subject: rgw: adapt verify_user_permission() for account users
X-Git-Tag: testing/wip-yuriw-testing-20240416.150233~10^2~89
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=345eb68c760522e567de2603e0a1ba8b007c2cc7;p=ceph-ci.git

rgw: adapt verify_user_permission() for account users

Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit cb81a429fdeca31c3ae28d85d331f2a3052baaa1)
---

diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc
index 905d34f48eb..1e7b29d6577 100644
--- a/src/rgw/rgw_common.cc
+++ b/src/rgw/rgw_common.cc
@@ -1213,6 +1213,11 @@ bool verify_user_permission(const DoutPrefixProvider* dpp,
                             bool mandatory_policy)
 {
   perm_state_from_req_state ps(s);
+
+  if (std::holds_alternative<rgw_account_id>(s->owner.id)) {
+    // account users always require an Allow from identity-based policy
+    mandatory_policy = true;
+  }
   return verify_user_permission(dpp, &ps, s->user_acl, s->iam_user_policies, s->session_policies, res, op, mandatory_policy);
 }