From: Sage Weil <sage@redhat.com>
Date: Thu, 28 May 2015 04:52:27 +0000 (-0400)
Subject: mds/MDSAuthCaps: move allows() into MDSCapSpec
X-Git-Tag: v10.0.0~123^2~100
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=63c29adb6ced8546ea010f1ded9a2611264ced1a;p=ceph.git

mds/MDSAuthCaps: move allows() into MDSCapSpec

Also, fix this so that 'any' implies that we can read or write.

Signed-off-by: Sage Weil <sage@redhat.com>
---

diff --git a/src/mds/MDSAuthCaps.cc b/src/mds/MDSAuthCaps.cc
index 9aa65c5f436..4f78db7ac08 100644
--- a/src/mds/MDSAuthCaps.cc
+++ b/src/mds/MDSAuthCaps.cc
@@ -97,16 +97,13 @@ struct MDSCapParser : qi::grammar<Iterator, MDSAuthCaps()>
  * requested path + op.
  *
  */
-bool MDSAuthCaps::is_capable(const std::string &path, int uid, bool may_read, bool may_write) const
+bool MDSAuthCaps::is_capable(const std::string &path, int uid,
+			     bool may_read, bool may_write) const
 {
   for (std::vector<MDSCapGrant>::const_iterator i = grants.begin(); i != grants.end(); ++i) {
-    if (i->match.match(path, uid)) {
-      if ((may_read && !i->spec.read) ||
-          (may_write && !i->spec.write)) {
-        continue;
-      } else {
-        return true;
-      }
+    if (i->match.match(path, uid) &&
+	i->spec.allows(may_read, may_write)) {
+      return true;
     }
   }
 
diff --git a/src/mds/MDSAuthCaps.h b/src/mds/MDSAuthCaps.h
index c243ef424ca..13cdc29e358 100644
--- a/src/mds/MDSAuthCaps.h
+++ b/src/mds/MDSAuthCaps.h
@@ -32,6 +32,15 @@ struct MDSCapSpec {
   bool allow_all() const {
     return any;
   }
+  bool allows(bool r, bool w) const {
+    if (any)
+      return true;
+    if (r && !read)
+      return false;
+    if (w && !write)
+      return false;
+    return true;
+  }
 };
 
 // conditions before we are allowed to do it