From: Josh Durgin <josh.durgin@inktank.com>
Date: Thu, 10 Oct 2013 22:50:39 +0000 (-0700)
Subject: rgw: skip read_policy checks for system_users
X-Git-Tag: v0.67.5~20^2~12
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=90101aea6818c2f43bf31243d912ec9143f68882;p=ceph.git

rgw: skip read_policy checks for system_users

A system user should still be able to examine suspended buckets, and
get -ENOENT instead of -EACCESS for a deleted object.

Fixes: #6616
Backport: dumpling
Signed-off-by: Josh Durgin <josh.durgin@inktank.com>
(cherry picked from commit ea816c1c2fd47eab647d6fab96c9ca4bfeecd5bb)
---

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index fc4ad6d3511dc..e45cc2704bed9 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -269,7 +269,7 @@ static int read_policy(RGWRados *store, struct req_state *s,
   string oid = object;
   rgw_obj obj;
 
-  if (bucket_info.flags & BUCKET_SUSPENDED) {
+  if (!s->system_request && bucket_info.flags & BUCKET_SUSPENDED) {
     ldout(s->cct, 0) << "NOTICE: bucket " << bucket_info.bucket.name << " is suspended" << dendl;
     return -ERR_USER_SUSPENDED;
   }
@@ -292,7 +292,7 @@ static int read_policy(RGWRados *store, struct req_state *s,
     if (ret < 0)
       return ret;
     string& owner = bucket_policy.get_owner().get_id();
-    if (owner.compare(s->user.user_id) != 0 &&
+    if (!s->system_request && owner.compare(s->user.user_id) != 0 &&
         !bucket_policy.verify_permission(s->user.user_id, s->perm_mask, RGW_PERM_READ))
       ret = -EACCES;
     else