From: Mark Houghton Date: Tue, 3 Nov 2020 11:10:04 +0000 (+0000) Subject: rgw: fix RGWDeleteMultiObj::verify_permission X-Git-Tag: v16.1.0~425^2~2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=ba23750bea89a0e9818887abe62db0efef02fe3a;p=ceph.git rgw: fix RGWDeleteMultiObj::verify_permission Signed-off-by: Mark Houghton --- diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc index 2e112af0986..85bb3fbf8d4 100644 --- a/src/rgw/rgw_op.cc +++ b/src/rgw/rgw_op.cc @@ -6384,6 +6384,11 @@ void RGWGetHealthCheck::execute(optional_yield y) int RGWDeleteMultiObj::verify_permission(optional_yield y) { + int op_ret = get_params(); + if (op_ret) { + return op_ret; + } + if (s->iam_policy || ! s->iam_user_policies.empty()) { if (s->bucket->get_info().obj_lock_enabled() && bypass_governance_mode) { auto r = eval_user_policies(s->iam_user_policies, s->env, boost::none, @@ -6398,9 +6403,12 @@ int RGWDeleteMultiObj::verify_permission(optional_yield y) } } } + + bool empty = rgw::sal::RGWObject::empty(s->object.get()) || s->object->get_instance().empty(); + auto usr_policy_res = eval_user_policies(s->iam_user_policies, s->env, boost::none, - s->object->get_instance().empty() ? + empty ? rgw::IAM::s3DeleteObject : rgw::IAM::s3DeleteObjectVersion, ARN(s->bucket->get_key())); @@ -6411,7 +6419,7 @@ int RGWDeleteMultiObj::verify_permission(optional_yield y) rgw::IAM::Effect r = Effect::Pass; if (s->iam_policy) { r = s->iam_policy->eval(s->env, *s->auth.identity, - s->object->get_instance().empty() ? + empty ? rgw::IAM::s3DeleteObject : rgw::IAM::s3DeleteObjectVersion, ARN(s->bucket->get_key())); @@ -6444,11 +6452,6 @@ void RGWDeleteMultiObj::execute(optional_yield y) RGWObjectCtx *obj_ctx = static_cast(s->obj_ctx); char* buf; - op_ret = get_params(y); - if (op_ret < 0) { - goto error; - } - buf = data.c_str(); if (!buf) { op_ret = -EINVAL;