From: Matt Benjamin <mbenjamin@redhat.com>
Date: Tue, 5 Apr 2016 22:22:04 +0000 (-0400)
Subject: librgw/rgw_file:  correctly handle object permissions
X-Git-Tag: v10.1.2~38^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=bb4c2cacb247bba5afc9fe5ad8e9fb2018744cef;p=ceph.git

librgw/rgw_file:  correctly handle object permissions

Implement the full object permission model for librgw (aka, NFS
and similar) operations.

Fixes DIRS1 unit tests.

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
---

diff --git a/src/rgw/librgw.cc b/src/rgw/librgw.cc
index 220d02409978..37414fc831db 100644
--- a/src/rgw/librgw.cc
+++ b/src/rgw/librgw.cc
@@ -545,16 +545,29 @@ namespace rgw {
   }
 
   int RGWLibRequest::read_permissions(RGWOp* op) {
+    /* bucket and object ops */
     int ret =
       rgw_build_bucket_policies(rgwlib.get_store(), get_state());
     if (ret < 0) {
-      ldout(get_state()->cct, 10) << "read_permissions on "
+      ldout(get_state()->cct, 10) << "read_permissions (bucket policy) on "
 				  << get_state()->bucket << ":"
 				  << get_state()->object
 				  << " only_bucket=" << only_bucket()
 				  << " ret=" << ret << dendl;
       if (ret == -ENODATA)
 	ret = -EACCES;
+    } else if (! only_bucket()) {
+      /* object ops */
+      ret = rgw_build_object_policies(rgwlib.get_store(), get_state(),
+				      op->prefetch_data());
+      if (ret < 0) {
+	ldout(get_state()->cct, 10) << "read_permissions (object policy) on"
+				    << get_state()->bucket << ":"
+				    << get_state()->object
+				    << " ret=" << ret << dendl;
+	if (ret == -ENODATA)
+	  ret = -EACCES;
+      }
     }
     return ret;
   } /* RGWLibRequest::read_permissions */
diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 66ecd5568d28..f8ee1924eca1 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -398,7 +398,8 @@ int rgw_build_bucket_policies(RGWRados* store, struct req_state* s)
  * only_bucket: If true, reads the bucket ACL rather than the object ACL.
  * Returns: 0 on success, -ERR# otherwise.
  */
-static int rgw_build_object_policies(RGWRados *store, struct req_state *s, bool prefetch_data)
+int rgw_build_object_policies(RGWRados *store, struct req_state *s,
+			      bool prefetch_data)
 {
   int ret = 0;
 
diff --git a/src/rgw/rgw_op.h b/src/rgw/rgw_op.h
index e3ecd600ed3f..825dd93b41e0 100644
--- a/src/rgw/rgw_op.h
+++ b/src/rgw/rgw_op.h
@@ -1338,6 +1338,8 @@ public:
 };
 
 extern int rgw_build_bucket_policies(RGWRados* store, struct req_state* s);
+extern int rgw_build_object_policies(RGWRados *store, struct req_state *s,
+				    bool prefetch_data);
 
 static inline int put_data_and_throttle(RGWPutObjProcessor *processor,
 					bufferlist& data, off_t ofs,