From: liubingrun Date: Fri, 19 Sep 2025 17:23:42 +0000 (+0800) Subject: rgw/iam: rename condition helpers for clarity X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=c4e750e6767f226eb436610a0b0296715ae6a6fb;p=ceph-ci.git rgw/iam: rename condition helpers for clarity - andible/orrible → multimap_all/multimap_any - shortible → typed_any - add typed_none and multimap_none Improves code readability by making function purposes explicit. Signed-off-by: liubingrun --- diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc index ee7b1278fd2..786e03022e0 100644 --- a/src/rgw/rgw_iam_policy.cc +++ b/src/rgw/rgw_iam_policy.cc @@ -905,91 +905,91 @@ bool Condition::eval(const Environment& env) const { // String! case TokenID::ForAnyValueStringEquals: case TokenID::StringEquals: - return orrible(std::equal_to(), itr, isruntime? runtime_vals : vals); + return multimap_any(std::equal_to(), itr, isruntime? runtime_vals : vals); case TokenID::StringNotEquals: - return orrible(std::not_fn(std::equal_to()), - itr, isruntime? runtime_vals : vals); + return multimap_any(std::not_fn(std::equal_to()), + itr, isruntime? runtime_vals : vals); case TokenID::ForAnyValueStringEqualsIgnoreCase: case TokenID::StringEqualsIgnoreCase: - return orrible(ci_equal_to(), itr, isruntime? runtime_vals : vals); + return multimap_any(ci_equal_to(), itr, isruntime? runtime_vals : vals); case TokenID::StringNotEqualsIgnoreCase: - return orrible(std::not_fn(ci_equal_to()), itr, isruntime? runtime_vals : vals); + return multimap_any(std::not_fn(ci_equal_to()), itr, isruntime? runtime_vals : vals); case TokenID::ForAnyValueStringLike: case TokenID::StringLike: - return orrible(string_like(), itr, isruntime? runtime_vals : vals); + return multimap_any(string_like(), itr, isruntime? runtime_vals : vals); case TokenID::StringNotLike: - return orrible(std::not_fn(string_like()), itr, isruntime? runtime_vals : vals); + return multimap_any(std::not_fn(string_like()), itr, isruntime? runtime_vals : vals); case TokenID::ForAllValuesStringEquals: - return andible(std::equal_to(), itr, isruntime? runtime_vals : vals); + return multimap_all(std::equal_to(), itr, isruntime? runtime_vals : vals); case TokenID::ForAllValuesStringLike: - return andible(string_like(), itr, isruntime? runtime_vals : vals); + return multimap_all(string_like(), itr, isruntime? runtime_vals : vals); case TokenID::ForAllValuesStringEqualsIgnoreCase: - return andible(ci_equal_to(), itr, isruntime? runtime_vals : vals); + return multimap_all(ci_equal_to(), itr, isruntime? runtime_vals : vals); // Numeric case TokenID::NumericEquals: - return shortible(std::equal_to(), as_number, s, vals); + return typed_any(std::equal_to(), as_number, s, vals); case TokenID::NumericNotEquals: - return shortible(std::not_fn(std::equal_to()), - as_number, s, vals); + return typed_any(std::not_fn(std::equal_to()), + as_number, s, vals); case TokenID::NumericLessThan: - return shortible(std::less(), as_number, s, vals); + return typed_any(std::less(), as_number, s, vals); case TokenID::NumericLessThanEquals: - return shortible(std::less_equal(), as_number, s, vals); + return typed_any(std::less_equal(), as_number, s, vals); case TokenID::NumericGreaterThan: - return shortible(std::greater(), as_number, s, vals); + return typed_any(std::greater(), as_number, s, vals); case TokenID::NumericGreaterThanEquals: - return shortible(std::greater_equal(), as_number, s, vals); + return typed_any(std::greater_equal(), as_number, s, + vals); // Date! case TokenID::DateEquals: - return shortible(std::equal_to(), as_date, s, vals); + return typed_any(std::equal_to(), as_date, s, vals); case TokenID::DateNotEquals: - return shortible(std::not_fn(std::equal_to()), - as_date, s, vals); - + return typed_any(std::not_fn(std::equal_to()), + as_date, s, vals); case TokenID::DateLessThan: - return shortible(std::less(), as_date, s, vals); + return typed_any(std::less(), as_date, s, vals); case TokenID::DateLessThanEquals: - return shortible(std::less_equal(), as_date, s, vals); + return typed_any(std::less_equal(), as_date, s, vals); case TokenID::DateGreaterThan: - return shortible(std::greater(), as_date, s, vals); + return typed_any(std::greater(), as_date, s, vals); case TokenID::DateGreaterThanEquals: - return shortible(std::greater_equal(), as_date, s, + return typed_any(std::greater_equal(), as_date, s, vals); // Bool! case TokenID::Bool: - return shortible(std::equal_to(), as_bool, s, vals); + return typed_any(std::equal_to(), as_bool, s, vals); // Binary! case TokenID::BinaryEquals: - return shortible(std::equal_to(), as_binary, s, + return typed_any(std::equal_to(), as_binary, s, vals); // IP Address! case TokenID::IpAddress: - return shortible(std::equal_to(), as_network, s, vals); + return typed_any(std::equal_to(), as_network, s, vals); case TokenID::NotIpAddress: { @@ -1015,10 +1015,10 @@ bool Condition::eval(const Environment& env) const { // The ArnEquals and ArnLike condition operators behave identically. case TokenID::ArnEquals: case TokenID::ArnLike: - return orrible(arn_like, itr, isruntime? runtime_vals : vals); + return multimap_any(arn_like, itr, isruntime? runtime_vals : vals); case TokenID::ArnNotEquals: case TokenID::ArnNotLike: - return orrible(std::not_fn(arn_like), itr, isruntime? runtime_vals : vals); + return multimap_any(std::not_fn(arn_like), itr, isruntime? runtime_vals : vals); default: return false; diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h index e77a8ed6eb4..654d75ac1da 100644 --- a/src/rgw/rgw_iam_policy.h +++ b/src/rgw/rgw_iam_policy.h @@ -486,8 +486,8 @@ struct Condition { using unordered_multimap_it_pair = std::pair ::const_iterator, std::unordered_multimap::const_iterator>; template - static bool andible(F&& f, const unordered_multimap_it_pair& it, - const std::vector& v) { + static bool multimap_all(F&& f, const unordered_multimap_it_pair& it, + const std::vector& v) { for (auto itr = it.first; itr != it.second; itr++) { bool matched = false; for (const auto& d : v) { @@ -502,8 +502,8 @@ struct Condition { } template - static bool orrible(F&& f, const unordered_multimap_it_pair& it, - const std::vector& v) { + static bool multimap_any(F&& f, const unordered_multimap_it_pair& it, + const std::vector& v) { for (auto itr = it.first; itr != it.second; itr++) { for (const auto& d : v) { if (f(itr->second, d)) { @@ -514,9 +514,22 @@ struct Condition { return false; } + template + static bool multimap_none(F&& f, const unordered_multimap_it_pair& it, + const std::vector& v) { + for (auto itr = it.first; itr != it.second; itr++) { + for (const auto& d : v) { + if (f(itr->second, d)) { + return false; + } + } + } + return true; + } + template - static bool shortible(F&& f, X& x, const std::string& c, - const std::vector& v) { + static bool typed_any(F&& f, X& x, const std::string& c, + const std::vector& v) { auto xc = std::forward(x)(c); if (!xc) { return false; @@ -535,6 +548,27 @@ struct Condition { return false; } + template + static bool typed_none(F&& f, X& x, const std::string& c, + const std::vector& v) { + auto xc = std::forward(x)(c); + if (!xc) { + return false; + } + + for (const auto& d : v) { + auto xd = x(d); + if (!xd) { + continue; + } + + if (f(*xc, *xd)) { + return false; + } + } + return true; + } + template bool has_key_p(const std::string& _key, F p) const { return p(key, _key);