From: Casey Bodley <cbodley@redhat.com>
Date: Tue, 21 Feb 2017 15:27:13 +0000 (-0500)
Subject: rgw: allow system users to read SLO parts
X-Git-Tag: v12.0.2~279^2~2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=d50d18c500fd5dd89e7cada1162cf453b36df370;p=ceph.git

rgw: allow system users to read SLO parts

multisite data sync relies on fetching the object as the system user

Fixes: http://tracker.ceph.com/issues/19027

Signed-off-by: Casey Bodley <cbodley@redhat.com>
---

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index aaf7f96438c..a209eb06ad1 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -876,8 +876,12 @@ int RGWGetObj::read_user_manifest_part(rgw_bucket& bucket,
 
   /* We can use global user_acl because LOs cannot have segments
    * stored inside different accounts. */
-  if (!verify_object_permission(s, s->user_acl.get(), bucket_policy,
-          &obj_policy, RGW_PERM_READ)) {
+  if (s->system_request) {
+    ldout(s->cct, 2) << "overriding permissions due to system operation" << dendl;
+  } else if (s->auth_identity->is_admin_of(s->user->user_id)) {
+    ldout(s->cct, 2) << "overriding permissions due to admin operation" << dendl;
+  } else if (!verify_object_permission(s, s->user_acl.get(), bucket_policy,
+                                       &obj_policy, RGW_PERM_READ)) {
     return -EPERM;
   }