From 36951d6e48de4cb84a2120f70f8b6ce7c7847e30 Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Wed, 23 May 2012 14:03:47 -0700 Subject: [PATCH] mon: use temp access_{r,all,cmd} variables to simplify the checks Avoid duplicating the compound check all over the place. Signed-off-by: Sage Weil --- src/mon/Monitor.cc | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc index e882f732b57be..46f0126521d42 100644 --- a/src/mon/Monitor.cc +++ b/src/mon/Monitor.cc @@ -1127,6 +1127,11 @@ void Monitor::handle_command(MMonCommand *m) return; } + bool access_cmd = _allowed_command(session, m->cmd); + bool access_r = (session->caps.check_privileges(PAXOS_MONMAP, MON_CAP_R) || + access_cmd); + bool access_all = (session->caps.get_allow_all() || access_cmd); + dout(0) << "handle_command " << *m << dendl; bufferlist rdata; string rs; @@ -1156,8 +1161,7 @@ void Monitor::handle_command(MMonCommand *m) return; } if (m->cmd[0] == "log") { - if (!session->caps.check_privileges(PAXOS_MONMAP, MON_CAP_R) && - !_allowed_command(session, m->cmd)) { + if (!access_r) { r = -EACCES; rs = "access denied"; goto out; @@ -1174,7 +1178,7 @@ void Monitor::handle_command(MMonCommand *m) return; } if (m->cmd[0] == "stop_cluster") { - if (!session->caps.get_allow_all() && !_allowed_command(session, m->cmd)) { + if (!access_all) { r = -EACCES; rs = "access denied"; goto out; @@ -1185,7 +1189,7 @@ void Monitor::handle_command(MMonCommand *m) } if (m->cmd[0] == "injectargs") { - if (!session->caps.get_allow_all() && !_allowed_command(session, m->cmd)) { + if (!access_all) { r = -EACCES; rs = "access denied"; goto out; @@ -1212,8 +1216,7 @@ void Monitor::handle_command(MMonCommand *m) return; } if (m->cmd[0] == "status") { - if (!session->caps.check_privileges(PAXOS_MONMAP, MON_CAP_R) && - !_allowed_command(session, m->cmd)) { + if (!access_r) { r = -EACCES; rs = "access denied"; goto out; @@ -1231,15 +1234,14 @@ void Monitor::handle_command(MMonCommand *m) r = 0; } if (m->cmd[0] == "quorum_status") { - if (!session->caps.check_privileges(PAXOS_MONMAP, MON_CAP_R) && - !_allowed_command(session, m->cmd)) { + if (!access_r) { r = -EACCES; rs = "access denied"; goto out; } // make sure our map is readable and up to date if (!is_leader() && !is_peon()) { - dout(10) << " waiting for qorum" << dendl; + dout(10) << " waiting for quorum" << dendl; waitfor_quorum.push_back(new C_RetryMessage(this, m)); return; } @@ -1249,8 +1251,7 @@ void Monitor::handle_command(MMonCommand *m) r = 0; } if (m->cmd[0] == "mon_status") { - if (!session->caps.check_privileges(PAXOS_MONMAP, MON_CAP_R) && - !_allowed_command(session, m->cmd)) { + if (!access_r) { r = -EACCES; rs = "access denied"; goto out; @@ -1261,8 +1262,7 @@ void Monitor::handle_command(MMonCommand *m) r = 0; } if (m->cmd[0] == "health") { - if (!session->caps.check_privileges(PAXOS_MONMAP, MON_CAP_R) && - !_allowed_command(session, m->cmd)) { + if (!access_r) { r = -EACCES; rs = "access denied"; goto out; @@ -1271,7 +1271,7 @@ void Monitor::handle_command(MMonCommand *m) r = 0; } if (m->cmd[0] == "heap") { - if (!session->caps.get_allow_all() && !_allowed_command(session, m->cmd)) { + if (!access_all) { r = -EACCES; rs = "access denied"; goto out; @@ -1282,7 +1282,7 @@ void Monitor::handle_command(MMonCommand *m) ceph_heap_profiler_handle_command(m->cmd, clog); } if (m->cmd[0] == "quorum") { - if (!session->caps.get_allow_all() && !_allowed_command(session, m->cmd)) { + if (!access_all) { r = -EACCES; rs = "access denied"; goto out; -- 2.39.5