From 63c29adb6ced8546ea010f1ded9a2611264ced1a Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Thu, 28 May 2015 00:52:27 -0400 Subject: [PATCH] mds/MDSAuthCaps: move allows() into MDSCapSpec Also, fix this so that 'any' implies that we can read or write. Signed-off-by: Sage Weil --- src/mds/MDSAuthCaps.cc | 13 +++++-------- src/mds/MDSAuthCaps.h | 9 +++++++++ 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/src/mds/MDSAuthCaps.cc b/src/mds/MDSAuthCaps.cc index 9aa65c5f436..4f78db7ac08 100644 --- a/src/mds/MDSAuthCaps.cc +++ b/src/mds/MDSAuthCaps.cc @@ -97,16 +97,13 @@ struct MDSCapParser : qi::grammar * requested path + op. * */ -bool MDSAuthCaps::is_capable(const std::string &path, int uid, bool may_read, bool may_write) const +bool MDSAuthCaps::is_capable(const std::string &path, int uid, + bool may_read, bool may_write) const { for (std::vector::const_iterator i = grants.begin(); i != grants.end(); ++i) { - if (i->match.match(path, uid)) { - if ((may_read && !i->spec.read) || - (may_write && !i->spec.write)) { - continue; - } else { - return true; - } + if (i->match.match(path, uid) && + i->spec.allows(may_read, may_write)) { + return true; } } diff --git a/src/mds/MDSAuthCaps.h b/src/mds/MDSAuthCaps.h index c243ef424ca..13cdc29e358 100644 --- a/src/mds/MDSAuthCaps.h +++ b/src/mds/MDSAuthCaps.h @@ -32,6 +32,15 @@ struct MDSCapSpec { bool allow_all() const { return any; } + bool allows(bool r, bool w) const { + if (any) + return true; + if (r && !read) + return false; + if (w && !write) + return false; + return true; + } }; // conditions before we are allowed to do it -- 2.47.3