From 99131fc14bbfcf07f2dbba7a67a6250f9da57583 Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Thu, 16 Nov 2023 15:11:33 -0500 Subject: [PATCH] rgw/acl: use create_default() instead of empty canned acls create_default() adds the same default acl, without the relation to s3 canned acls Signed-off-by: Casey Bodley --- src/rgw/driver/rados/rgw_tools.cc | 5 +++-- src/rgw/rgw_file_int.h | 32 ++++++++++++------------------- 2 files changed, 15 insertions(+), 22 deletions(-) diff --git a/src/rgw/driver/rados/rgw_tools.cc b/src/rgw/driver/rados/rgw_tools.cc index 8219849af4680..bf78b9bb22e24 100644 --- a/src/rgw/driver/rados/rgw_tools.cc +++ b/src/rgw/driver/rados/rgw_tools.cc @@ -412,9 +412,10 @@ int RGWDataAccess::Object::put(bufferlist& data, } if (!aclbl) { - RGWAccessControlPolicy_S3 policy; + RGWAccessControlPolicy policy; - policy.create_canned(bucket->policy.get_owner(), bucket->policy.get_owner(), string()); /* default private policy */ + const auto& owner = bucket->policy.get_owner(); + policy.create_default(owner.id, owner.display_name); // default private policy policy.encode(aclbl.emplace()); } diff --git a/src/rgw/rgw_file_int.h b/src/rgw/rgw_file_int.h index 4e3b269ffd0a3..5658003adb8a3 100644 --- a/src/rgw/rgw_file_int.h +++ b/src/rgw/rgw_file_int.h @@ -1914,11 +1914,9 @@ public: int get_params(optional_yield) override { req_state* state = get_state(); - RGWAccessControlPolicy_S3 s3policy; - /* we don't have (any) headers, so just create canned ACLs */ - int ret = s3policy.create_canned(state->owner, state->bucket_owner, state->canned_acl); - policy = s3policy; - return ret; + /* we don't have (any) headers, so just create default ACLs */ + policy.create_default(state->owner.id, state->owner.display_name); + return 0; } void send_response() override { @@ -2030,11 +2028,9 @@ public: int get_params(optional_yield) override { req_state* state = get_state(); - RGWAccessControlPolicy_S3 s3policy; - /* we don't have (any) headers, so just create canned ACLs */ - int ret = s3policy.create_canned(state->owner, state->bucket_owner, state->canned_acl); - policy = s3policy; - return ret; + /* we don't have (any) headers, so just create default ACLs */ + policy.create_default(state->owner.id, state->owner.display_name); + return 0; } int get_data(buffer::list& _bl) override { @@ -2534,11 +2530,9 @@ public: int get_params(optional_yield) override { req_state* state = get_state(); - RGWAccessControlPolicy_S3 s3policy; - /* we don't have (any) headers, so just create canned ACLs */ - int ret = s3policy.create_canned(state->owner, state->bucket_owner, state->canned_acl); - policy = s3policy; - return ret; + /* we don't have (any) headers, so just create default ACLs */ + policy.create_default(state->owner.id, state->owner.display_name); + return 0; } int get_data(buffer::list& _bl) override { @@ -2641,15 +2635,13 @@ public: int get_params(optional_yield) override { req_state* s = get_state(); - RGWAccessControlPolicy_S3 s3policy; - /* we don't have (any) headers, so just create canned ACLs */ - int ret = s3policy.create_canned(s->owner, s->bucket_owner, s->canned_acl); - dest_policy = s3policy; + /* we don't have (any) headers, so just create default ACLs */ + dest_policy.create_default(s->owner.id, s->owner.display_name); /* src_object required before RGWCopyObj::verify_permissions() */ rgw_obj_key k = rgw_obj_key(src_name); s->src_object = s->bucket->get_object(k); s->object = s->src_object->clone(); // needed to avoid trap at rgw_op.cc:5150 - return ret; + return 0; } void send_response() override {} -- 2.39.5