From a794e124682bce84fa453fe78b1ba08426de28af Mon Sep 17 00:00:00 2001
From: Casey Bodley <cbodley@redhat.com>
Date: Thu, 11 Apr 2024 14:48:29 -0400
Subject: [PATCH] Revert "RGW: a subuser with no permission can still list
 buckets and create buckets"

This reverts commit 3cc27f0676c7ba2677f92969339b18b665c53c02.

Signed-off-by: Casey Bodley <cbodley@redhat.com>
---
 src/rgw/rgw_common.cc | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc
index 6b560d8f6e6..f5b834e0672 100644
--- a/src/rgw/rgw_common.cc
+++ b/src/rgw/rgw_common.cc
@@ -1273,14 +1273,13 @@ bool verify_user_permission_no_policy(const DoutPrefixProvider* dpp,
   if (s->identity->get_identity_type() == TYPE_ROLE)
     return false;
 
-  /* S3 doesn't have a subuser, it takes user permissions  */
-  if ((perm & (int)s->perm_mask) != perm)
-    return false;
-
   /* S3 doesn't support account ACLs, so user_acl will be uninitialized. */
   if (user_acl.get_owner().empty())
     return true;
-  
+
+  if ((perm & (int)s->perm_mask) != perm)
+    return false;
+
   return user_acl.verify_permission(dpp, *s->identity, perm, perm);
 }
 
-- 
2.39.5