From ff8305a97303074899a19339834707b4fb139e96 Mon Sep 17 00:00:00 2001
From: Yehuda Sadeh <yehuda@redhat.com>
Date: Mon, 29 Feb 2016 14:59:50 -0800
Subject: [PATCH] rgw: fix permission check for request payer

If request_payer auth check returns false, we need to abort.

Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
---
 src/rgw/rgw_common.cc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc
index 7ad748478ead9..794f5992ce1a3 100644
--- a/src/rgw/rgw_common.cc
+++ b/src/rgw/rgw_common.cc
@@ -839,9 +839,6 @@ static inline bool check_deferred_bucket_acl(struct req_state * const s,
                                              const uint8_t deferred_check,
                                              const int perm)
 {
-  if (!verify_requester_payer_permission(s))
-    return false;
-
   return (s->defer_to_bucket_acls == deferred_check \
               && verify_bucket_permission(s, bucket_acl, perm));
 }
@@ -851,6 +848,9 @@ bool verify_object_permission(struct req_state * const s,
                               RGWAccessControlPolicy * const object_acl,
                               const int perm)
 {
+  if (!verify_requester_payer_permission(s))
+    return false;
+
   if (check_deferred_bucket_acl(s, bucket_acl, RGW_DEFER_TO_BUCKET_ACLS_RECURSE, perm) ||
       check_deferred_bucket_acl(s, bucket_acl, RGW_DEFER_TO_BUCKET_ACLS_FULL_CONTROL, RGW_PERM_FULL_CONTROL)) {
     return true;
-- 
2.39.5