From 86334645cf96c03515d30804e2df0bdf22916fb5 Mon Sep 17 00:00:00 2001
From: "Enming.Zhang" <zvampirem77@gmail.com>
Date: Tue, 27 Nov 2018 06:41:56 -0500
Subject: [PATCH] rgw: cleanup for RGWDeleteObj::verify_permission()

- if the 'Effect' field of user policy and bucket policy
  is set to 'Allow', RGWDeleteObj::verify_permission()
  should return 0 instead of true;

- as the same with bucket policy, if the 'Effect' field
  of user policy is set to 'Deny', RGWDeleteObj::verify_permission()
  should return -EACCES instead of false;

Signed-off-by: Enming.Zhang <zvampirem77@gmail.com>
---
 src/rgw/rgw_op.cc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index d5d0211fa639..37e45ec0374d 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -4275,7 +4275,7 @@ int RGWDeleteObj::verify_permission()
                                               rgw::IAM::s3DeleteObjectVersion,
                                               ARN(s->bucket, s->object.name));
     if (usr_policy_res == Effect::Deny) {
-      return false;
+      return -EACCES;
     }
     auto r = s->iam_policy->eval(s->env, *s->auth.identity,
 				 s->object.instance.empty() ?
@@ -4283,11 +4283,11 @@ int RGWDeleteObj::verify_permission()
 				 rgw::IAM::s3DeleteObjectVersion,
 				 ARN(s->bucket, s->object.name));
     if (r == Effect::Allow)
-      return true;
+      return 0;
     else if (r == Effect::Deny)
       return -EACCES;
     else if (usr_policy_res == Effect::Allow)
-      return true;
+      return 0;
   }
 
   if (!verify_bucket_permission_no_policy(this, s, RGW_PERM_WRITE)) {
-- 
2.47.3