From bb4c2cacb247bba5afc9fe5ad8e9fb2018744cef Mon Sep 17 00:00:00 2001
From: Matt Benjamin <mbenjamin@redhat.com>
Date: Tue, 5 Apr 2016 18:22:04 -0400
Subject: [PATCH] librgw/rgw_file:  correctly handle object permissions

Implement the full object permission model for librgw (aka, NFS
and similar) operations.

Fixes DIRS1 unit tests.

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
---
 src/rgw/librgw.cc | 15 ++++++++++++++-
 src/rgw/rgw_op.cc |  3 ++-
 src/rgw/rgw_op.h  |  2 ++
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/src/rgw/librgw.cc b/src/rgw/librgw.cc
index 220d02409978..37414fc831db 100644
--- a/src/rgw/librgw.cc
+++ b/src/rgw/librgw.cc
@@ -545,16 +545,29 @@ namespace rgw {
   }
 
   int RGWLibRequest::read_permissions(RGWOp* op) {
+    /* bucket and object ops */
     int ret =
       rgw_build_bucket_policies(rgwlib.get_store(), get_state());
     if (ret < 0) {
-      ldout(get_state()->cct, 10) << "read_permissions on "
+      ldout(get_state()->cct, 10) << "read_permissions (bucket policy) on "
 				  << get_state()->bucket << ":"
 				  << get_state()->object
 				  << " only_bucket=" << only_bucket()
 				  << " ret=" << ret << dendl;
       if (ret == -ENODATA)
 	ret = -EACCES;
+    } else if (! only_bucket()) {
+      /* object ops */
+      ret = rgw_build_object_policies(rgwlib.get_store(), get_state(),
+				      op->prefetch_data());
+      if (ret < 0) {
+	ldout(get_state()->cct, 10) << "read_permissions (object policy) on"
+				    << get_state()->bucket << ":"
+				    << get_state()->object
+				    << " ret=" << ret << dendl;
+	if (ret == -ENODATA)
+	  ret = -EACCES;
+      }
     }
     return ret;
   } /* RGWLibRequest::read_permissions */
diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 66ecd5568d28..f8ee1924eca1 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -398,7 +398,8 @@ int rgw_build_bucket_policies(RGWRados* store, struct req_state* s)
  * only_bucket: If true, reads the bucket ACL rather than the object ACL.
  * Returns: 0 on success, -ERR# otherwise.
  */
-static int rgw_build_object_policies(RGWRados *store, struct req_state *s, bool prefetch_data)
+int rgw_build_object_policies(RGWRados *store, struct req_state *s,
+			      bool prefetch_data)
 {
   int ret = 0;
 
diff --git a/src/rgw/rgw_op.h b/src/rgw/rgw_op.h
index e3ecd600ed3f..825dd93b41e0 100644
--- a/src/rgw/rgw_op.h
+++ b/src/rgw/rgw_op.h
@@ -1338,6 +1338,8 @@ public:
 };
 
 extern int rgw_build_bucket_policies(RGWRados* store, struct req_state* s);
+extern int rgw_build_object_policies(RGWRados *store, struct req_state *s,
+				    bool prefetch_data);
 
 static inline int put_data_and_throttle(RGWPutObjProcessor *processor,
 					bufferlist& data, off_t ofs,
-- 
2.47.3