New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

luminous: policy checks missing from Get/SetRequestPayment operations #18440

Merged
merged 2 commits into from Oct 27, 2017
Jump to file or symbol
Failed to load files and symbols.
+33 −12
Diff settings

Always

Just for now

View
@@ -2017,11 +2017,16 @@ void RGWStatAccount::execute()
int RGWGetBucketVersioning::verify_permission()
{
if (false == s->auth.identity->is_owner_of(s->bucket_owner.get_id())) {
return -EACCES;
if (s->iam_policy) {
if (s->iam_policy->eval(s->env, *s->auth.identity,
rgw::IAM::s3GetBucketVersioning,
ARN(s->bucket)) == Effect::Allow) {
return 0;
}
} else if (s->auth.identity->is_owner_of(s->bucket_owner.get_id())) {
return 0;
}
return 0;
return -EACCES;
}
void RGWGetBucketVersioning::pre_exec()
@@ -2037,11 +2042,16 @@ void RGWGetBucketVersioning::execute()
int RGWSetBucketVersioning::verify_permission()
{
if (false == s->auth.identity->is_owner_of(s->bucket_owner.get_id())) {
return -EACCES;
if (s->iam_policy) {
if (s->iam_policy->eval(s->env, *s->auth.identity,
rgw::IAM::s3PutBucketVersioning,
ARN(s->bucket)) == Effect::Allow) {
return 0;
}
} else if (s->auth.identity->is_owner_of(s->bucket_owner.get_id())) {
return 0;
}
return 0;
return -EACCES;
}
void RGWSetBucketVersioning::pre_exec()
@@ -5070,6 +5080,12 @@ void RGWOptionsCORS::execute()
int RGWGetRequestPayment::verify_permission()
{
if (s->iam_policy &&
s->iam_policy->eval(s->env, *s->auth.identity,
rgw::IAM::s3GetBucketRequestPayment,
ARN(s->bucket)) != Effect::Allow) {
return -EACCES;
}
return 0;
}
@@ -5085,11 +5101,16 @@ void RGWGetRequestPayment::execute()
int RGWSetRequestPayment::verify_permission()
{
if (false == s->auth.identity->is_owner_of(s->bucket_owner.get_id())) {
return -EACCES;
if (s->iam_policy) {
if (s->iam_policy->eval(s->env, *s->auth.identity,
rgw::IAM::s3PutBucketRequestPayment,
ARN(s->bucket)) == Effect::Allow) {
return 0;
}
} else if (s->auth.identity->is_owner_of(s->bucket_owner.get_id())) {
return 0;
}
return 0;
return -EACCES;
}
void RGWSetRequestPayment::pre_exec()
ProTip! Use n and p to navigate between commits in a pull request.