diff options
Diffstat (limited to 'src/rgw/rgw_op.cc')
| -rw-r--r-- | src/rgw/rgw_op.cc | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc index 0c157c561fb..acf31f51ecb 100644 --- a/src/rgw/rgw_op.cc +++ b/src/rgw/rgw_op.cc @@ -339,6 +339,20 @@ int RGWGetObj::verify_permission() } +int RGWOp::verify_op_mask() +{ + uint32_t required_mask = op_mask(); + + ldout(s->cct, 20) << "required_mask= " << required_mask << " user.op_mask=" << s->user.op_mask << dendl; + + if ((s->user.op_mask & required_mask) != required_mask) { + return -EPERM; + } + + return 0; +} + + int RGWGetObj::read_user_manifest_part(rgw_bucket& bucket, RGWObjEnt& ent, RGWAccessControlPolicy *bucket_policy, off_t start_ofs, off_t end_ofs) { ldout(s->cct, 0) << "user manifest obj=" << ent.name << dendl; @@ -1780,6 +1794,11 @@ int RGWGetACLs::verify_permission() return 0; } +uint32_t RGWGetACLs::op_mask() +{ + return RGW_OP_TYPE_READ; +} + void RGWGetACLs::execute() { stringstream ss; @@ -1805,6 +1824,11 @@ int RGWPutACLs::verify_permission() return 0; } +uint32_t RGWPutACLs::op_mask() +{ + return RGW_OP_TYPE_WRITE; +} + void RGWPutACLs::execute() { bufferlist bl; |