diff options
Diffstat (limited to 'src/rgw/rgw_acl_swift.h')
| -rw-r--r-- | src/rgw/rgw_acl_swift.h | 94 |
1 files changed, 42 insertions, 52 deletions
diff --git a/src/rgw/rgw_acl_swift.h b/src/rgw/rgw_acl_swift.h index 4cb1e4b8f8f..a16bea894db 100644 --- a/src/rgw/rgw_acl_swift.h +++ b/src/rgw/rgw_acl_swift.h @@ -3,56 +3,46 @@ #pragma once -#include <map> -#include <vector> #include <string> -#include <include/types.h> - -#include <boost/optional.hpp> - -#include "rgw_acl.h" - -class RGWUserCtl; - -class RGWAccessControlPolicy_SWIFT : public RGWAccessControlPolicy -{ - int add_grants(const DoutPrefixProvider *dpp, rgw::sal::Driver* driver, - const std::vector<std::string>& uids, - uint32_t perm); - -public: - explicit RGWAccessControlPolicy_SWIFT(CephContext* const cct) - : RGWAccessControlPolicy(cct) { - } - ~RGWAccessControlPolicy_SWIFT() override = default; - - int create(const DoutPrefixProvider *dpp, - rgw::sal::Driver* driver, - const rgw_user& id, - const std::string& name, - const char* read_list, - const char* write_list, - uint32_t& rw_mask); - void filter_merge(uint32_t mask, RGWAccessControlPolicy_SWIFT *policy); - void to_str(std::string& read, std::string& write); -}; - -class RGWAccessControlPolicy_SWIFTAcct : public RGWAccessControlPolicy -{ -public: - explicit RGWAccessControlPolicy_SWIFTAcct(CephContext * const cct) - : RGWAccessControlPolicy(cct) { - } - ~RGWAccessControlPolicy_SWIFTAcct() override {} - - void add_grants(const DoutPrefixProvider *dpp, - rgw::sal::Driver* driver, - const std::vector<std::string>& uids, - uint32_t perm); - bool create(const DoutPrefixProvider *dpp, - rgw::sal::Driver* driver, - const rgw_user& id, - const std::string& name, - const std::string& acl_str); - boost::optional<std::string> to_str() const; -}; +#include "rgw_sal_fwd.h" +#include "rgw_user_types.h" + +class DoutPrefixProvider; +class RGWAccessControlPolicy; + +namespace rgw::swift { + +/// Create a policy based on swift container acl headers +/// X-Container-Read/X-Container-Write. +int create_container_policy(const DoutPrefixProvider *dpp, + rgw::sal::Driver* driver, + const rgw_user& id, + const std::string& name, + const char* read_list, + const char* write_list, + uint32_t& rw_mask, + RGWAccessControlPolicy& policy); + +/// Copy grants matching the permission mask (SWIFT_PERM_READ/WRITE) from +/// one policy to another. +void merge_policy(uint32_t rw_mask, const RGWAccessControlPolicy& src, + RGWAccessControlPolicy& dest); + +/// Format the policy in terms of X-Container-Read/X-Container-Write strings. +void format_container_acls(const RGWAccessControlPolicy& policy, + std::string& read, std::string& write); + +/// Create a policy based on swift account acl header X-Account-Access-Control. +int create_account_policy(const DoutPrefixProvider* dpp, + rgw::sal::Driver* driver, + const rgw_user& id, + const std::string& name, + const std::string& acl_str, + RGWAccessControlPolicy& policy); + +/// Format the policy in terms of the X-Account-Access-Control string. Returns +/// std::nullopt if there are no admin/read-write/read-only entries. +auto format_account_acl(const RGWAccessControlPolicy& policy) + -> std::optional<std::string>; + +} // namespace rgw::swift |