Merge pull request ceph#55661 from shreyanshjain7174/tracker_63791

RGW: a subuser with no permission can still list buckets and create buckets

Reviewed-by: Jiffin Tony Thottan <[email protected]>

Author: cbodley

src/rgw/rgw_common.cc

@@ -1184,13 +1184,14 @@ bool verify_user_permission_no_policy(const DoutPrefixProvider* dpp,
   if (s->identity->get_identity_type() == TYPE_ROLE)
     return false;
 
-  /* S3 doesn't support account ACLs, so user_acl will be uninitialized. */
-  if (user_acl.get_owner().id.empty())
-    return true;
-
+  /* S3 doesn't have a subuser, it takes user permissions  */
   if ((perm & (int)s->perm_mask) != perm)
     return false;
 
+  /* S3 doesn't support account ACLs, so user_acl will be uninitialized. */
+  if (user_acl.get_owner().id.empty())
+    return true;
+  
   return user_acl.verify_permission(dpp, *s->identity, perm, perm);
 }