rgw: change is_admin_of() to is_admin()

As admin propery of a user is something global and nothing related
to any other owner, we don't need any comparision.

Signed-off-by: Seena Fallah <[email protected]>
(cherry picked from commit 1a253ea)

Author: clwluvw

src/rgw/driver/rados/rgw_rest_user.cc

@@ -122,7 +122,7 @@ void RGWOp_User_Info::execute(optional_yield y)
   // dump_keys is false if user-info-without-keys is 'read' and
   // the user is not the system user or an admin user
   int keys_perm = s->user->get_info().caps.check_cap("users", RGW_CAP_READ);
-  if (keys_perm == 0 || op_state.system || s->auth.identity->is_admin_of(uid)) {
+  if (keys_perm == 0 || op_state.system || s->auth.identity->is_admin()) {
     dump_keys = true;
     ldpp_dout(s, 20) << "dump_keys is set to true" << dendl;
   }

src/rgw/rgw_auth.cc

@@ -203,7 +203,7 @@ static auto transform_old_authinfo(const RGWUserInfo& user,
     const rgw_user id;
     const std::string display_name;
     const std::string path;
-    const bool is_admin;
+    const bool user_is_admin;
     const uint32_t type;
     const std::optional<RGWAccountInfo> account;
     const std::vector<IAM::Policy> policies;
@@ -216,7 +216,7 @@ static auto transform_old_authinfo(const RGWUserInfo& user,
         id(user.user_id),
         display_name(user.display_name),
         path(user.path),
-        is_admin(user.admin),
+        user_is_admin(user.admin),
         type(user.type),
         account(std::move(account)),
         policies(std::move(policies))
@@ -238,8 +238,8 @@ static auto transform_old_authinfo(const RGWUserInfo& user,
       return rgw_perms_from_aclspec_default_strategy(id.to_str(), aclspec, dpp);
     }
 
-    bool is_admin_of(const rgw_owner& o) const override {
-      return is_admin;
+    bool is_admin() const override {
+      return user_is_admin;
     }
 
     bool is_owner_of(const rgw_owner& o) const override {
@@ -302,7 +302,7 @@ static auto transform_old_authinfo(const RGWUserInfo& user,
 
     void to_str(std::ostream& out) const override {
       out << "RGWDummyIdentityApplier(auth_id=" << id
-          << ", is_admin=" << is_admin << ")";
+          << ", is_admin=" << user_is_admin << ")";
     }
 
     auto load_acct_info(const DoutPrefixProvider* dpp) const -> std::unique_ptr<rgw::sal::User> override {
@@ -817,7 +817,7 @@ uint32_t rgw::auth::RemoteApplier::get_perms_from_aclspec(const DoutPrefixProvid
   return perm;
 }
 
-bool rgw::auth::RemoteApplier::is_admin_of(const rgw_owner& o) const
+bool rgw::auth::RemoteApplier::is_admin() const
 {
   return info.is_admin;
 }
@@ -1057,7 +1057,7 @@ uint32_t rgw::auth::LocalApplier::get_perms_from_aclspec(const DoutPrefixProvide
   return mask;
 }
 
-bool rgw::auth::LocalApplier::is_admin_of(const rgw_owner& o) const
+bool rgw::auth::LocalApplier::is_admin() const
 {
   return user_info.admin || user_info.system;
 }

src/rgw/rgw_auth.h

@@ -48,9 +48,9 @@ class Identity {
    * applier that is being used. */
   virtual uint32_t get_perms_from_aclspec(const DoutPrefixProvider* dpp, const aclspec_t& aclspec) const = 0;
 
-  /* Verify whether a given identity *can be treated as* an admin of rgw_owner
-  * specified in @o. On error throws rgw::auth::Exception storing the reason. */
-  virtual bool is_admin_of(const rgw_owner& o) const = 0;
+  /* Verify whether a given identity *can be treated as* an admin.
+   * On error throws rgw::auth::Exception storing the reason. */
+  virtual bool is_admin() const = 0;
 
   /* Verify whether a given identity is the rgw_owner specified in @o.
    * On internal error throws rgw::auth::Exception storing the reason. */
@@ -480,7 +480,7 @@ class WebIdentityApplier : public IdentityApplier {
     return RGW_PERM_NONE;
   }
 
-  bool is_admin_of(const rgw_owner& o) const override {
+  bool is_admin() const override {
     return false;
   }
 
@@ -664,7 +664,7 @@ class RemoteApplier : public IdentityApplier {
 
   ACLOwner get_aclowner() const override;
   uint32_t get_perms_from_aclspec(const DoutPrefixProvider* dpp, const aclspec_t& aclspec) const override;
-  bool is_admin_of(const rgw_owner& o) const override;
+  bool is_admin() const override;
   bool is_owner_of(const rgw_owner& o) const override;
   bool is_root() const override;
   bool is_identity(const Principal& p) const override;
@@ -730,7 +730,7 @@ class LocalApplier : public IdentityApplier {
 
   ACLOwner get_aclowner() const override;
   uint32_t get_perms_from_aclspec(const DoutPrefixProvider* dpp, const aclspec_t& aclspec) const override;
-  bool is_admin_of(const rgw_owner& o) const override;
+  bool is_admin() const override;
   bool is_owner_of(const rgw_owner& o) const override;
   bool is_root() const override;
   bool is_identity(const Principal& p) const override;
@@ -813,7 +813,7 @@ class RoleApplier : public IdentityApplier {
   uint32_t get_perms_from_aclspec(const DoutPrefixProvider* dpp, const aclspec_t& aclspec) const override {
     return 0;
   }
-  bool is_admin_of(const rgw_owner& o) const override {
+  bool is_admin() const override {
     return false;
   }
   bool is_owner_of(const rgw_owner& o) const override;
@@ -861,7 +861,7 @@ class ServiceIdentity : public Identity {
     return RGW_PERM_NONE;
   }
 
-  bool is_admin_of(const rgw_owner& o) const override {
+  bool is_admin() const override {
     return false;
   }
 

src/rgw/rgw_auth_filters.h

@@ -73,8 +73,8 @@ class DecoratedApplier : public rgw::auth::IdentityApplier {
     return get_decoratee().get_perms_from_aclspec(dpp, aclspec);
   }
 
-  bool is_admin_of(const rgw_owner& o) const override {
-    return get_decoratee().is_admin_of(o);
+  bool is_admin() const override {
+    return get_decoratee().is_admin();
   }
 
   bool is_owner_of(const rgw_owner& o) const override {
@@ -281,12 +281,12 @@ class SysReqApplier : public DecoratedApplier<T> {
     return DecoratedApplier<T>::get_tenant();
   }
 
-  bool is_admin_of(const rgw_owner& o) const override {
+  bool is_admin() const override {
     if (is_system && !is_impersonating) {
       return true;
     }
 
-    return DecoratedApplier<T>::is_admin_of(o);
+    return DecoratedApplier<T>::is_admin();
   }
 };
 

src/rgw/rgw_lib.cc

@@ -283,7 +283,7 @@ namespace rgw {
       if (ret < 0) {
 	if (s->system_request) {
 	  ldpp_dout(op, 2) << "overriding permissions due to system operation" << dendl;
-	} else if (s->auth.identity->is_admin_of(s->user->get_id())) {
+	} else if (s->auth.identity->is_admin()) {
 	  ldpp_dout(op, 2) << "overriding permissions due to admin operation" << dendl;
 	} else {
 	  abort_req(s, op, ret);
@@ -420,7 +420,7 @@ namespace rgw {
     if (ret < 0) {
       if (s->system_request) {
 	ldpp_dout(op, 2) << "overriding permissions due to system operation" << dendl;
-      } else if (s->auth.identity->is_admin_of(s->user->get_id())) {
+      } else if (s->auth.identity->is_admin()) {
 	ldpp_dout(op, 2) << "overriding permissions due to admin operation" << dendl;
       } else {
 	abort_req(s, op, ret);

src/rgw/rgw_op.cc

@@ -428,7 +428,7 @@ static int read_obj_policy(const DoutPrefixProvider *dpp,
       return ret;
     }
 
-    if (s->auth.identity->is_admin_of(bucket_policy.get_owner().id)) {
+    if (s->auth.identity->is_admin()) {
       return -ENOENT;
     }
 
@@ -1858,7 +1858,7 @@ int RGWGetObj::read_user_manifest_part(rgw::sal::Bucket* bucket,
    * stored inside different accounts. */
   if (s->system_request) {
     ldpp_dout(this, 2) << "overriding permissions due to system operation" << dendl;
-  } else if (s->auth.identity->is_admin_of(s->user->get_id())) {
+  } else if (s->auth.identity->is_admin()) {
     ldpp_dout(this, 2) << "overriding permissions due to admin operation" << dendl;
   } else if (!verify_object_permission(this, s, part->get_obj(), s->user_acl,
 				       bucket_acl, obj_policy, bucket_policy,

src/rgw/rgw_process.cc

@@ -228,8 +228,8 @@ int rgw_process_authenticated(RGWHandler_REST * const handler,
   }
   if (ret == -EACCES || ret == -EPERM || ret == -ERR_AUTHORIZATION) {
     // system requests may impersonate another user/role for permission checks
-    // so only rely on is_admin_of() to override permissions
-    if (s->auth.identity->is_admin_of(s->user->get_id())) {
+    // so only rely on is_admin() to override permissions
+    if (s->auth.identity->is_admin()) {
       dout(2) << "overriding permissions due to admin operation" << dendl;
     } else {
       return ret;

src/rgw/rgw_rest_s3.cc

@@ -417,7 +417,7 @@ int RGWGetObj_ObjStore_S3::send_response_data(bufferlist& bl, off_t bl_ofs,
     auto action = s->object->get_instance().empty() ? rgw::IAM::s3GetObjectTagging : rgw::IAM::s3GetObjectVersionTagging;
     // since we are already under s->system_request, if the request is not impersonating,
     // it can be assumed that it is not a user-mode replication.
-    bool keep_tags = s->auth.identity->is_admin_of(s->user->get_id()) || verify_object_permission(this, s, action);
+    bool keep_tags = s->auth.identity->is_admin() || verify_object_permission(this, s, action);
 
     // remove tags from attrs if the user doesn't have permission
     bufferlist tags_bl;

src/rgw/rgw_sts.cc

@@ -124,7 +124,7 @@ int Credentials::generateCredentials(const DoutPrefixProvider *dpp,
   if (identity) {
     token.acct_name = identity->get_acct_name();
     token.perm_mask = identity->get_perm_mask();
-    token.is_admin = identity->is_admin_of(token.user);
+    token.is_admin = identity->is_admin();
     token.acct_type = identity->get_identity_type();
   } else {
     token.acct_name = {};

src/rgw/rgw_swift_auth.h

@@ -159,7 +159,7 @@ class SwiftAnonymousApplier : public rgw::auth::LocalApplier {
       : LocalApplier(cct, std::move(user), std::nullopt, {}, LocalApplier::NO_SUBUSER,
                      std::nullopt, LocalApplier::NO_ACCESS_KEY) {
     }
-    bool is_admin_of(const rgw_owner& o) const {return false;}
+    bool is_admin() const {return false;}
     bool is_owner_of(const rgw_owner& o) const {
       auto* uid = std::get_if<rgw_user>(&o);
       return uid && uid->id == RGW_USER_ANON_ID;