import 15.2.5

[ceph.git] / ceph / src / rgw / rgw_iam_policy.cc

diff --git a/ceph/src/rgw/rgw_iam_policy.cc b/ceph/src/rgw/rgw_iam_policy.cc
index da0fa92b7010e725b08f29db7faac10db302e19d..31936c40472f2d3b4f06f6182b7be8dc6b33c642 100644 (file)
--- a/ceph/src/rgw/rgw_iam_policy.cc
+++ b/ceph/src/rgw/rgw_iam_policy.cc
@@ -970,12 +970,9 @@ ostream& operator <<(ostream& m, const Condition& c) {
 Effect Statement::eval(const Environment& e,
                       boost::optional<const rgw::auth::Identity&> ida,
                       uint64_t act, const ARN& res) const {
-  if (ida) {
-    if (!princ.empty() && !ida->is_identity(princ)) {
-      return Effect::Pass;
-    } else if (!noprinc.empty() && ida->is_identity(noprinc)) {
-      return Effect::Pass;
-    }
+
+  if (eval_principal(e, ida) == Effect::Deny) {
+    return Effect::Pass;
   }
 
   if (!resource.empty()) {