Comment 12 for bug 1562175

@Travis, No, I would not describe the consequence as "granting access to a container or object they shouldn't". To attempt to summarize, it is more like a user can *cause* a copy to be written into a container that it does not otherwise have access to. The user cannot control the contents of that object - apart from selecting which existing object to use.

The user can select a versioned object path that it does not have access to, request a put on that versioned object, and this request will execute the copy part of the request before it fails due to lack of permissions.