/** * Converts a canned access control policy into the equivalent access control list. * * @param cannedAP * @param ownerId */ public static AccessControlList fromCannedAccessPolicy(CannedAccessPolicy cannedAP, String ownerId) { AccessControlList acl = new AccessControlList(); acl.setOwner(new CanonicalUser(ownerId)); // Canned access policies always allow full control to the owner. acl.addPermission(new CanonicalUserGrantee(ownerId), Permission.FULL_CONTROL); if (CannedAccessPolicy.PRIVATE == cannedAP) { // No more work to do. } else if (CannedAccessPolicy.AUTHENTICATED_READ == cannedAP) { acl.addPermission(GroupGranteeURI.AUTHENTICATED_USERS, Permission.READ); } else if (CannedAccessPolicy.PUBLIC_READ == cannedAP) { acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.READ); } else if (CannedAccessPolicy.PUBLIC_READ_WRITE == cannedAP) { acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.READ); acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.WRITE); } return acl; }
/** * @param granteeId * @return the permissions assigned to a grantee, as identified by the given ID. */ public Collection<Permission> getPermissions(String granteeId) { Collection<Grant> grantsForGrantee = findGrantsForGrantee(granteeId); return Collections2.transform(grantsForGrantee, new Function<Grant, Permission>() { public Permission apply(Grant g) { return g.getPermission(); } }); }
/** * @return an unmodifiable set of grantees who have been assigned permissions in this ACL. */ public Set<Grantee> getGrantees() { Set<Grantee> grantees = new TreeSet<Grantee>(); for (Grant grant : getGrants()) { grantees.add(grant.getGrantee()); } return Collections.unmodifiableSet(grantees); }
public void endElement(String uri, String name, String qName) { if (qName.equals("Owner")) { CanonicalUser owner = new CanonicalUser(currentId); owner.setDisplayName(currentDisplayName); acl.setOwner(owner); } else if (qName.equals("Grantee")) { if ("AmazonCustomerByEmail".equals(currentGranteeType)) { currentGrantee = new EmailAddressGrantee(currentId); } else if ("CanonicalUser".equals(currentGranteeType)) { currentGrantee = new CanonicalUserGrantee(currentId, currentDisplayName); } else if ("Group".equals(currentGranteeType)) { currentGrantee = new GroupGrantee(GroupGranteeURI.fromURI(currentId)); } } else if (qName.equals("Grant")) { acl.addPermission(currentGrantee, Permission.valueOf(currentPermission)); } else if (qName.equals("ID") || qName.equals("EmailAddress") || qName.equals("URI")) { currentId = currentText.toString(); } else if (qName.equals("DisplayName")) { currentDisplayName = currentText.toString(); } else if (qName.equals("Permission")) { currentPermission = currentText.toString(); } currentText = new StringBuilder(); }
XMLBuilder rootBuilder = XMLBuilder.create("AccessControlPolicy").attr("xmlns", S3Constants.S3_REST_API_XML_NAMESPACE); if (acl.getOwner() != null) { XMLBuilder ownerBuilder = rootBuilder.elem("Owner"); ownerBuilder.elem("ID").text(acl.getOwner().getId()).up(); if (acl.getOwner().getDisplayName() != null) { ownerBuilder.elem("DisplayName").text(acl.getOwner().getDisplayName()).up(); for (Grant grant : acl.getGrants()) { XMLBuilder grantBuilder = grantsBuilder.elem("Grant"); XMLBuilder granteeBuilder = grantBuilder.elem("Grantee").attr("xmlns:xsi",
/** * @param granteeId * @param permission * @return true if the grantee has the given permission. */ public boolean hasPermission(String granteeId, Permission permission) { return getPermissions(granteeId).contains(permission); }
/** * @param grantee * @param permission * @return true if the grantee has the given permission. */ public boolean hasPermission(Grantee grantee, Permission permission) { return hasPermission(grantee.getIdentifier(), permission); }
/** * Add a permission for the given group grantee. * * @param groupGranteeURI * @param permission */ public AccessControlList addPermission(GroupGranteeURI groupGranteeURI, Permission permission) { return addPermission(new GroupGrantee(groupGranteeURI), permission); }
/** * Revoke a permission for the given group grantee, if this specific permission was granted. * * Note that you must be very explicit about the permissions you revoke, you cannot revoke * partial permissions and expect this class to determine the implied remaining permissions. For * example, if you revoke the {@link Permission#READ} permission from a grantee with * {@link Permission#FULL_CONTROL} access, <strong>the revocation will do nothing</strong> and * the grantee will retain full access. To change the access settings for this grantee, you must * first remove the {@link Permission#FULL_CONTROL} permission the add back the * {@link Permission#READ} permission. * * @param groupGranteeURI * @param permission */ public AccessControlList revokePermission(GroupGranteeURI groupGranteeURI, Permission permission) { return revokePermission(new GroupGrantee(groupGranteeURI), permission); }
/** * @param granteeURI * @return the permissions assigned to a group grantee. */ public Collection<Permission> getPermissions(GroupGranteeURI granteeURI) { return getPermissions(granteeURI.getIdentifier()); }
/** * @param grantee * @return the permissions assigned to a grantee. */ public Collection<Permission> getPermissions(Grantee grantee) { return getPermissions(grantee.getIdentifier()); }
/** * Revoke all the permissions granted to the given grantee. * * @param grantee */ public AccessControlList revokeAllPermissions(Grantee grantee) { Collection<Grant> grantsForGrantee = findGrantsForGrantee(grantee.getIdentifier()); grants.removeAll(grantsForGrantee); return this; }
/** * @param granteeURI * @param permission * @return true if the grantee has the given permission. */ public boolean hasPermission(GroupGranteeURI granteeURI, Permission permission) { return getPermissions(granteeURI.getIdentifier()).contains(permission); }
/** * Revoke a permission for the given grantee, if this specific permission was granted. * * Note that you must be very explicit about the permissions you revoke, you cannot revoke * partial permissions and expect this class to determine the implied remaining permissions. For * example, if you revoke the {@link Permission#READ} permission from a grantee with * {@link Permission#FULL_CONTROL} access, <strong>the revocation will do nothing</strong> and * the grantee will retain full access. To change the access settings for this grantee, you must * first remove the {@link Permission#FULL_CONTROL} permission the add back the * {@link Permission#READ} permission. * * @param grantee * @param permission */ public AccessControlList revokePermission(Grantee grantee, Permission permission) { Collection<Grant> grantsForGrantee = findGrantsForGrantee(grantee.getIdentifier()); for (Grant grant : grantsForGrantee) { if (grant.getPermission().equals(permission)) { grants.remove(grant); } } return this; }