/** * @return an unmodifiable set of grantees who have been assigned permissions in this ACL. */ public Set<Grantee> getGrantees() { Set<Grantee> grantees = Sets.newTreeSet(); for (Grant grant : getGrants()) { grantees.add(grant.getGrantee()); } return Collections.unmodifiableSet(grantees); }
/** * @return an unmodifiable set of grantees who have been assigned permissions in this ACL. */ public Set<Grantee> getGrantees() { Set<Grantee> grantees = Sets.newTreeSet(); for (Grant grant : getGrants()) { grantees.add(grant.getGrantee()); } return Collections.unmodifiableSet(grantees); }
/** * @return an unmodifiable set of grantees who have been assigned permissions in this ACL. */ public Set<Grantee> getGrantees() { Set<Grantee> grantees = Sets.newTreeSet(); for (Grant grant : getGrants()) { grantees.add(grant.getGrantee()); } return Collections.unmodifiableSet(grantees); }
protected XMLBuilder generateBuilder(BucketLogging bucketLogging) throws ParserConfigurationException, FactoryConfigurationError { XMLBuilder rootBuilder = XMLBuilder.create("BucketLoggingStatus") .attr("xmlns", S3Constants.S3_REST_API_XML_NAMESPACE).e("LoggingEnabled"); rootBuilder.e("TargetBucket").t(bucketLogging.getTargetBucket()); rootBuilder.e("TargetPrefix").t(bucketLogging.getTargetPrefix()); XMLBuilder grantsBuilder = rootBuilder.elem("TargetGrants"); for (Grant grant : bucketLogging.getTargetGrants()) { XMLBuilder grantBuilder = grantsBuilder.elem("Grant"); XMLBuilder granteeBuilder = grantBuilder.elem("Grantee").attr("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance"); if (grant.getGrantee() instanceof GroupGrantee) { granteeBuilder.attr("xsi:type", "Group").elem("URI").text(grant.getGrantee().getIdentifier()); } else if (grant.getGrantee() instanceof CanonicalUserGrantee) { CanonicalUserGrantee grantee = (CanonicalUserGrantee) grant.getGrantee(); granteeBuilder.attr("xsi:type", "CanonicalUser").elem("ID").text(grantee.getIdentifier()).up(); if (grantee.getDisplayName() != null) { granteeBuilder.elem("DisplayName").text(grantee.getDisplayName()); } } else if (grant.getGrantee() instanceof EmailAddressGrantee) { granteeBuilder.attr("xsi:type", "AmazonCustomerByEmail").elem("EmailAddress") .text(grant.getGrantee().getIdentifier()); } grantBuilder.elem("Permission").text(grant.getPermission().toString()); } return grantsBuilder; }
protected XMLBuilder generateBuilder(BucketLogging bucketLogging) throws ParserConfigurationException, FactoryConfigurationError { XMLBuilder rootBuilder = XMLBuilder.create("BucketLoggingStatus") .attr("xmlns", S3Constants.S3_REST_API_XML_NAMESPACE).e("LoggingEnabled"); rootBuilder.e("TargetBucket").t(bucketLogging.getTargetBucket()); rootBuilder.e("TargetPrefix").t(bucketLogging.getTargetPrefix()); XMLBuilder grantsBuilder = rootBuilder.elem("TargetGrants"); for (Grant grant : bucketLogging.getTargetGrants()) { XMLBuilder grantBuilder = grantsBuilder.elem("Grant"); XMLBuilder granteeBuilder = grantBuilder.elem("Grantee").attr("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance"); if (grant.getGrantee() instanceof GroupGrantee) { granteeBuilder.attr("xsi:type", "Group").elem("URI").text(grant.getGrantee().getIdentifier()); } else if (grant.getGrantee() instanceof CanonicalUserGrantee) { CanonicalUserGrantee grantee = (CanonicalUserGrantee) grant.getGrantee(); granteeBuilder.attr("xsi:type", "CanonicalUser").elem("ID").text(grantee.getIdentifier()).up(); if (grantee.getDisplayName() != null) { granteeBuilder.elem("DisplayName").text(grantee.getDisplayName()); } } else if (grant.getGrantee() instanceof EmailAddressGrantee) { granteeBuilder.attr("xsi:type", "AmazonCustomerByEmail").elem("EmailAddress") .text(grant.getGrantee().getIdentifier()); } grantBuilder.elem("Permission").text(grant.getPermission().toString()); } return grantsBuilder; }
/** * Revoke a permission for the given grantee, if this specific permission was granted. * * Note that you must be very explicit about the permissions you revoke, you cannot revoke * partial permissions and expect this class to determine the implied remaining permissions. For * example, if you revoke the {@link Permission#READ} permission from a grantee with * {@link Permission#FULL_CONTROL} access, <strong>the revocation will do nothing</strong> and * the grantee will retain full access. To change the access settings for this grantee, you must * first remove the {@link Permission#FULL_CONTROL} permission the add back the * {@link Permission#READ} permission. * * @param grantee * @param permission */ public AccessControlList revokePermission(Grantee grantee, String permission) { for (Iterator<Grant> it = grants.iterator(); it.hasNext();) { Grant grant = it.next(); if (grant.getGrantee().equals(grantee) && grant.getPermission().equals(permission)) { it.remove(); } } return this; }
/** * Revoke a permission for the given grantee, if this specific permission was granted. * * Note that you must be very explicit about the permissions you revoke, you cannot revoke * partial permissions and expect this class to determine the implied remaining permissions. For * example, if you revoke the {@link Permission#READ} permission from a grantee with * {@link Permission#FULL_CONTROL} access, <strong>the revocation will do nothing</strong> and * the grantee will retain full access. To change the access settings for this grantee, you must * first remove the {@link Permission#FULL_CONTROL} permission the add back the * {@link Permission#READ} permission. * * @param grantee * @param permission */ public AccessControlList revokePermission(Grantee grantee, String permission) { for (Iterator<Grant> it = grants.iterator(); it.hasNext();) { Grant grant = it.next(); if (grant.getGrantee().equals(grantee) && grant.getPermission().equals(permission)) { it.remove(); } } return this; }
protected XMLBuilder generateBuilder(BucketLogging bucketLogging) throws ParserConfigurationException, FactoryConfigurationError { XMLBuilder rootBuilder = XMLBuilder.create("BucketLoggingStatus") .attr("xmlns", S3Constants.S3_REST_API_XML_NAMESPACE).e("LoggingEnabled"); rootBuilder.e("TargetBucket").t(bucketLogging.getTargetBucket()); rootBuilder.e("TargetPrefix").t(bucketLogging.getTargetPrefix()); XMLBuilder grantsBuilder = rootBuilder.elem("TargetGrants"); for (Grant grant : bucketLogging.getTargetGrants()) { XMLBuilder grantBuilder = grantsBuilder.elem("Grant"); XMLBuilder granteeBuilder = grantBuilder.elem("Grantee").attr("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance"); if (grant.getGrantee() instanceof GroupGrantee) { granteeBuilder.attr("xsi:type", "Group").elem("URI").text(grant.getGrantee().getIdentifier()); } else if (grant.getGrantee() instanceof CanonicalUserGrantee) { CanonicalUserGrantee grantee = (CanonicalUserGrantee) grant.getGrantee(); granteeBuilder.attr("xsi:type", "CanonicalUser").elem("ID").text(grantee.getIdentifier()).up(); if (grantee.getDisplayName() != null) { granteeBuilder.elem("DisplayName").text(grantee.getDisplayName()); } } else if (grant.getGrantee() instanceof EmailAddressGrantee) { granteeBuilder.attr("xsi:type", "AmazonCustomerByEmail").elem("EmailAddress") .text(grant.getGrantee().getIdentifier()); } grantBuilder.elem("Permission").text(grant.getPermission().toString()); } return grantsBuilder; }
protected XMLBuilder generateBuilder(BucketLogging bucketLogging) throws ParserConfigurationException, FactoryConfigurationError { XMLBuilder rootBuilder = XMLBuilder.create("BucketLoggingStatus") .attr("xmlns", S3Constants.S3_REST_API_XML_NAMESPACE).e("LoggingEnabled"); rootBuilder.e("TargetBucket").t(bucketLogging.getTargetBucket()); rootBuilder.e("TargetPrefix").t(bucketLogging.getTargetPrefix()); XMLBuilder grantsBuilder = rootBuilder.elem("TargetGrants"); for (Grant grant : bucketLogging.getTargetGrants()) { XMLBuilder grantBuilder = grantsBuilder.elem("Grant"); XMLBuilder granteeBuilder = grantBuilder.elem("Grantee").attr("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance"); if (grant.getGrantee() instanceof GroupGrantee) { granteeBuilder.attr("xsi:type", "Group").elem("URI").text(grant.getGrantee().getIdentifier()); } else if (grant.getGrantee() instanceof CanonicalUserGrantee) { CanonicalUserGrantee grantee = (CanonicalUserGrantee) grant.getGrantee(); granteeBuilder.attr("xsi:type", "CanonicalUser").elem("ID").text(grantee.getIdentifier()).up(); if (grantee.getDisplayName() != null) { granteeBuilder.elem("DisplayName").text(grantee.getDisplayName()); } } else if (grant.getGrantee() instanceof EmailAddressGrantee) { granteeBuilder.attr("xsi:type", "AmazonCustomerByEmail").elem("EmailAddress") .text(grant.getGrantee().getIdentifier()); } grantBuilder.elem("Permission").text(grant.getPermission().toString()); } return grantsBuilder; }
/** * Revoke a permission for the given grantee, if this specific permission was granted. * * Note that you must be very explicit about the permissions you revoke, you cannot revoke * partial permissions and expect this class to determine the implied remaining permissions. For * example, if you revoke the {@link Permission#READ} permission from a grantee with * {@link Permission#FULL_CONTROL} access, <strong>the revocation will do nothing</strong> and * the grantee will retain full access. To change the access settings for this grantee, you must * first remove the {@link Permission#FULL_CONTROL} permission the add back the * {@link Permission#READ} permission. * * @param grantee * @param permission */ public AccessControlList revokePermission(Grantee grantee, String permission) { for (Iterator<Grant> it = grants.iterator(); it.hasNext();) { Grant grant = it.next(); if (grant.getGrantee().equals(grantee) && grant.getPermission().equals(permission)) { it.remove(); } } return this; }
public void run() { try { BucketLogging newLogging = getApi().getBucketLogging(bucketName); assert newLogging != null; AccessControlList acl = new AccessControlList(); for (Grant grant : newLogging.getTargetGrants()) { // TODO: add permission // checking features to // bucketlogging acl.addPermission(grant.getGrantee(), grant.getPermission()); } // EmailAddressGrantee is replaced by a CanonicalUserGrantee, so we cannot test by // email addr assertTrue(acl.hasPermission(TEST_ACL_ID, FULL_CONTROL), acl.toString()); assertEquals(logging.getTargetBucket(), newLogging.getTargetBucket()); assertEquals(logging.getTargetPrefix(), newLogging.getTargetPrefix()); } catch (Exception e) { Throwables.propagateIfPossible(e); } } });
/** * Replace any AmazonCustomerByEmail grantees with a somewhat-arbitrary canonical user grantee, * to match S3 which substitutes each email address grantee with that user's corresponding ID. In * short, although you can PUT email address grantees, these are actually subsequently returned * by S3 as canonical user grantees. * * @param acl * @return */ protected AccessControlList sanitizeUploadedACL(AccessControlList acl) { // Replace any email address grantees with canonical user grantees, using // the acl's owner ID as the surrogate replacement. for (Grant grant : acl.getGrants()) { if (grant.getGrantee() instanceof EmailAddressGrantee) { EmailAddressGrantee emailGrantee = (EmailAddressGrantee) grant.getGrantee(); String id = emailGrantee.getEmailAddress().equals(TEST_ACL_EMAIL) ? TEST_ACL_ID : acl.getOwner().getId(); grant.setGrantee(new CanonicalUserGrantee(id, acl.getOwner().getDisplayName())); } } return acl; }
public void run() { try { BucketLogging newLogging = getApi().getBucketLogging(bucketName); assert newLogging !=null; AccessControlList acl = new AccessControlList(); for (Grant grant : newLogging.getTargetGrants()) { // TODO: add permission // checking features to // bucketlogging acl.addPermission(grant.getGrantee(), grant.getPermission()); } // EmailAddressGrantee is replaced by a CanonicalUserGrantee, so we cannot test by // email addr assertTrue(acl.hasPermission(StubS3AsyncClient.TEST_ACL_ID, Permission.FULL_CONTROL), acl.toString()); assertEquals(logging.getTargetBucket(), newLogging.getTargetBucket()); assertEquals(logging.getTargetPrefix(), newLogging.getTargetPrefix()); } catch (Exception e) { Throwables.propagateIfPossible(e); } } });
public boolean apply(Grant g) { return g.getGrantee().getIdentifier().equals(granteeId); } });
public boolean apply(Grant g) { return g.getGrantee().getIdentifier().equals(granteeId); } });
public boolean apply(Grant g) { return g.getGrantee().getIdentifier().equals(granteeId); } });
/** * @return an unmodifiable set of grantees who have been assigned permissions in this ACL. */ public Set<Grantee> getGrantees() { Set<Grantee> grantees = Sets.newTreeSet(); for (Grant grant : getGrants()) { grantees.add(grant.getGrantee()); } return Collections.unmodifiableSet(grantees); }
/** * @return an unmodifiable set of grantees who have been assigned permissions in this ACL. */ public Set<Grantee> getGrantees() { Set<Grantee> grantees = Sets.newTreeSet(); for (Grant grant : getGrants()) { grantees.add(grant.getGrantee()); } return Collections.unmodifiableSet(grantees); }
public boolean apply(Grant g) { return g.getGrantee().getIdentifier().equals(granteeId); } });
public boolean apply(Grant g) { return g.getGrantee().getIdentifier().equals(granteeId); } });