@Override public ContainerAccess getContainerAccess(String container) { AccessControlList acl = sync.getBucketACL(container); if (acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ)) { return ContainerAccess.PUBLIC_READ; } else { return ContainerAccess.PRIVATE; } }
@Override public ContainerAccess getContainerAccess(String container) { AccessControlList acl = sync.getBucketACL(container); if (acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ)) { return ContainerAccess.PUBLIC_READ; } else { return ContainerAccess.PRIVATE; } }
/** * @param grantee * @param permission * @return true if the grantee has the given permission. */ public boolean hasPermission(Grantee grantee, String permission) { return hasPermission(grantee.getIdentifier(), permission); }
@Override public BlobAccess getBlobAccess(String container, String name) { AccessControlList acl = sync.getObjectACL(container, name); if (acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ)) { return BlobAccess.PUBLIC_READ; } else { return BlobAccess.PRIVATE; } }
/** * @param grantee * @param permission * @return true if the grantee has the given permission. */ public boolean hasPermission(Grantee grantee, String permission) { return hasPermission(grantee.getIdentifier(), permission); }
/** * @param grantee * @param permission * @return true if the grantee has the given permission. */ public boolean hasPermission(Grantee grantee, String permission) { return hasPermission(grantee.getIdentifier(), permission); }
@Override public ContainerAccess getContainerAccess(String container) { AccessControlList acl = sync.getBucketACL(container); if (acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ)) { return ContainerAccess.PUBLIC_READ; } else { return ContainerAccess.PRIVATE; } }
@Override public BlobAccess getBlobAccess(String container, String name) { AccessControlList acl = sync.getObjectACL(container, name); if (acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ)) { return BlobAccess.PUBLIC_READ; } else { return BlobAccess.PRIVATE; } }
/** * @param grantee * @param permission * @return true if the grantee has the given permission. */ public boolean hasPermission(Grantee grantee, String permission) { return hasPermission(grantee.getIdentifier(), permission); }
/** * @param grantee * @param permission * @return true if the grantee has the given permission. */ public boolean hasPermission(Grantee grantee, String permission) { return hasPermission(grantee.getIdentifier(), permission); }
@Override public ListenableFuture<String> putBlob(String container, Blob blob, PutOptions overrides) { // TODO: Make use of options overrides PutObjectOptions options = new PutObjectOptions(); try { AccessControlList acl = bucketAcls.getUnchecked(container); if (acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ)) options.withAcl(CannedAccessPolicy.PUBLIC_READ); } catch (CacheLoader.InvalidCacheLoadException e) { // nulls not permitted from cache loader } return async.putObject(container, blob2Object.apply(blob), options); }
private void checkGrants(AccessControlList acl) { String ownerId = acl.getOwner().getId(); assertEquals(acl.getGrants().size(), 4, acl.toString()); assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL), acl.toString()); assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ), acl.toString()); assertTrue(acl.hasPermission(ownerId, Permission.WRITE_ACP), acl.toString()); // EmailAddressGrantee is replaced by a CanonicalUserGrantee, so we cannot test by email addr assertTrue(acl.hasPermission(TEST_ACL_ID, Permission.READ_ACP), acl.toString()); }
private void checkGrants(AccessControlList acl) { String ownerId = acl.getOwner().getId(); assertEquals(acl.getGrants().size(), 4, acl.toString()); assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL), acl.toString()); assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ), acl.toString()); assertTrue(acl.hasPermission(ownerId, Permission.WRITE_ACP), acl.toString()); // EmailAddressGrantee is replaced by a CanonicalUserGrantee, so we cannot test by email addr assertTrue(acl.hasPermission(StubS3AsyncClient.TEST_ACL_ID, Permission.READ_ACP), acl.toString()); }
public void run() { try { AccessControlList acl = getApi().getBucketACL(bucketName + "eu"); assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ), acl.toString()); } catch (Exception e) { Throwables.propagateIfPossible(e); } } });
public void run() { try { AccessControlList acl = getApi().getObjectACL(containerName, publicReadObjectKey); assertEquals(acl.getGrants().size(), 2); assertEquals(acl.getPermissions(GroupGranteeURI.ALL_USERS).size(), 1); assertNotNull(acl.getOwner()); String ownerId = acl.getOwner().getId(); assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL)); assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ)); } catch (Exception e) { Throwables.propagateIfPossible(e); } } });
public void run() { try { AccessControlList acl = getApi().getBucketACL(bucketName + "eu"); assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ), acl.toString()); } catch (Exception e) { Throwables.propagateIfPossible(e); } } });
private ListenableFuture<String> putBlobWithReducedRedundancy(String container, Blob blob) { AWSS3PutObjectOptions options = new AWSS3PutObjectOptions(); try { AccessControlList acl = bucketAcls.getUnchecked(container); if (acl != null && acl.hasPermission(AccessControlList.GroupGranteeURI.ALL_USERS, AccessControlList.Permission.READ)) { options.withAcl(CannedAccessPolicy.PUBLIC_READ); } options.storageClass(ObjectMetadata.StorageClass.REDUCED_REDUNDANCY); } catch (CacheLoader.InvalidCacheLoadException e) { // nulls not permitted from cache loader } return getContext().unwrap(AWSS3ApiMetadata.CONTEXT_TOKEN).getAsyncApi().putObject(container, blob2Object.apply(blob), options); }
@Test public void testAccessControlListOwnerOnly() throws HttpException { String ownerId = "1a405254c932b52e5b5caaa88186bc431a1bacb9ece631f835daddaf0c47677c"; AccessControlList acl = createParser().parse(Strings2.toInputStream(aclOwnerOnly)); assertEquals(acl.getOwner().getId(), ownerId); assertEquals(acl.getOwner().getDisplayName(), "jamesmurty"); assertEquals(acl.getPermissions(ownerId).size(), 1); assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL)); assertEquals(acl.getGrants().size(), 1); assertEquals(acl.getPermissions(GroupGranteeURI.ALL_USERS).size(), 0); assertEquals(acl.getPermissions(GroupGranteeURI.AUTHENTICATED_USERS).size(), 0); assertEquals(acl.getPermissions(GroupGranteeURI.LOG_DELIVERY).size(), 0); }
public void testPrivateAclIsDefaultForBucket() throws InterruptedException, ExecutionException, TimeoutException, IOException { String bucketName = getContainerName(); try { AccessControlList acl = getApi().getBucketACL(bucketName); assertEquals(acl.getGrants().size(), 1); assertNotNull(acl.getOwner()); String ownerId = acl.getOwner().getId(); assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL)); } finally { returnContainer(bucketName); } }
public void testPublicReadAccessPolicy() throws Exception { String bucketName = getScratchContainerName(); try { getApi().putBucketInRegion(null, bucketName, withBucketAcl(CannedAccessPolicy.PUBLIC_READ)); AccessControlList acl = getApi().getBucketACL(bucketName); assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ), acl.toString()); // TODO: I believe that the following should work based on the above acl assertion passing. // However, it fails on 403 // URL url = new URL(String.format("http://%s.s3.amazonaws.com", bucketName)); // Utils.toStringAndClose(url.openStream()); } finally { destroyContainer(bucketName); } }