/** * Revokes the permissions of a grantee by removing the grantee from the access control list (ACL). * * @param grantee * The grantee to remove from this ACL. */ public void revokeAllPermissions(Grantee grantee) { ArrayList<Grant> grantsToRemove = new ArrayList<Grant>(); List<Grant> existingGrants = getGrantsAsList(); for (Grant gap : existingGrants) { if (gap.getGrantee().equals(grantee)) { grantsToRemove.add(gap); } } grantList.removeAll(grantsToRemove); }
/** * Adds a set of grantee/permission pairs to the access control list (ACL), where each item in the * set is a {@link Grant} object. * * @param grantsVarArg * A collection of {@link Grant} objects */ public void grantAllPermissions(Grant... grantsVarArg) { for (Grant gap : grantsVarArg) { grantPermission(gap.getGrantee(), gap.getPermission()); } }
/** * Sets the access control headers for the request given. */ private static void addAclHeaders(Request<? extends AmazonWebServiceRequest> request, AccessControlList acl) { List<Grant> grants = acl.getGrantsAsList(); Map<Permission, Collection<Grantee>> grantsByPermission = new HashMap<Permission, Collection<Grantee>>(); for ( Grant grant : grants ) { if ( !grantsByPermission.containsKey(grant.getPermission()) ) { grantsByPermission.put(grant.getPermission(), new LinkedList<Grantee>()); } grantsByPermission.get(grant.getPermission()).add(grant.getGrantee()); } for ( Permission permission : Permission.values() ) { if ( grantsByPermission.containsKey(permission) ) { Collection<Grantee> grantees = grantsByPermission.get(permission); boolean seenOne = false; StringBuilder granteeString = new StringBuilder(); for ( Grantee grantee : grantees ) { if ( !seenOne ) seenOne = true; else granteeString.append(", "); granteeString.append(grantee.getTypeIdentifier()).append("=").append("\"") .append(grantee.getIdentifier()).append("\""); } request.addHeader(permission.getHeaderName(), granteeString.toString()); } } }
public static void getObjectAcl(String bucket_name, String object_key) { System.out.println("Retrieving ACL for object: " + object_key); System.out.println(" in bucket: " + bucket_name); final AmazonS3 s3 = AmazonS3ClientBuilder.defaultClient(); try { AccessControlList acl = s3.getObjectAcl(bucket_name, object_key); List<Grant> grants = acl.getGrantsAsList(); for (Grant grant : grants) { System.out.format(" %s: %s\n", grant.getGrantee().getIdentifier(), grant.getPermission().toString()); } } catch (AmazonServiceException e) { System.err.println(e.getErrorMessage()); System.exit(1); } }
public static void getBucketAcl(String bucket_name) { System.out.println("Retrieving ACL for bucket: " + bucket_name); final AmazonS3 s3 = AmazonS3ClientBuilder.defaultClient(); try { AccessControlList acl = s3.getBucketAcl(bucket_name); List<Grant> grants = acl.getGrantsAsList(); for (Grant grant : grants) { System.out.format(" %s: %s\n", grant.getGrantee().getIdentifier(), grant.getPermission().toString()); } } catch (AmazonServiceException e) { System.err.println(e.getErrorMessage()); System.exit(1); } }
private static void addGrantsIfNotNull(XmlWriter xml, AccessControlList accessControlList) { if (accessControlList == null) { return; } AclXmlFactory aclXmlFactory = new AclXmlFactory(); xml.start("AccessControlList"); for(Grant grant: accessControlList.getGrantsAsList()) { xml.start("Grant"); if (grant.getGrantee() != null) { aclXmlFactory.convertToXml(grant.getGrantee(), xml); } addIfNotNull(xml, "Permission", grant.getPermission()); xml.end(); } xml.end(); }
for (Grant grant : acl.getGrantsAsList()) { Permission perm = grant.getPermission(); Grantee grantee = grant.getGrantee(); if (perm.equals(Permission.Read)) { if (isUserIdInGrantee(grantee, userId)) {
/** * Revokes the permissions of a grantee by removing the grantee from the * access control list (ACL). * * @param grantee The grantee to remove from this ACL. */ public void revokeAllPermissions(Grantee grantee) { final ArrayList<Grant> grantsToRemove = new ArrayList<Grant>(); final List<Grant> existingGrants = getGrantsAsList(); for (final Grant gap : existingGrants) { if (gap.getGrantee().equals(grantee)) { grantsToRemove.add(gap); } } grantList.removeAll(grantsToRemove); }
for (Grant grant : acl.getGrantsAsList()) { xml.start("Grant"); convertToXml(grant.getGrantee(), xml); xml.start("Permission").value(grant.getPermission().toString()).end(); xml.end();
/** * Adds a set of grantee/permission pairs to the access control list (ACL), * where each item in the set is a {@link Grant} object. * * @param grants A collection of {@link Grant} objects */ public void grantAllPermissions(Grant... grantsVarArg) { for (final Grant gap : grantsVarArg) { grantPermission(gap.getGrantee(), gap.getPermission()); } }
grantsByPermission.put(grant.getPermission(), new LinkedList<Grantee>()); grantsByPermission.get(grant.getPermission()).add(grant.getGrantee());
/** * Revokes the permissions of a grantee by removing the grantee from the * access control list (ACL). * * @param grantee The grantee to remove from this ACL. */ public void revokeAllPermissions(Grantee grantee) { final ArrayList<Grant> grantsToRemove = new ArrayList<Grant>(); final List<Grant> existingGrants = getGrantsAsList(); for (final Grant gap : existingGrants) { if (gap.getGrantee().equals(grantee)) { grantsToRemove.add(gap); } } grantList.removeAll(grantsToRemove); }
/** * Revokes the permissions of a grantee by removing the grantee from the access control list (ACL). * * @param grantee * The grantee to remove from this ACL. */ public void revokeAllPermissions(Grantee grantee) { ArrayList<Grant> grantsToRemove = new ArrayList<Grant>(); List<Grant> existingGrants = getGrantsAsList(); for (Grant gap : existingGrants) { if (gap.getGrantee().equals(grantee)) { grantsToRemove.add(gap); } } grantList.removeAll(grantsToRemove); }
/** * Adds a set of grantee/permission pairs to the access control list (ACL), * where each item in the set is a {@link Grant} object. * * @param grants A collection of {@link Grant} objects */ public void grantAllPermissions(Grant... grantsVarArg) { for (final Grant gap : grantsVarArg) { grantPermission(gap.getGrantee(), gap.getPermission()); } }
/** * Adds a set of grantee/permission pairs to the access control list (ACL), where each item in the * set is a {@link Grant} object. * * @param grantsVarArg * A collection of {@link Grant} objects */ public void grantAllPermissions(Grant... grantsVarArg) { for (Grant gap : grantsVarArg) { grantPermission(gap.getGrantee(), gap.getPermission()); } }
/** * have almost one of the permission set in the parameter permissions * * @param permissions almost one * @return */ private boolean hasPermission(EnumSet<Permission> permissions) { for (Grant grant : acl.getGrantsAsList()) if (grant.getGrantee().getIdentifier().equals(owner.getId()) && permissions.contains(grant.getPermission())) return true; return false; }
/** * This method is to check whether s3 bucket has read/write/full control * * @param grants * @param accessTypeToCheck * @return List<Permission>, if permissions found else empty */ private static List<Permission> checkAnyGrantHasOpenToReadOrWriteAccess(List<Grant> grants, String accessTypeToCheck) { List<Permission> permissions = new ArrayList<>(); for (Grant grant : grants) { if ((PacmanRuleConstants.ANY_S3_AUTHENTICATED_USER_URI.equalsIgnoreCase(grant.getGrantee().getIdentifier()) || PacmanRuleConstants.ALL_S3_USER_URI .equalsIgnoreCase(grant.getGrantee().getIdentifier())) && (grant.getPermission().toString().contains(accessTypeToCheck) || grant.getPermission().toString() .equalsIgnoreCase(PacmanRuleConstants.FULL_CONTROL))) { permissions.add(grant.getPermission()); } } return permissions; }
/** * Sets the access control headers for the request given. */ private static void addAclHeaders(Request<? extends AmazonWebServiceRequest> request, AccessControlList acl) { List<Grant> grants = acl.getGrantsAsList(); Map<Permission, Collection<Grantee>> grantsByPermission = new HashMap<Permission, Collection<Grantee>>(); for ( Grant grant : grants ) { if ( !grantsByPermission.containsKey(grant.getPermission()) ) { grantsByPermission.put(grant.getPermission(), new LinkedList<Grantee>()); } grantsByPermission.get(grant.getPermission()).add(grant.getGrantee()); } for ( Permission permission : Permission.values() ) { if ( grantsByPermission.containsKey(permission) ) { Collection<Grantee> grantees = grantsByPermission.get(permission); boolean seenOne = false; StringBuilder granteeString = new StringBuilder(); for ( Grantee grantee : grantees ) { if ( !seenOne ) seenOne = true; else granteeString.append(", "); granteeString.append(grantee.getTypeIdentifier()).append("=").append("\"") .append(grantee.getIdentifier()).append("\""); } request.addHeader(permission.getHeaderName(), granteeString.toString()); } } }
for (Grant grant : acl.getGrants()) { xml.start("Grant"); convertToXml(grant.getGrantee(), xml); xml.start("Permission").value(grant.getPermission().toString()).end(); xml.end();
private ObjectAcl syncAclFromS3Acl(AccessControlList s3Acl) { ObjectAcl syncAcl = new ObjectAcl(); syncAcl.setOwner(s3Acl.getOwner().getId()); for (Grant grant : s3Acl.getGrantsAsList()) { Grantee grantee = grant.getGrantee(); if (grantee instanceof GroupGrantee || grantee.getTypeIdentifier().equals(ACL_GROUP_TYPE)) syncAcl.addGroupGrant(grantee.getIdentifier(), grant.getPermission().toString()); else if (grantee instanceof CanonicalGrantee || grantee.getTypeIdentifier().equals(ACL_CANONICAL_USER_TYPE)) syncAcl.addUserGrant(grantee.getIdentifier(), grant.getPermission().toString()); } return syncAcl; }