/** * Converts a canned access control policy into the equivalent access control list. * * @param cannedAP * @param ownerId */ public static AccessControlList fromCannedAccessPolicy(CannedAccessPolicy cannedAP, String ownerId) { AccessControlList acl = new AccessControlList(); acl.setOwner(new CanonicalUser(ownerId)); // Canned access policies always allow full control to the owner. acl.addPermission(new CanonicalUserGrantee(ownerId), Permission.FULL_CONTROL); if (CannedAccessPolicy.PRIVATE == cannedAP) { // No more work to do. } else if (CannedAccessPolicy.AUTHENTICATED_READ == cannedAP) { acl.addPermission(GroupGranteeURI.AUTHENTICATED_USERS, Permission.READ); } else if (CannedAccessPolicy.PUBLIC_READ == cannedAP) { acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.READ); } else if (CannedAccessPolicy.PUBLIC_READ_WRITE == cannedAP) { acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.READ); acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.WRITE); } return acl; }
/** * Converts a canned access control policy into the equivalent access control list. * * @param cannedAP * @param ownerId */ public static AccessControlList fromCannedAccessPolicy(CannedAccessPolicy cannedAP, String ownerId) { AccessControlList acl = new AccessControlList(); acl.setOwner(new CanonicalUser(ownerId)); // Canned access policies always allow full control to the owner. acl.addPermission(new CanonicalUserGrantee(ownerId), Permission.FULL_CONTROL); if (CannedAccessPolicy.PRIVATE == cannedAP) { // No more work to do. } else if (CannedAccessPolicy.AUTHENTICATED_READ == cannedAP) { acl.addPermission(GroupGranteeURI.AUTHENTICATED_USERS, Permission.READ); } else if (CannedAccessPolicy.PUBLIC_READ == cannedAP) { acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.READ); } else if (CannedAccessPolicy.PUBLIC_READ_WRITE == cannedAP) { acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.READ); acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.WRITE); } return acl; }
/** * Converts a canned access control policy into the equivalent access control list. * * @param cannedAP * @param ownerId */ public static AccessControlList fromCannedAccessPolicy(CannedAccessPolicy cannedAP, String ownerId) { AccessControlList acl = new AccessControlList(); acl.setOwner(new CanonicalUser(ownerId)); // Canned access policies always allow full control to the owner. acl.addPermission(new CanonicalUserGrantee(ownerId), Permission.FULL_CONTROL); if (CannedAccessPolicy.PRIVATE == cannedAP) { // No more work to do. } else if (CannedAccessPolicy.AUTHENTICATED_READ == cannedAP) { acl.addPermission(GroupGranteeURI.AUTHENTICATED_USERS, Permission.READ); } else if (CannedAccessPolicy.PUBLIC_READ == cannedAP) { acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.READ); } else if (CannedAccessPolicy.PUBLIC_READ_WRITE == cannedAP) { acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.READ); acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.WRITE); } return acl; }
/** * Converts a canned access control policy into the equivalent access control list. * * @param cannedAP * @param ownerId */ public static AccessControlList fromCannedAccessPolicy(CannedAccessPolicy cannedAP, String ownerId) { AccessControlList acl = new AccessControlList(); acl.setOwner(new CanonicalUser(ownerId)); // Canned access policies always allow full control to the owner. acl.addPermission(new CanonicalUserGrantee(ownerId), Permission.FULL_CONTROL); if (CannedAccessPolicy.PRIVATE == cannedAP) { // No more work to do. } else if (CannedAccessPolicy.AUTHENTICATED_READ == cannedAP) { acl.addPermission(GroupGranteeURI.AUTHENTICATED_USERS, Permission.READ); } else if (CannedAccessPolicy.PUBLIC_READ == cannedAP) { acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.READ); } else if (CannedAccessPolicy.PUBLIC_READ_WRITE == cannedAP) { acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.READ); acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.WRITE); } return acl; }
/** * Converts a canned access control policy into the equivalent access control list. * * @param cannedAP * @param ownerId */ public static AccessControlList fromCannedAccessPolicy(CannedAccessPolicy cannedAP, String ownerId) { AccessControlList acl = new AccessControlList(); acl.setOwner(new CanonicalUser(ownerId)); // Canned access policies always allow full control to the owner. acl.addPermission(new CanonicalUserGrantee(ownerId), Permission.FULL_CONTROL); if (CannedAccessPolicy.PRIVATE == cannedAP) { // No more work to do. } else if (CannedAccessPolicy.AUTHENTICATED_READ == cannedAP) { acl.addPermission(GroupGranteeURI.AUTHENTICATED_USERS, Permission.READ); } else if (CannedAccessPolicy.PUBLIC_READ == cannedAP) { acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.READ); } else if (CannedAccessPolicy.PUBLIC_READ_WRITE == cannedAP) { acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.READ); acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.WRITE); } return acl; }
public void run() { try { BucketLogging newLogging = getApi().getBucketLogging(bucketName); assert newLogging !=null; AccessControlList acl = new AccessControlList(); for (Grant grant : newLogging.getTargetGrants()) { // TODO: add permission // checking features to // bucketlogging acl.addPermission(grant.getGrantee(), grant.getPermission()); } // EmailAddressGrantee is replaced by a CanonicalUserGrantee, so we cannot test by // email addr assertTrue(acl.hasPermission(StubS3AsyncClient.TEST_ACL_ID, Permission.FULL_CONTROL), acl.toString()); assertEquals(logging.getTargetBucket(), newLogging.getTargetBucket()); assertEquals(logging.getTargetPrefix(), newLogging.getTargetPrefix()); } catch (Exception e) { Throwables.propagateIfPossible(e); } } });
public void run() { try { BucketLogging newLogging = getApi().getBucketLogging(bucketName); assert newLogging != null; AccessControlList acl = new AccessControlList(); for (Grant grant : newLogging.getTargetGrants()) { // TODO: add permission // checking features to // bucketlogging acl.addPermission(grant.getGrantee(), grant.getPermission()); } // EmailAddressGrantee is replaced by a CanonicalUserGrantee, so we cannot test by // email addr assertTrue(acl.hasPermission(TEST_ACL_ID, FULL_CONTROL), acl.toString()); assertEquals(logging.getTargetBucket(), newLogging.getTargetBucket()); assertEquals(logging.getTargetPrefix(), newLogging.getTargetPrefix()); } catch (Exception e) { Throwables.propagateIfPossible(e); } } });