How to use

hasPermission

method

in

org.jclouds.s3.domain.AccessControlList

@Override
public ContainerAccess getContainerAccess(String container) {
 AccessControlList acl = sync.getBucketACL(container);
 if (acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ)) {
   return ContainerAccess.PUBLIC_READ;
 } else {
   return ContainerAccess.PRIVATE;
 }
}

@Override
public ContainerAccess getContainerAccess(String container) {
 AccessControlList acl = sync.getBucketACL(container);
 if (acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ)) {
   return ContainerAccess.PUBLIC_READ;
 } else {
   return ContainerAccess.PRIVATE;
 }
}

/**
* @param grantee
* @param permission
* @return true if the grantee has the given permission.
*/
public boolean hasPermission(Grantee grantee, String permission) {
 return hasPermission(grantee.getIdentifier(), permission);
}

@Override
public BlobAccess getBlobAccess(String container, String name) {
 AccessControlList acl = sync.getObjectACL(container, name);
 if (acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ)) {
   return BlobAccess.PUBLIC_READ;
 } else {
   return BlobAccess.PRIVATE;
 }
}

/**
* @param grantee
* @param permission
* @return true if the grantee has the given permission.
*/
public boolean hasPermission(Grantee grantee, String permission) {
 return hasPermission(grantee.getIdentifier(), permission);
}

/**
* @param grantee
* @param permission
* @return true if the grantee has the given permission.
*/
public boolean hasPermission(Grantee grantee, String permission) {
 return hasPermission(grantee.getIdentifier(), permission);
}

@Override
public ContainerAccess getContainerAccess(String container) {
 AccessControlList acl = sync.getBucketACL(container);
 if (acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ)) {
   return ContainerAccess.PUBLIC_READ;
 } else {
   return ContainerAccess.PRIVATE;
 }
}

@Override
public BlobAccess getBlobAccess(String container, String name) {
 AccessControlList acl = sync.getObjectACL(container, name);
 if (acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ)) {
   return BlobAccess.PUBLIC_READ;
 } else {
   return BlobAccess.PRIVATE;
 }
}

/**
* @param grantee
* @param permission
* @return true if the grantee has the given permission.
*/
public boolean hasPermission(Grantee grantee, String permission) {
 return hasPermission(grantee.getIdentifier(), permission);
}

/**
* @param grantee
* @param permission
* @return true if the grantee has the given permission.
*/
public boolean hasPermission(Grantee grantee, String permission) {
 return hasPermission(grantee.getIdentifier(), permission);
}

@Override
public ListenableFuture<String> putBlob(String container, Blob blob, PutOptions overrides) {
 // TODO: Make use of options overrides
 PutObjectOptions options = new PutObjectOptions();
 try {
   AccessControlList acl = bucketAcls.getUnchecked(container);
   if (acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ))
    options.withAcl(CannedAccessPolicy.PUBLIC_READ);
 } catch (CacheLoader.InvalidCacheLoadException e) {
   // nulls not permitted from cache loader
 }
 return async.putObject(container, blob2Object.apply(blob), options);
}

private void checkGrants(AccessControlList acl) {
 String ownerId = acl.getOwner().getId();
 assertEquals(acl.getGrants().size(), 4, acl.toString());
 assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL), acl.toString());
 assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ), acl.toString());
 assertTrue(acl.hasPermission(ownerId, Permission.WRITE_ACP), acl.toString());
 // EmailAddressGrantee is replaced by a CanonicalUserGrantee, so we cannot test by email addr
 assertTrue(acl.hasPermission(TEST_ACL_ID, Permission.READ_ACP), acl.toString());
}

private void checkGrants(AccessControlList acl) {
 String ownerId = acl.getOwner().getId();
 assertEquals(acl.getGrants().size(), 4, acl.toString());
 assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL), acl.toString());
 assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ), acl.toString());
 assertTrue(acl.hasPermission(ownerId, Permission.WRITE_ACP), acl.toString());
 // EmailAddressGrantee is replaced by a CanonicalUserGrantee, so we cannot test by email addr
 assertTrue(acl.hasPermission(StubS3AsyncClient.TEST_ACL_ID, Permission.READ_ACP), acl.toString());
}

 public void run() {
   try {
    AccessControlList acl = getApi().getBucketACL(bucketName + "eu");
    assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ), acl.toString());
   } catch (Exception e) {
    Throwables.propagateIfPossible(e);
   }
 }
});

 public void run() {
   try {
    AccessControlList acl = getApi().getObjectACL(containerName, publicReadObjectKey);
    assertEquals(acl.getGrants().size(), 2);
    assertEquals(acl.getPermissions(GroupGranteeURI.ALL_USERS).size(), 1);
    assertNotNull(acl.getOwner());
    String ownerId = acl.getOwner().getId();
    assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL));
    assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ));
   } catch (Exception e) {
    Throwables.propagateIfPossible(e);
   }
 }
});

 public void run() {
   try {
    AccessControlList acl = getApi().getBucketACL(bucketName + "eu");
    assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ), acl.toString());
   } catch (Exception e) {
    Throwables.propagateIfPossible(e);
   }
 }
});

 private ListenableFuture<String> putBlobWithReducedRedundancy(String container, Blob blob) {
  AWSS3PutObjectOptions options = new AWSS3PutObjectOptions();
  try {
    AccessControlList acl = bucketAcls.getUnchecked(container);
    if (acl != null && acl.hasPermission(AccessControlList.GroupGranteeURI.ALL_USERS,
                      AccessControlList.Permission.READ)) {
     options.withAcl(CannedAccessPolicy.PUBLIC_READ);
    }
    options.storageClass(ObjectMetadata.StorageClass.REDUCED_REDUNDANCY);
  } catch (CacheLoader.InvalidCacheLoadException e) {
    // nulls not permitted from cache loader
  }
  return getContext().unwrap(AWSS3ApiMetadata.CONTEXT_TOKEN).getAsyncApi().putObject(container,
       blob2Object.apply(blob), options);
}

@Test
public void testAccessControlListOwnerOnly() throws HttpException {
 String ownerId = "1a405254c932b52e5b5caaa88186bc431a1bacb9ece631f835daddaf0c47677c";
 AccessControlList acl = createParser().parse(Strings2.toInputStream(aclOwnerOnly));
 assertEquals(acl.getOwner().getId(), ownerId);
 assertEquals(acl.getOwner().getDisplayName(), "jamesmurty");
 assertEquals(acl.getPermissions(ownerId).size(), 1);
 assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL));
 assertEquals(acl.getGrants().size(), 1);
 assertEquals(acl.getPermissions(GroupGranteeURI.ALL_USERS).size(), 0);
 assertEquals(acl.getPermissions(GroupGranteeURI.AUTHENTICATED_USERS).size(), 0);
 assertEquals(acl.getPermissions(GroupGranteeURI.LOG_DELIVERY).size(), 0);
}

public void testPrivateAclIsDefaultForBucket() throws InterruptedException, ExecutionException, TimeoutException,
   IOException {
 String bucketName = getContainerName();
 try {
   AccessControlList acl = getApi().getBucketACL(bucketName);
   assertEquals(acl.getGrants().size(), 1);
   assertNotNull(acl.getOwner());
   String ownerId = acl.getOwner().getId();
   assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL));
 } finally {
   returnContainer(bucketName);
 }
}

public void testPublicReadAccessPolicy() throws Exception {
 String bucketName = getScratchContainerName();
 try {
   getApi().putBucketInRegion(null, bucketName, withBucketAcl(CannedAccessPolicy.PUBLIC_READ));
   AccessControlList acl = getApi().getBucketACL(bucketName);
   assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ), acl.toString());
   // TODO: I believe that the following should work based on the above acl assertion passing.
   // However, it fails on 403
   // URL url = new URL(String.format("http://%s.s3.amazonaws.com", bucketName));
   // Utils.toStringAndClose(url.openStream());
 } finally {
   destroyContainer(bucketName);
 }
}