Example #1
0
    @Override
    public List<Grant> apply(OwnerIdPair ownerIds) {
      ArrayList<Grant> privateGrants = new ArrayList<Grant>();
      Grant ownerFullControl = new Grant();
      Grantee owner = new Grantee();
      String displayName = "";
      String ownerCanonicalId = null;
      if (!Strings.isNullOrEmpty(ownerIds.getObjectOwnerCanonicalId())) {
        ownerCanonicalId = ownerIds.getObjectOwnerCanonicalId();
      } else {
        ownerCanonicalId = ownerIds.getBucketOwnerCanonicalId();
      }

      try {
        displayName = Accounts.lookupAccountByCanonicalId(ownerCanonicalId).getName();
      } catch (AuthException e) {
        displayName = "";
      }
      owner.setCanonicalUser(new CanonicalUser(ownerCanonicalId, displayName));
      owner.setType("CanonicalUser");
      ownerFullControl.setGrantee(owner);
      ownerFullControl.setPermission(ObjectStorageProperties.Permission.FULL_CONTROL.toString());
      privateGrants.add(ownerFullControl);
      return privateGrants;
    }
Example #2
0
  /**
   * Ensures the the policy is not empty. If found empty or null, a 'private' policy is generated
   * and returned. If creating for an object, the BucketOwnerCanonicalId must not be null. If found
   * null, then a bucket-creation is expected and ACLs will be expanded as such.
   *
   * @param requestUser
   * @param policy
   * @return
   */
  public static AccessControlPolicy processNewResourcePolicy(
      @Nonnull User requestUser,
      @Nullable AccessControlPolicy policy,
      @Nullable String bucketOwnerCanonicalId)
      throws Exception {
    AccessControlPolicy acPolicy = null;
    if (policy != null) {
      acPolicy = policy;
    } else {
      acPolicy = new AccessControlPolicy();
    }

    if (acPolicy.getOwner() == null) {
      acPolicy.setOwner(buildCanonicalUser(requestUser.getAccount()));
    }

    if (acPolicy.getAccessControlList() == null) {
      acPolicy.setAccessControlList(new AccessControlList());
    }

    if (acPolicy.getAccessControlList().getGrants() == null
        || acPolicy.getAccessControlList().getGrants().size() == 0) {
      // Add default 'fullcontrol' grant for owner.
      acPolicy
          .getAccessControlList()
          .getGrants()
          .add(
              new Grant(
                  new Grantee(buildCanonicalUser(requestUser.getAccount())),
                  ObjectStorageProperties.Permission.FULL_CONTROL.toString()));
    }

    if (bucketOwnerCanonicalId != null) {
      acPolicy.setAccessControlList(
          AclUtils.expandCannedAcl(
              acPolicy.getAccessControlList(),
              bucketOwnerCanonicalId,
              requestUser.getAccount().getCanonicalId()));
    } else {
      acPolicy.setAccessControlList(
          AclUtils.expandCannedAcl(
              acPolicy.getAccessControlList(), requestUser.getAccount().getCanonicalId(), null));
    }

    return acPolicy;
  }
Example #3
0
    @Override
    public List<Grant> apply(OwnerIdPair ownerIds) {
      List<Grant> bucketOwnerFullControl = PrivateOnlyGrantBuilder.INSTANCE.apply(ownerIds);
      String canonicalId = ownerIds.getBucketOwnerCanonicalId();
      String displayName = "";
      try {
        displayName = Accounts.lookupAccountByCanonicalId(canonicalId).getName();
      } catch (AuthException e) {
        displayName = "";
      }

      Grantee bucketOwner = new Grantee();
      bucketOwner.setCanonicalUser(new CanonicalUser(canonicalId, displayName));
      Grant bucketOwnerGrant = new Grant();
      bucketOwnerGrant.setPermission(ObjectStorageProperties.Permission.FULL_CONTROL.toString());
      bucketOwnerGrant.setGrantee(bucketOwner);
      bucketOwnerFullControl.add(bucketOwnerGrant);
      return bucketOwnerFullControl;
    }