public static AccessControl parseAccessControl(String str) {
String[] parts = str.split(":");
String type = "other";
String name = "";
String access = "-";
if (parts.length > 3) {
throw new IllegalArgumentException("Don't know how to parse " + str + " into an ACL value");
} else if (parts.length == 1) {
type = "other";
name = "";
access = parts[0];
} else if (parts.length == 2) {
type = "user";
name = parts[0];
access = parts[1];
} else if (parts.length == 3) {
type = parts[0];
name = parts[1];
access = parts[2];
}
AccessControl ret = new AccessControl();
ret.set_type(parseACLType(type));
ret.set_name(name);
ret.set_access(parseAccess(access));
return ret;
}
private boolean worldEverything(List<AccessControl> acls) {
boolean isWorldEverything = false;
for (AccessControl acl : acls) {
if (acl.get_type() == AccessControlType.OTHER && acl.get_access() == (READ | WRITE | ADMIN)) {
isWorldEverything = true;
break;
}
}
return isWorldEverything;
}
private List<AccessControl> removeBadACLs(List<AccessControl> accessControls) {
List<AccessControl> resultAcl = new ArrayList<AccessControl>();
for (AccessControl control : accessControls) {
if (control.get_type().equals(AccessControlType.OTHER) && (control.get_access() == 0)) {
LOG.debug(
"Removing invalid blobstore world ACL "
+ BlobStoreAclHandler.accessControlToString(control));
continue;
}
resultAcl.add(control);
}
return resultAcl;
}
private int getAllowed(AccessControl ac, Set<String> users) {
switch (ac.get_type()) {
case OTHER:
return ac.get_access();
case USER:
if (users.contains(ac.get_name())) {
return ac.get_access();
}
return 0;
default:
return 0;
}
}
public static void validateSettableACLs(String key, List<AccessControl> acls)
throws AuthorizationException {
Set<String> aclUsers = new HashSet<>();
List<String> duplicateUsers = new ArrayList<>();
for (AccessControl acl : acls) {
String aclUser = acl.get_name();
if (!StringUtils.isEmpty(aclUser) && !aclUsers.add(aclUser)) {
LOG.error("'{}' user can't appear more than once in the ACLs", aclUser);
duplicateUsers.add(aclUser);
}
}
if (duplicateUsers.size() > 0) {
String errorMessage =
"user "
+ Arrays.toString(duplicateUsers.toArray())
+ " can't appear more than once in the ACLs for key ["
+ key
+ "].";
throw new AuthorizationException(errorMessage);
}
}
public static String accessControlToString(AccessControl ac) {
StringBuilder ret = new StringBuilder();
switch (ac.get_type()) {
case OTHER:
ret.append("o");
break;
case USER:
ret.append("u");
break;
default:
throw new IllegalArgumentException(
"Don't know what a type of " + ac.get_type() + " means ");
}
ret.append(":");
if (ac.is_set_name()) {
ret.append(ac.get_name());
}
ret.append(":");
ret.append(accessToString(ac.get_access()));
return ret.toString();
}
private void fixACLsForUser(List<AccessControl> acls, String user, int mask) {
boolean foundUserACL = false;
for (AccessControl control : acls) {
if (control.get_type() == AccessControlType.USER && control.get_name().equals(user)) {
int currentAccess = control.get_access();
if ((currentAccess & mask) != mask) {
control.set_access(currentAccess | mask);
}
foundUserACL = true;
break;
}
}
if (!foundUserACL) {
AccessControl userACL = new AccessControl();
userACL.set_type(AccessControlType.USER);
userACL.set_name(user);
userACL.set_access(mask);
acls.add(userACL);
}
}
