@Override public List<Grant> apply(OwnerIdPair ownerIds) { ArrayList<Grant> privateGrants = new ArrayList<Grant>(); Grant ownerFullControl = new Grant(); Grantee owner = new Grantee(); String displayName = ""; String ownerCanonicalId = null; if (!Strings.isNullOrEmpty(ownerIds.getObjectOwnerCanonicalId())) { ownerCanonicalId = ownerIds.getObjectOwnerCanonicalId(); } else { ownerCanonicalId = ownerIds.getBucketOwnerCanonicalId(); } try { displayName = Accounts.lookupAccountByCanonicalId(ownerCanonicalId).getName(); } catch (AuthException e) { displayName = ""; } owner.setCanonicalUser(new CanonicalUser(ownerCanonicalId, displayName)); owner.setType("CanonicalUser"); ownerFullControl.setGrantee(owner); ownerFullControl.setPermission(ObjectStorageProperties.Permission.FULL_CONTROL.toString()); privateGrants.add(ownerFullControl); return privateGrants; }
/** * Ensures the the policy is not empty. If found empty or null, a 'private' policy is generated * and returned. If creating for an object, the BucketOwnerCanonicalId must not be null. If found * null, then a bucket-creation is expected and ACLs will be expanded as such. * * @param requestUser * @param policy * @return */ public static AccessControlPolicy processNewResourcePolicy( @Nonnull User requestUser, @Nullable AccessControlPolicy policy, @Nullable String bucketOwnerCanonicalId) throws Exception { AccessControlPolicy acPolicy = null; if (policy != null) { acPolicy = policy; } else { acPolicy = new AccessControlPolicy(); } if (acPolicy.getOwner() == null) { acPolicy.setOwner(buildCanonicalUser(requestUser.getAccount())); } if (acPolicy.getAccessControlList() == null) { acPolicy.setAccessControlList(new AccessControlList()); } if (acPolicy.getAccessControlList().getGrants() == null || acPolicy.getAccessControlList().getGrants().size() == 0) { // Add default 'fullcontrol' grant for owner. acPolicy .getAccessControlList() .getGrants() .add( new Grant( new Grantee(buildCanonicalUser(requestUser.getAccount())), ObjectStorageProperties.Permission.FULL_CONTROL.toString())); } if (bucketOwnerCanonicalId != null) { acPolicy.setAccessControlList( AclUtils.expandCannedAcl( acPolicy.getAccessControlList(), bucketOwnerCanonicalId, requestUser.getAccount().getCanonicalId())); } else { acPolicy.setAccessControlList( AclUtils.expandCannedAcl( acPolicy.getAccessControlList(), requestUser.getAccount().getCanonicalId(), null)); } return acPolicy; }
@Override public List<Grant> apply(OwnerIdPair ownerIds) { List<Grant> bucketOwnerFullControl = PrivateOnlyGrantBuilder.INSTANCE.apply(ownerIds); String canonicalId = ownerIds.getBucketOwnerCanonicalId(); String displayName = ""; try { displayName = Accounts.lookupAccountByCanonicalId(canonicalId).getName(); } catch (AuthException e) { displayName = ""; } Grantee bucketOwner = new Grantee(); bucketOwner.setCanonicalUser(new CanonicalUser(canonicalId, displayName)); Grant bucketOwnerGrant = new Grant(); bucketOwnerGrant.setPermission(ObjectStorageProperties.Permission.FULL_CONTROL.toString()); bucketOwnerGrant.setGrantee(bucketOwner); bucketOwnerFullControl.add(bucketOwnerGrant); return bucketOwnerFullControl; }