예제 #1
   * Just checks the basic S3 groups for membership of the userId. Caller must ensure that the
   * userId is a valid ID in the system. That is outside the scope of this method.
   * @param userId
   * @param group
   * @return
  public static boolean isUserMember(String userId, ObjectStorageProperties.S3_GROUP group) {
    if (group == null) {
      return false;

    if (ObjectStorageProperties.S3_GROUP.ALL_USERS_GROUP.equals(group)) {
      return true;

    if (ObjectStorageProperties.S3_GROUP.AUTHENTICATED_USERS_GROUP.equals(group)
        && !Strings.isNullOrEmpty(userId)
        && !userId.equals(Principals.nobodyUser().getUserId())) {
      return true;

    boolean isSystemAdmin = false;
    try {
      isSystemAdmin =
              || Accounts.lookupSystemAdmin().getUserId().equals(userId));
    } catch (AuthException e) {
      // Fall through
          "Got auth exception trying to lookup system admin user for group membership check in ec2-bundle-read",

    boolean isAWSExecReadUser = false;
    try {
      isAWSExecReadUser = Accounts.lookupAwsExecReadAdmin(false).getUserId().equals(userId);
    } catch (AuthException e) {
      // Fall through
          "Got auth exception trying to lookup aws-exec-read admin user for group membership check in ec2-bundle-read",

    if (ObjectStorageProperties.S3_GROUP.AWS_EXEC_READ.equals(group) && isAWSExecReadUser) {
      return true;

    // System only (or euca/admin) in the ec2-bundle-read group
    if (ObjectStorageProperties.S3_GROUP.EC2_BUNDLE_READ.equals(group) && isSystemAdmin) {
      return true;

    // System or euca/admin only in logging
    if (ObjectStorageProperties.S3_GROUP.LOGGING_GROUP.equals(group) && isSystemAdmin) {
      return true;

    return false;