/** * Processes a list by finding all canned-acls and expanding those. The returned list is a new * list that includes all non-canned ACL entries of the input as well as the expanded grants * mapped to canned-acls * * <p>CannedAcls are Grants with Grantee = "", and Permision is the canned-acl string * * @param msgAcl * @return */ public static AccessControlList expandCannedAcl( @Nonnull AccessControlList msgAcl, @Nullable final String bucketOwnerCanonicalId, @Nullable final String objectOwnerCanonicalId) throws EucalyptusCloudException { if (msgAcl == null) { throw new IllegalArgumentException("Null list received"); } AccessControlList outputList = new AccessControlList(); if (outputList.getGrants() == null) { // Should be handled by constructor of ACL, but just to be sure outputList.setGrants(new ArrayList<Grant>()); } final OwnerIdPair owners = new OwnerIdPair(bucketOwnerCanonicalId, objectOwnerCanonicalId); String entryValue = null; for (Grant msgGrant : msgAcl.getGrants()) { entryValue = msgGrant .getPermission(); // The OSG binding populates the canned-acl in the permission field try { if (cannedAclMap.containsKey(entryValue)) { outputList.getGrants().addAll(cannedAclMap.get(entryValue).apply(owners)); } else { // add to output. outputList.getGrants().add(msgGrant); } } catch (Exception e) { // Failed. Stop now throw new EucalyptusCloudException("Failed generating the full ACL from canned ACL", e); } } return outputList; }