/**
* Processes a list by finding all canned-acls and expanding those. The returned list is a new
* list that includes all non-canned ACL entries of the input as well as the expanded grants
* mapped to canned-acls
*
* <p>CannedAcls are Grants with Grantee = "", and Permision is the canned-acl string
*
* @param msgAcl
* @return
*/
public static AccessControlList expandCannedAcl(
@Nonnull AccessControlList msgAcl,
@Nullable final String bucketOwnerCanonicalId,
@Nullable final String objectOwnerCanonicalId)
throws EucalyptusCloudException {
if (msgAcl == null) {
throw new IllegalArgumentException("Null list received");
}
AccessControlList outputList = new AccessControlList();
if (outputList.getGrants() == null) {
// Should be handled by constructor of ACL, but just to be sure
outputList.setGrants(new ArrayList<Grant>());
}
final OwnerIdPair owners = new OwnerIdPair(bucketOwnerCanonicalId, objectOwnerCanonicalId);
String entryValue = null;
for (Grant msgGrant : msgAcl.getGrants()) {
entryValue =
msgGrant
.getPermission(); // The OSG binding populates the canned-acl in the permission field
try {
if (cannedAclMap.containsKey(entryValue)) {
outputList.getGrants().addAll(cannedAclMap.get(entryValue).apply(owners));
} else {
// add to output.
outputList.getGrants().add(msgGrant);
}
} catch (Exception e) {
// Failed. Stop now
throw new EucalyptusCloudException("Failed generating the full ACL from canned ACL", e);
}
}
return outputList;
}
