@Override public List<Grant> apply(OwnerIdPair ownerIds) { ArrayList<Grant> privateGrants = new ArrayList<Grant>(); Grant ownerFullControl = new Grant(); Grantee owner = new Grantee(); String displayName = ""; String ownerCanonicalId = null; if (!Strings.isNullOrEmpty(ownerIds.getObjectOwnerCanonicalId())) { ownerCanonicalId = ownerIds.getObjectOwnerCanonicalId(); } else { ownerCanonicalId = ownerIds.getBucketOwnerCanonicalId(); } try { displayName = Accounts.lookupAccountByCanonicalId(ownerCanonicalId).getName(); } catch (AuthException e) { displayName = ""; } owner.setCanonicalUser(new CanonicalUser(ownerCanonicalId, displayName)); owner.setType("CanonicalUser"); ownerFullControl.setGrantee(owner); ownerFullControl.setPermission(ObjectStorageProperties.Permission.FULL_CONTROL.toString()); privateGrants.add(ownerFullControl); return privateGrants; }
/** * Checks grants and transforms grantees into canonicalId from eucalyptus account id or email * address * * @param acl * @return */ public static AccessControlList scrubAcl(AccessControlList acl) { AccessControlList scrubbed = new AccessControlList(); if (acl == null || acl.getGrants() == null || acl.getGrants().size() == 0) { return scrubbed; } String canonicalId = null; Grantee grantee; CanonicalUser canonicalUser; Group group; String email; for (Grant g : acl.getGrants()) { grantee = g.getGrantee(); if (grantee == null) { continue; // skip, no grantee } else { canonicalUser = grantee.getCanonicalUser(); group = grantee.getGroup(); email = grantee.getEmailAddress(); } canonicalId = canonicalUser == null ? null : resolveCanonicalId(canonicalUser.getID()); if (canonicalId == null) { try { User user = Accounts.lookupUserByEmailAddress(email); if (user != null && user.isAccountAdmin() && user.getAccount() != null) { canonicalId = user.getAccount().getCanonicalId(); } } catch (AuthException authEx) { // no-op, we'll check the group } } if (canonicalId == null && group != null && !Strings.isNullOrEmpty(group.getUri())) { ObjectStorageProperties.S3_GROUP foundGroup = AclUtils.getGroupFromUri(group.getUri()); if (foundGroup == null) { throw new NoSuchElementException("URI: " + group.getUri() + " not found in group map"); } // Group URI, use as canonicalId for now. canonicalId = group.getUri(); } if (canonicalId == null) { throw new NoSuchElementException("No canonicalId found for grant: " + g.toString()); } else { if (grantee.getCanonicalUser() == null) { grantee.setCanonicalUser(new CanonicalUser(canonicalId, "")); } else { grantee.getCanonicalUser().setID(canonicalId); } } } return acl; }
@Override public List<Grant> apply(OwnerIdPair ownerIds) { List<Grant> bucketOwnerRead = PrivateOnlyGrantBuilder.INSTANCE.apply(ownerIds); String canonicalId = ownerIds.getBucketOwnerCanonicalId(); String displayName = ""; try { displayName = Accounts.lookupAccountByCanonicalId(canonicalId).getName(); } catch (AuthException e) { displayName = ""; } Grantee bucketOwner = new Grantee(); bucketOwner.setCanonicalUser(new CanonicalUser(canonicalId, displayName)); Grant bucketOwnerGrant = new Grant(); bucketOwnerGrant.setPermission(ObjectStorageProperties.Permission.READ.toString()); bucketOwnerGrant.setGrantee(bucketOwner); bucketOwnerRead.add(bucketOwnerGrant); return bucketOwnerRead; }