org.jclouds.s3.domain
Class AccessControlList

java.lang.Object
  extended by org.jclouds.s3.domain.AccessControlList

public class AccessControlList
extends Object

An Access Control List (ACL) describes the access control settings for a bucket or object in S3. ACL settings comprise a set of AccessControlList.Grants, each of which specifies a AccessControlList.Permission that has been granted to a specific AccessControlList.Grantee. If an payload tries to access or modify an item in S3, the operation will be denied unless the item has ACL settings that explicitly permit that payload to perform that action.

Author:
James Murty
See Also:

Nested Class Summary
static class AccessControlList.CanonicalUserGrantee
           
static class AccessControlList.EmailAddressGrantee
           
static class AccessControlList.Grant
           
static class AccessControlList.Grantee
           
static class AccessControlList.GroupGrantee
           
static interface AccessControlList.GroupGranteeURI
           
static interface AccessControlList.Permission
           
 
Constructor Summary
AccessControlList()
           
 
Method Summary
 AccessControlList addPermission(AccessControlList.Grantee grantee, String permission)
          Add a permission for the given grantee.
 AccessControlList addPermission(URI groupGranteeURI, String permission)
          Add a permission for the given group grantee.
 boolean equals(Object obj)
           
protected  Collection<AccessControlList.Grant> findGrantsForGrantee(String granteeId)
          Find all the grants for a given grantee, identified by an ID which allows all Grantee types to be searched.
static AccessControlList fromCannedAccessPolicy(CannedAccessPolicy cannedAP, String ownerId)
          Converts a canned access control policy into the equivalent access control list.
 Set<AccessControlList.Grantee> getGrantees()
           
 List<AccessControlList.Grant> getGrants()
           
 CanonicalUser getOwner()
           
 Collection<String> getPermissions(AccessControlList.Grantee grantee)
           
 Collection<String> getPermissions(String granteeId)
           
 Collection<String> getPermissions(URI granteeURI)
           
 int hashCode()
           
 boolean hasPermission(AccessControlList.Grantee grantee, String permission)
           
 boolean hasPermission(String granteeId, String permission)
           
 boolean hasPermission(URI granteeURI, String permission)
           
 AccessControlList revokeAllPermissions(AccessControlList.Grantee grantee)
          Revoke all the permissions granted to the given grantee.
 AccessControlList revokePermission(AccessControlList.Grantee grantee, String permission)
          Revoke a permission for the given grantee, if this specific permission was granted.
 AccessControlList revokePermission(URI groupGranteeURI, String permission)
          Revoke a permission for the given group grantee, if this specific permission was granted.
 void setOwner(CanonicalUser owner)
           
 String toString()
           
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Constructor Detail

AccessControlList

public AccessControlList()
Method Detail

setOwner

public void setOwner(CanonicalUser owner)

getOwner

public CanonicalUser getOwner()

getGrants

public List<AccessControlList.Grant> getGrants()
Returns:
an unmodifiable set of grants represented by this ACL.

getGrantees

public Set<AccessControlList.Grantee> getGrantees()
Returns:
an unmodifiable set of grantees who have been assigned permissions in this ACL.

addPermission

public AccessControlList addPermission(AccessControlList.Grantee grantee,
                                       String permission)
Add a permission for the given grantee.

Parameters:
grantee -
permission -

addPermission

public AccessControlList addPermission(URI groupGranteeURI,
                                       String permission)
Add a permission for the given group grantee.

Parameters:
groupGranteeURI -
permission -

revokePermission

public AccessControlList revokePermission(AccessControlList.Grantee grantee,
                                          String permission)
Revoke a permission for the given grantee, if this specific permission was granted. Note that you must be very explicit about the permissions you revoke, you cannot revoke partial permissions and expect this class to determine the implied remaining permissions. For example, if you revoke the AccessControlList.Permission.READ permission from a grantee with AccessControlList.Permission.FULL_CONTROL access, the revocation will do nothing and the grantee will retain full access. To change the access settings for this grantee, you must first remove the AccessControlList.Permission.FULL_CONTROL permission the add back the AccessControlList.Permission.READ permission.

Parameters:
grantee -
permission -

revokePermission

public AccessControlList revokePermission(URI groupGranteeURI,
                                          String permission)
Revoke a permission for the given group grantee, if this specific permission was granted. Note that you must be very explicit about the permissions you revoke, you cannot revoke partial permissions and expect this class to determine the implied remaining permissions. For example, if you revoke the AccessControlList.Permission.READ permission from a grantee with AccessControlList.Permission.FULL_CONTROL access, the revocation will do nothing and the grantee will retain full access. To change the access settings for this grantee, you must first remove the AccessControlList.Permission.FULL_CONTROL permission the add back the AccessControlList.Permission.READ permission.

Parameters:
groupGranteeURI -
permission -

revokeAllPermissions

public AccessControlList revokeAllPermissions(AccessControlList.Grantee grantee)
Revoke all the permissions granted to the given grantee.

Parameters:
grantee -

getPermissions

public Collection<String> getPermissions(String granteeId)
Parameters:
granteeId -
Returns:
the permissions assigned to a grantee, as identified by the given ID.

getPermissions

public Collection<String> getPermissions(AccessControlList.Grantee grantee)
Parameters:
grantee -
Returns:
the permissions assigned to a grantee.

getPermissions

public Collection<String> getPermissions(URI granteeURI)
Parameters:
granteeURI -
Returns:
the permissions assigned to a group grantee.

hasPermission

public boolean hasPermission(String granteeId,
                             String permission)
Parameters:
granteeId -
permission -
Returns:
true if the grantee has the given permission.

hasPermission

public boolean hasPermission(AccessControlList.Grantee grantee,
                             String permission)
Parameters:
grantee -
permission -
Returns:
true if the grantee has the given permission.

hasPermission

public boolean hasPermission(URI granteeURI,
                             String permission)
Parameters:
granteeURI -
permission -
Returns:
true if the grantee has the given permission.

findGrantsForGrantee

protected Collection<AccessControlList.Grant> findGrantsForGrantee(String granteeId)
Find all the grants for a given grantee, identified by an ID which allows all Grantee types to be searched.

Parameters:
granteeId - identifier of a canonical user, email address user, or group.

fromCannedAccessPolicy

public static AccessControlList fromCannedAccessPolicy(CannedAccessPolicy cannedAP,
                                                       String ownerId)
Converts a canned access control policy into the equivalent access control list.

Parameters:
cannedAP -
ownerId -

toString

public String toString()
Overrides:
toString in class Object

hashCode

public int hashCode()
Overrides:
hashCode in class Object

equals

public boolean equals(Object obj)
Overrides:
equals in class Object


Copyright © 2009-2011 jclouds. All Rights Reserved.