org.jclouds.s3.domain

Class AccessControlList

java.lang.Object

org.jclouds.s3.domain.AccessControlList

public class AccessControlList
extends Object

An Access Control List (ACL) describes the access control settings for a bucket or object in S3. ACL settings comprise a set of AccessControlList.Grants, each of which specifies a AccessControlList.Permission that has been granted to a specific AccessControlList.Grantee. If an payload tries to access or modify an item in S3, the operation will be denied unless the item has ACL settings that explicitly permit that payload to perform that action.

Author:

James Murty

See Also:

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	AccessControlList.CanonicalUserGrantee
static class	AccessControlList.EmailAddressGrantee
static class	AccessControlList.Grant
static class	AccessControlList.Grantee
static class	AccessControlList.GroupGrantee
static interface	AccessControlList.GroupGranteeURI
static interface	AccessControlList.Permission

Constructor Summary

Constructors

Constructor and Description
AccessControlList()

Method Summary

Methods

Modifier and Type	Method and Description
AccessControlList	addPermission(AccessControlList.Grantee grantee, String permission) Add a permission for the given grantee.
AccessControlList	addPermission(URI groupGranteeURI, String permission) Add a permission for the given group grantee.
boolean	equals(Object obj)
protected Collection<AccessControlList.Grant>	findGrantsForGrantee(String granteeId) Find all the grants for a given grantee, identified by an ID which allows all Grantee types to be searched.
static AccessControlList	fromCannedAccessPolicy(CannedAccessPolicy cannedAP, String ownerId) Converts a canned access control policy into the equivalent access control list.
Set<AccessControlList.Grantee>	getGrantees()
List<AccessControlList.Grant>	getGrants()
CanonicalUser	getOwner()
Collection<String>	getPermissions(AccessControlList.Grantee grantee)
Collection<String>	getPermissions(String granteeId)
Collection<String>	getPermissions(URI granteeURI)
int	hashCode()
boolean	hasPermission(AccessControlList.Grantee grantee, String permission)
boolean	hasPermission(String granteeId, String permission)
boolean	hasPermission(URI granteeURI, String permission)
AccessControlList	revokeAllPermissions(AccessControlList.Grantee grantee) Revoke all the permissions granted to the given grantee.
AccessControlList	revokePermission(AccessControlList.Grantee grantee, String permission) Revoke a permission for the given grantee, if this specific permission was granted.
AccessControlList	revokePermission(URI groupGranteeURI, String permission) Revoke a permission for the given group grantee, if this specific permission was granted.
void	setOwner(CanonicalUser owner)
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

AccessControlList

public AccessControlList()

Method Detail

setOwner

public void setOwner(CanonicalUser owner)

getOwner

public CanonicalUser getOwner()

getGrants

public List<AccessControlList.Grant> getGrants()

Returns:

an unmodifiable set of grants represented by this ACL.

getGrantees

public Set<AccessControlList.Grantee> getGrantees()

Returns:

an unmodifiable set of grantees who have been assigned permissions in this ACL.

addPermission

public AccessControlList addPermission(AccessControlList.Grantee grantee,
                              String permission)

Add a permission for the given grantee.

Parameters:

grantee -

permission -

addPermission

public AccessControlList addPermission(URI groupGranteeURI,
                              String permission)

Add a permission for the given group grantee.

Parameters:

groupGranteeURI -

permission -

revokePermission

public AccessControlList revokePermission(AccessControlList.Grantee grantee,
                                 String permission)

Revoke a permission for the given grantee, if this specific permission was granted. Note that you must be very explicit about the permissions you revoke, you cannot revoke partial permissions and expect this class to determine the implied remaining permissions. For example, if you revoke the AccessControlList.Permission.READ permission from a grantee with AccessControlList.Permission.FULL_CONTROL access, the revocation will do nothing and the grantee will retain full access. To change the access settings for this grantee, you must first remove the AccessControlList.Permission.FULL_CONTROL permission the add back the AccessControlList.Permission.READ permission.

Parameters:

grantee -

permission -

revokePermission

public AccessControlList revokePermission(URI groupGranteeURI,
                                 String permission)

Revoke a permission for the given group grantee, if this specific permission was granted. Note that you must be very explicit about the permissions you revoke, you cannot revoke partial permissions and expect this class to determine the implied remaining permissions. For example, if you revoke the AccessControlList.Permission.READ permission from a grantee with AccessControlList.Permission.FULL_CONTROL access, the revocation will do nothing and the grantee will retain full access. To change the access settings for this grantee, you must first remove the AccessControlList.Permission.FULL_CONTROL permission the add back the AccessControlList.Permission.READ permission.

Parameters:

groupGranteeURI -

permission -

revokeAllPermissions

public AccessControlList revokeAllPermissions(AccessControlList.Grantee grantee)

Revoke all the permissions granted to the given grantee.

Parameters:

grantee -

getPermissions

public Collection<String> getPermissions(String granteeId)

Parameters:

granteeId -

Returns:

the permissions assigned to a grantee, as identified by the given ID.

getPermissions

public Collection<String> getPermissions(AccessControlList.Grantee grantee)

Parameters:

grantee -

Returns:

the permissions assigned to a grantee.

getPermissions

public Collection<String> getPermissions(URI granteeURI)

Parameters:

granteeURI -

Returns:

the permissions assigned to a group grantee.

hasPermission

public boolean hasPermission(String granteeId,
                    String permission)

Parameters:

granteeId -

permission -

Returns:

true if the grantee has the given permission.

hasPermission

public boolean hasPermission(AccessControlList.Grantee grantee,
                    String permission)

Parameters:

grantee -

permission -

Returns:

true if the grantee has the given permission.

hasPermission

public boolean hasPermission(URI granteeURI,
                    String permission)

Parameters:

granteeURI -

permission -

Returns:

true if the grantee has the given permission.

findGrantsForGrantee

protected Collection<AccessControlList.Grant> findGrantsForGrantee(String granteeId)

Find all the grants for a given grantee, identified by an ID which allows all Grantee types to be searched.

Parameters:

granteeId - identifier of a canonical user, email address user, or group.

fromCannedAccessPolicy

public static AccessControlList fromCannedAccessPolicy(CannedAccessPolicy cannedAP,
                                       String ownerId)

Converts a canned access control policy into the equivalent access control list.

Parameters:

cannedAP -

ownerId -

toString

public String toString()

Overrides:

toString in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

equals

public boolean equals(Object obj)

Overrides:

equals in class Object