public class AccessControlList extends Object
AccessControlList.Grant
s, each of which specifies a AccessControlList.Permission
that
has been granted to a specific AccessControlList.Grantee
. If an payload tries to access or modify an item
in S3, the operation will be denied unless the item has ACL settings that explicitly permit that
payload to perform that action.Modifier and Type | Class and Description |
---|---|
static class |
AccessControlList.CanonicalUserGrantee |
static class |
AccessControlList.EmailAddressGrantee |
static class |
AccessControlList.Grant |
static class |
AccessControlList.Grantee |
static class |
AccessControlList.GroupGrantee |
static class |
AccessControlList.GroupGranteeURI |
static class |
AccessControlList.Permission |
Constructor and Description |
---|
AccessControlList() |
Modifier and Type | Method and Description |
---|---|
AccessControlList |
addPermission(AccessControlList.Grantee grantee,
String permission)
Add a permission for the given grantee.
|
AccessControlList |
addPermission(URI groupGranteeURI,
String permission)
Add a permission for the given group grantee.
|
boolean |
equals(Object obj) |
protected Collection<AccessControlList.Grant> |
findGrantsForGrantee(String granteeId)
Find all the grants for a given grantee, identified by an ID which allows all Grantee types to
be searched.
|
static AccessControlList |
fromCannedAccessPolicy(CannedAccessPolicy cannedAP,
String ownerId)
Converts a canned access control policy into the equivalent access control list.
|
Set<AccessControlList.Grantee> |
getGrantees() |
List<AccessControlList.Grant> |
getGrants() |
CanonicalUser |
getOwner() |
Collection<String> |
getPermissions(AccessControlList.Grantee grantee) |
Collection<String> |
getPermissions(String granteeId) |
Collection<String> |
getPermissions(URI granteeURI) |
int |
hashCode() |
boolean |
hasPermission(AccessControlList.Grantee grantee,
String permission) |
boolean |
hasPermission(String granteeId,
String permission) |
boolean |
hasPermission(URI granteeURI,
String permission) |
AccessControlList |
revokeAllPermissions(AccessControlList.Grantee grantee)
Revoke all the permissions granted to the given grantee.
|
AccessControlList |
revokePermission(AccessControlList.Grantee grantee,
String permission)
Revoke a permission for the given grantee, if this specific permission was granted.
|
AccessControlList |
revokePermission(URI groupGranteeURI,
String permission)
Revoke a permission for the given group grantee, if this specific permission was granted.
|
void |
setOwner(CanonicalUser owner) |
String |
toString() |
public void setOwner(CanonicalUser owner)
public CanonicalUser getOwner()
public List<AccessControlList.Grant> getGrants()
public Set<AccessControlList.Grantee> getGrantees()
public AccessControlList addPermission(AccessControlList.Grantee grantee, String permission)
grantee
- permission
- public AccessControlList addPermission(URI groupGranteeURI, String permission)
groupGranteeURI
- permission
- public AccessControlList revokePermission(AccessControlList.Grantee grantee, String permission)
AccessControlList.Permission.READ
permission from a grantee with
AccessControlList.Permission.FULL_CONTROL
access, the revocation will do nothing and
the grantee will retain full access. To change the access settings for this grantee, you must
first remove the AccessControlList.Permission.FULL_CONTROL
permission the add back the
AccessControlList.Permission.READ
permission.grantee
- permission
- public AccessControlList revokePermission(URI groupGranteeURI, String permission)
AccessControlList.Permission.READ
permission from a grantee with
AccessControlList.Permission.FULL_CONTROL
access, the revocation will do nothing and
the grantee will retain full access. To change the access settings for this grantee, you must
first remove the AccessControlList.Permission.FULL_CONTROL
permission the add back the
AccessControlList.Permission.READ
permission.groupGranteeURI
- permission
- public AccessControlList revokeAllPermissions(AccessControlList.Grantee grantee)
grantee
- public Collection<String> getPermissions(String granteeId)
granteeId
- public Collection<String> getPermissions(AccessControlList.Grantee grantee)
grantee
- public Collection<String> getPermissions(URI granteeURI)
granteeURI
- public boolean hasPermission(String granteeId, String permission)
granteeId
- permission
- public boolean hasPermission(AccessControlList.Grantee grantee, String permission)
grantee
- permission
- public boolean hasPermission(URI granteeURI, String permission)
granteeURI
- permission
- protected Collection<AccessControlList.Grant> findGrantsForGrantee(String granteeId)
granteeId
- identifier of a canonical user, email address user, or group.public static AccessControlList fromCannedAccessPolicy(CannedAccessPolicy cannedAP, String ownerId)
cannedAP
- ownerId
- Copyright © 2009-2018 The Apache Software Foundation. All Rights Reserved.