Package org.jclouds.s3.domain

Class AccessControlList

java.lang.Object
org.jclouds.s3.domain.AccessControlList
public class AccessControlList extends Object
An Access Control List (ACL) describes the access control settings for a bucket or object in S3. ACL settings comprise a set of AccessControlList.Grants, each of which specifies a AccessControlList.Permission that has been granted to a specific AccessControlList.Grantee. If an payload tries to access or modify an item in S3, the operation will be denied unless the item has ACL settings that explicitly permit that payload to perform that action.

  • Constructor Details

    • AccessControlList

      public AccessControlList()

  • Method Details

    • setOwner

      public void setOwner(CanonicalUser owner)

    • getOwner

      public CanonicalUser getOwner()

    • getGrants

      public List<AccessControlList.Grant> getGrants()
      Returns:
      an unmodifiable set of grants represented by this ACL.

    • getGrantees

      public Set<AccessControlList.Grantee> getGrantees()
      Returns:
      an unmodifiable set of grantees who have been assigned permissions in this ACL.

    • addPermission

      public AccessControlList addPermission(AccessControlList.Grantee grantee, String permission)
      Add a permission for the given grantee.
      Parameters:
      grantee -
      permission -

    • addPermission

      public AccessControlList addPermission(URI groupGranteeURI, String permission)
      Add a permission for the given group grantee.
      Parameters:
      groupGranteeURI -
      permission -

    • revokePermission

      public AccessControlList revokePermission(AccessControlList.Grantee grantee, String permission)
      Revoke a permission for the given grantee, if this specific permission was granted. Note that you must be very explicit about the permissions you revoke, you cannot revoke partial permissions and expect this class to determine the implied remaining permissions. For example, if you revoke the AccessControlList.Permission.READ permission from a grantee with AccessControlList.Permission.FULL_CONTROL access, the revocation will do nothing and the grantee will retain full access. To change the access settings for this grantee, you must first remove the AccessControlList.Permission.FULL_CONTROL permission the add back the AccessControlList.Permission.READ permission.
      Parameters:
      grantee -
      permission -

    • revokePermission

      public AccessControlList revokePermission(URI groupGranteeURI, String permission)
      Revoke a permission for the given group grantee, if this specific permission was granted. Note that you must be very explicit about the permissions you revoke, you cannot revoke partial permissions and expect this class to determine the implied remaining permissions. For example, if you revoke the AccessControlList.Permission.READ permission from a grantee with AccessControlList.Permission.FULL_CONTROL access, the revocation will do nothing and the grantee will retain full access. To change the access settings for this grantee, you must first remove the AccessControlList.Permission.FULL_CONTROL permission the add back the AccessControlList.Permission.READ permission.
      Parameters:
      groupGranteeURI -
      permission -

    • revokeAllPermissions

      public AccessControlList revokeAllPermissions(AccessControlList.Grantee grantee)
      Revoke all the permissions granted to the given grantee.
      Parameters:
      grantee -

    • getPermissions

      public Collection<String> getPermissions(String granteeId)
      Parameters:
      granteeId -
      Returns:
      the permissions assigned to a grantee, as identified by the given ID.

    • getPermissions

      public Collection<String> getPermissions(AccessControlList.Grantee grantee)
      Parameters:
      grantee -
      Returns:
      the permissions assigned to a grantee.

    • getPermissions

      public Collection<String> getPermissions(URI granteeURI)
      Parameters:
      granteeURI -
      Returns:
      the permissions assigned to a group grantee.

    • hasPermission

      public boolean hasPermission(String granteeId, String permission)
      Parameters:
      granteeId -
      permission -
      Returns:
      true if the grantee has the given permission.

    • hasPermission

      public boolean hasPermission(AccessControlList.Grantee grantee, String permission)
      Parameters:
      grantee -
      permission -
      Returns:
      true if the grantee has the given permission.

    • hasPermission

      public boolean hasPermission(URI granteeURI, String permission)
      Parameters:
      granteeURI -
      permission -
      Returns:
      true if the grantee has the given permission.

    • findGrantsForGrantee

      protected Collection<AccessControlList.Grant> findGrantsForGrantee(String granteeId)
      Find all the grants for a given grantee, identified by an ID which allows all Grantee types to be searched.
      Parameters:
      granteeId - identifier of a canonical user, email address user, or group.

    • fromCannedAccessPolicy

      public static AccessControlList fromCannedAccessPolicy(CannedAccessPolicy cannedAP, String ownerId)
      Converts a canned access control policy into the equivalent access control list.
      Parameters:
      cannedAP -
      ownerId -

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class Object