1
0
Fork 0
mirror of https://github.com/fog/fog.git synced 2022-11-09 13:51:43 -05:00

Merge pull request #480 from dblock/put-object-acl

[storage|aws] extended put_object_acl and put_bucket_acl to support canned ACLs
This commit is contained in:
Wesley Beary 2011-08-25 09:12:08 -07:00
commit 33a3677369
5 changed files with 180 additions and 68 deletions

View file

@ -0,0 +1,45 @@
module Fog
module Storage
class AWS
private
def self.hash_to_acl(acl)
data =
<<-DATA
<AccessControlPolicy>
<Owner>
<ID>#{acl['Owner']['ID']}</ID>
<DisplayName>#{acl['Owner']['DisplayName']}</DisplayName>
</Owner>
<AccessControlList>
DATA
acl['AccessControlList'].each do |grant|
data << " <Grant>\n"
type = case grant['Grantee'].keys.sort
when ['DisplayName', 'ID']
'CanonicalUser'
when ['EmailAddress']
'AmazonCustomerByEmail'
when ['URI']
'Group'
end
data << " <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"#{type}\">\n"
for key, value in grant['Grantee']
data << " <#{key}>#{value}</#{key}>\n"
end
data << " </Grantee>\n"
data << " <Permission>#{grant['Permission']}</Permission>\n"
data << " </Grant>\n"
end
data <<
<<-DATA
</AccessControlList>
</AccessControlPolicy>
DATA
data
end
end
end
end

View file

@ -3,6 +3,8 @@ module Fog
class AWS
class Real
require 'fog/aws/requests/storage/hash_to_acl'
# Change access control list for an S3 bucket
#
# ==== Parameters
@ -20,57 +22,52 @@ module Fog
# or
# * 'URI'<~String> - URI of group to grant access for
# * Permission<~String> - Permission, in [FULL_CONTROL, WRITE, WRITE_ACP, READ, READ_ACP]
# * acl<~String> - Permissions, must be in ['private', 'public-read', 'public-read-write', 'authenticated-read']
#
# ==== See Also
# http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTacl.html
def put_bucket_acl(bucket_name, acl)
data =
<<-DATA
<AccessControlPolicy>
<Owner>
<ID>#{acl['Owner']['ID']}</ID>
<DisplayName>#{acl['Owner']['DisplayName']}</DisplayName>
</Owner>
<AccessControlList>
DATA
data = ""
headers = {}
acl['AccessControlList'].each do |grant|
data << " <Grant>"
type = case grant['Grantee'].keys.sort
when ['DisplayName', 'ID']
'CanonicalUser'
when ['EmailAddress']
'AmazonCustomerByEmail'
when ['URI']
'Group'
if acl.is_a?(Hash)
data = Fog::Storage::AWS.hash_to_acl(acl)
else
if !['private', 'public-read', 'public-read-write', 'authenticated-read'].include?(acl)
raise Excon::Errors::BadRequest.new('invalid x-amz-acl')
end
data << " <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"#{type}\">"
for key, value in grant['Grantee']
data << " <#{key}>#{value}</#{key}>"
end
data << " </Grantee>"
data << " <Permission>#{grant['Permission']}</Permission>"
data << " </Grant>"
headers['x-amz-acl'] = acl
end
data <<
<<-DATA
</AccessControlList>
</AccessControlPolicy>
DATA
headers['Content-MD5'] = Base64.encode64(Digest::MD5.digest(data)).strip
headers['Content-Type'] = 'application/json'
headers['Date'] = Fog::Time.now.to_date_header
request({
:body => data,
:expects => 200,
:headers => {},
:headers => headers,
:host => "#{bucket_name}.#{@host}",
:method => 'PUT',
:query => {'acl' => nil}
})
end
end
class Mock
def put_bucket_acl(bucket_name, acl)
if acl.is_a?(Hash)
self.data[:acls][:bucket][bucket_name] = Fog::Storage::AWS.hash_to_acl(acl)
else
if !['private', 'public-read', 'public-read-write', 'authenticated-read'].include?(acl)
raise Excon::Errors::BadRequest.new('invalid x-amz-acl')
end
self.data[:acls][:bucket][bucket_name] = acl
end
end
end
end
end
end
end

View file

@ -3,6 +3,8 @@ module Fog
class AWS
class Real
require 'fog/aws/requests/storage/hash_to_acl'
# Change access control list for an S3 object
#
# ==== Parameters
@ -21,6 +23,7 @@ module Fog
# or
# * 'URI'<~String> - URI of group to grant access for
# * Permission<~String> - Permission, in [FULL_CONTROL, WRITE, WRITE_ACP, READ, READ_ACP]
# * acl<~String> - Permissions, must be in ['private', 'public-read', 'public-read-write', 'authenticated-read']
# * options<~Hash>:
# * 'versionId'<~String> - specify a particular version to retrieve
#
@ -33,53 +36,47 @@ module Fog
query['versionId'] = version_id
end
data =
<<-DATA
<AccessControlPolicy>
<Owner>
<ID>#{acl['Owner']['ID']}</ID>
<DisplayName>#{acl['Owner']['DisplayName']}</DisplayName>
</Owner>
<AccessControlList>
DATA
data = ""
headers = {}
acl['AccessControlList'].each do |grant|
data << " <Grant>"
type = case grant['Grantee'].keys.sort
when ['DisplayName', 'ID']
'CanonicalUser'
when ['EmailAddress']
'AmazonCustomerByEmail'
when ['URI']
'Group'
if acl.is_a?(Hash)
data = Fog::Storage::AWS.hash_to_acl(acl)
else
if !['private', 'public-read', 'public-read-write', 'authenticated-read'].include?(acl)
raise Excon::Errors::BadRequest.new('invalid x-amz-acl')
end
data << " <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"#{type}\">"
for key, value in grant['Grantee']
data << " <#{key}>#{value}</#{key}>"
end
data << " </Grantee>"
data << " <Permission>#{grant['Permission']}</Permission>"
data << " </Grant>"
headers['x-amz-acl'] = acl
end
data <<
<<-DATA
</AccessControlList>
</AccessControlPolicy>
DATA
headers['Content-MD5'] = Base64.encode64(Digest::MD5.digest(data)).strip
headers['Content-Type'] = 'application/json'
headers['Date'] = Fog::Time.now.to_date_header
request({
:body => data,
:expects => 200,
:headers => {},
:headers => headers,
:host => "#{bucket_name}.#{@host}",
:method => 'PUT',
:path => CGI.escape(object_name),
:query => query
})
end
end
class Mock
def put_object_acl(bucket_name, object_name, acl, options = {})
if acl.is_a?(Hash)
self.data[:acls][:object][bucket_name][object_name] = Fog::Storage::AWS.hash_to_acl(acl)
else
if !['private', 'public-read', 'public-read-write', 'authenticated-read'].include?(acl)
raise Excon::Errors::BadRequest.new('invalid x-amz-acl')
end
self.data[:acls][:object][bucket_name][object_name] = acl
end
end
end
end
end
end
end

View file

@ -128,6 +128,39 @@ Shindo.tests('Fog::Storage[:aws] | bucket requests', [:aws]) do
Fog::Storage[:aws].delete_bucket('fogbuckettests')
end
tests("#put_bucket_acl('fogbuckettests', 'private')").succeeds do
Fog::Storage[:aws].put_bucket_acl('fogbuckettests', 'private')
end
tests("#put_bucket_acl('fogbuckettests', hash)").returns(true) do
Fog::Storage[:aws].put_bucket_acl('fogbuckettests', {
'Owner' => { 'ID' => "8a6925ce4adf5f21c32aa379004fef", 'DisplayName' => "mtd@amazon.com" },
'AccessControlList' => [
{
'Grantee' => { 'ID' => "8a6925ce4adf588a4532142d3f74dd8c71fa124b1ddee97f21c32aa379004fef", 'DisplayName' => "mtd@amazon.com" },
'Permission' => "FULL_CONTROL"
}
]
})
Fog::Storage[:aws].get_bucket_acl('fogbuckettests').body == <<-BODY
<AccessControlPolicy>
<Owner>
<ID>8a6925ce4adf5f21c32aa379004fef</ID>
<DisplayName>mtd@amazon.com</DisplayName>
</Owner>
<AccessControlList>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
<ID>8a6925ce4adf588a4532142d3f74dd8c71fa124b1ddee97f21c32aa379004fef</ID>
<DisplayName>mtd@amazon.com</DisplayName>
</Grantee>
<Permission>FULL_CONTROL</Permission>
</Grant>
</AccessControlList>
</AccessControlPolicy>
BODY
end
end
tests('failure') do
@ -162,6 +195,10 @@ Shindo.tests('Fog::Storage[:aws] | bucket requests', [:aws]) do
Fog::Storage[:aws].put_request_payment('fognonbucket', 'Requester')
end
tests("#put_bucket_acl('fognonbucket', 'invalid')").raises(Excon::Errors::BadRequest) do
Fog::Storage[:aws].put_bucket_acl('fognonbucket', 'invalid')
end
end
end

View file

@ -30,6 +30,38 @@ Shindo.tests('AWS::Storage | object requests', ['aws']) do
Fog::Storage[:aws].head_object(@directory.identity, 'fog_object')
end
tests("#put_object_acl('#{@directory.identity}', 'fog_object', 'private')").succeeds do
Fog::Storage[:aws].put_object_acl(@directory.identity, 'fog_object', 'private')
end
tests("#put_object_acl('#{@directory.identity}', 'fog_object', hash)").returns(true) do
Fog::Storage[:aws].put_object_acl(@directory.identity, 'fog_object', {
'Owner' => { 'ID' => "8a6925ce4adf5f21c32aa379004fef", 'DisplayName' => "mtd@amazon.com" },
'AccessControlList' => [
{
'Grantee' => { 'ID' => "8a6925ce4adf588a4532142d3f74dd8c71fa124b1ddee97f21c32aa379004fef", 'DisplayName' => "mtd@amazon.com" },
'Permission' => "FULL_CONTROL"
}
]})
Fog::Storage[:aws].get_object_acl(@directory.identity, 'fog_object').body == <<-BODY
<AccessControlPolicy>
<Owner>
<ID>8a6925ce4adf5f21c32aa379004fef</ID>
<DisplayName>mtd@amazon.com</DisplayName>
</Owner>
<AccessControlList>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
<ID>8a6925ce4adf588a4532142d3f74dd8c71fa124b1ddee97f21c32aa379004fef</ID>
<DisplayName>mtd@amazon.com</DisplayName>
</Grantee>
<Permission>FULL_CONTROL</Permission>
</Grant>
</AccessControlList>
</AccessControlPolicy>
BODY
end
tests("#delete_object('#{@directory.identity}', 'fog_object')").succeeds do
Fog::Storage[:aws].delete_object(@directory.identity, 'fog_object')
end
@ -74,6 +106,10 @@ Shindo.tests('AWS::Storage | object requests', ['aws']) do
Fog::Storage[:aws].delete_object('fognonbucket', 'fog_non_object')
end
tests("#put_object_acl('#{@directory.identity}', 'fog_object', 'invalid')").raises(Excon::Errors::BadRequest) do
Fog::Storage[:aws].put_object_acl('#{@directory.identity}', 'fog_object', 'invalid')
end
end
@directory.destroy