1
0
Fork 0
mirror of https://github.com/fog/fog.git synced 2022-11-09 13:51:43 -05:00

Updated put_bucket_acl to support canned ACLs.

This commit is contained in:
dblock 2011-08-23 10:29:51 -04:00
parent 181a9b83f3
commit 98719f727d
3 changed files with 98 additions and 21 deletions

View file

@ -20,11 +20,16 @@ module Fog
# or
# * 'URI'<~String> - URI of group to grant access for
# * Permission<~String> - Permission, in [FULL_CONTROL, WRITE, WRITE_ACP, READ, READ_ACP]
# * acl<~String> - Permissions, must be in ['private', 'public-read', 'public-read-write', 'authenticated-read']
#
# ==== See Also
# http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTacl.html
def put_bucket_acl(bucket_name, acl)
data = ""
headers = {}
if acl.is_a?(Hash)
data =
<<-DATA
<AccessControlPolicy>
@ -36,7 +41,7 @@ module Fog
DATA
acl['AccessControlList'].each do |grant|
data << " <Grant>"
data << " <Grant>\n"
type = case grant['Grantee'].keys.sort
when ['DisplayName', 'ID']
'CanonicalUser'
@ -45,13 +50,13 @@ DATA
when ['URI']
'Group'
end
data << " <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"#{type}\">"
data << " <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"#{type}\">\n"
for key, value in grant['Grantee']
data << " <#{key}>#{value}</#{key}>"
data << " <#{key}>#{value}</#{key}>\n"
end
data << " </Grantee>"
data << " <Permission>#{grant['Permission']}</Permission>"
data << " </Grant>"
data << " </Grantee>\n"
data << " <Permission>#{grant['Permission']}</Permission>\n"
data << " </Grant>\n"
end
data <<
@ -59,11 +64,21 @@ DATA
</AccessControlList>
</AccessControlPolicy>
DATA
else
if !['private', 'public-read', 'public-read-write', 'authenticated-read'].include?(acl)
raise Excon::Errors::BadRequest.new('invalid x-amz-acl')
end
headers['x-amz-acl'] = acl
end
headers['Content-MD5'] = Base64.encode64(Digest::MD5.digest(data)).strip
headers['Content-Type'] = 'application/json'
headers['Date'] = Fog::Time.now.to_date_header
request({
:body => data,
:expects => 200,
:headers => {},
:headers => headers,
:host => "#{bucket_name}.#{@host}",
:method => 'PUT',
:query => {'acl' => nil}

View file

@ -79,7 +79,7 @@ DATA
headers['x-amz-acl'] = acl
end
headers['Content-MD5'] = Base64.encode64(Digest::MD5.digest('')).strip
headers['Content-MD5'] = Base64.encode64(Digest::MD5.digest(data)).strip
headers['Content-Type'] = 'application/json'
headers['Date'] = Fog::Time.now.to_date_header

View file

@ -0,0 +1,62 @@
require 'spec_helper'
require 'storage/aws/aws_spec_helper'
describe Fog::Storage::AWS do
describe "canned ACL" do
it "should raise an error with an invalid canned ACL" do
lambda {
aws_storage.put_bucket_acl('bucket', 'invalid')
}.should raise_error(Excon::Errors::BadRequest, "invalid x-amz-acl")
end
it "should produce a request with an x-amz-acl header" do
hash = aws_storage.put_bucket_acl('bucket', 'private')
hash[:body].should == ""
hash[:expects].should == 200
hash[:headers]["x-amz-acl"].should == "private"
hash[:headers]["Content-Type"].should == "application/json"
hash[:host].should == "bucket.s3.amazonaws.com"
hash[:method].should == "PUT"
hash[:path].should be_nil
hash[:query].should == { "acl" => nil }
end
end
describe "xml ACL" do
it "sends valid ACL XML" do
hash = aws_storage.put_bucket_acl('bucket', {
'Owner' => { 'ID' => "8a6925ce4adf5f21c32aa379004fef", 'DisplayName' => "mtd@amazon.com" },
'AccessControlList' => [
{
'Grantee' => { 'ID' => "8a6925ce4adf588a4532142d3f74dd8c71fa124b1ddee97f21c32aa379004fef", 'DisplayName' => "mtd@amazon.com" },
'Permission' => "FULL_CONTROL"
}
]
})
hash[:body].should == <<-BODY
<AccessControlPolicy>
<Owner>
<ID>8a6925ce4adf5f21c32aa379004fef</ID>
<DisplayName>mtd@amazon.com</DisplayName>
</Owner>
<AccessControlList>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
<ID>8a6925ce4adf588a4532142d3f74dd8c71fa124b1ddee97f21c32aa379004fef</ID>
<DisplayName>mtd@amazon.com</DisplayName>
</Grantee>
<Permission>FULL_CONTROL</Permission>
</Grant>
</AccessControlList>
</AccessControlPolicy>
BODY
hash[:expects].should == 200
hash[:headers]["Content-Type"].should == "application/json"
hash[:host].should == "bucket.s3.amazonaws.com"
hash[:method].should == "PUT"
hash[:path].should be_nil
hash[:query].should == { "acl" => nil }
end
end
end