Example 11 with Grant
use of com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant in project ksan by infinistor.
the class S3Request method isGrant.
protected boolean isGrant(String id, String s3grant) throws GWException {
if (dstBucket == null) {
return false;
}
XmlMapper xmlMapper = new XmlMapper();
try {
accessControlPolicy = xmlMapper.readValue(dstBucket.getAcl(), AccessControlPolicy.class);
} catch (JsonMappingException e) {
logger.error(e.getMessage());
new GWException(GWErrorCode.INTERNAL_SERVER_ERROR, s3Parameter);
} catch (JsonProcessingException e) {
logger.error(e.getMessage());
new GWException(GWErrorCode.INTERNAL_SERVER_ERROR, s3Parameter);
}
logger.info(GWConstants.LOG_REQUEST_CHECK_ACL_ID_GRANT, id, s3grant);
logger.info(GWConstants.LOG_REQUEST_BUCKET_ACL, dstBucket.getAcl());
logger.info(GWConstants.LOG_REQUEST_BUCKET_OWNER_ID, accessControlPolicy.owner.id);
if (accessControlPolicy.owner.id.compareTo(id) == 0) {
// owner has full-grant
return true;
}
switch(s3grant) {
case GWConstants.GRANT_READ:
for (Grant grant : accessControlPolicy.aclList.grants) {
if (grant.permission.compareTo(GWConstants.GRANT_FULL_CONTROL) == 0) {
if (grant.grantee.type.compareTo(GWConstants.GROUP) == 0) {
if (grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_ALL_USERS) == 0 || grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS) == 0) {
return true;
}
} else if (grant.grantee.type.compareTo(GWConstants.CANONICAL_USER) == 0) {
if (grant.grantee.id.compareTo(id) == 0) {
return true;
}
}
} else if (grant.permission.compareTo(GWConstants.GRANT_READ) == 0) {
if (grant.grantee.type.compareTo(GWConstants.GROUP) == 0) {
if (grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_ALL_USERS) == 0 || grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS) == 0) {
return true;
}
} else if (grant.grantee.type.compareTo(GWConstants.CANONICAL_USER) == 0) {
if (grant.grantee.id.compareTo(id) == 0) {
return true;
}
}
}
}
break;
case GWConstants.GRANT_WRITE:
for (Grant grant : accessControlPolicy.aclList.grants) {
if (grant.permission.compareTo(GWConstants.GRANT_FULL_CONTROL) == 0) {
if (grant.grantee.type.compareTo(GWConstants.GROUP) == 0) {
if (grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_ALL_USERS) == 0 || grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS) == 0) {
return true;
}
} else if (grant.grantee.type.compareTo(GWConstants.CANONICAL_USER) == 0) {
if (grant.grantee.id.compareTo(id) == 0) {
return true;
}
}
} else if (grant.permission.compareTo(GWConstants.GRANT_WRITE) == 0) {
if (grant.grantee.type.compareTo(GWConstants.GROUP) == 0) {
if (grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_ALL_USERS) == 0 || grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS) == 0) {
return true;
}
} else if (grant.grantee.type.compareTo(GWConstants.CANONICAL_USER) == 0) {
if (grant.grantee.id.compareTo(id) == 0) {
return true;
}
}
}
}
break;
case GWConstants.GRANT_READ_ACP:
for (Grant grant : accessControlPolicy.aclList.grants) {
if (grant.permission.compareTo(GWConstants.GRANT_FULL_CONTROL) == 0) {
if (grant.grantee.type.compareTo(GWConstants.GROUP) == 0) {
if (grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_ALL_USERS) == 0 || grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS) == 0) {
return true;
}
} else if (grant.grantee.type.compareTo(GWConstants.CANONICAL_USER) == 0) {
if (grant.grantee.id.compareTo(id) == 0) {
return true;
}
}
} else if (grant.permission.compareTo(GWConstants.GRANT_READ_ACP) == 0) {
if (grant.grantee.type.compareTo(GWConstants.GROUP) == 0) {
if (grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_ALL_USERS) == 0 || grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS) == 0) {
return true;
}
} else if (grant.grantee.type.compareTo(GWConstants.CANONICAL_USER) == 0) {
if (grant.grantee.id.compareTo(id) == 0) {
return true;
}
}
}
}
break;
case GWConstants.GRANT_WRITE_ACP:
for (Grant grant : accessControlPolicy.aclList.grants) {
if (grant.permission.compareTo(GWConstants.GRANT_FULL_CONTROL) == 0) {
if (grant.grantee.type.compareTo(GWConstants.GROUP) == 0) {
if (grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_ALL_USERS) == 0 || grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS) == 0) {
return true;
}
} else if (grant.grantee.type.compareTo(GWConstants.CANONICAL_USER) == 0) {
if (grant.grantee.id.compareTo(id) == 0) {
return true;
}
}
} else if (grant.permission.compareTo(GWConstants.GRANT_WRITE_ACP) == 0) {
if (grant.grantee.type.compareTo(GWConstants.GROUP) == 0) {
if (grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_ALL_USERS) == 0 || grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS) == 0) {
return true;
}
} else if (grant.grantee.type.compareTo(GWConstants.CANONICAL_USER) == 0) {
if (grant.grantee.id.compareTo(id) == 0) {
return true;
}
}
}
}
break;
case GWConstants.GRANT_FULL_CONTROL:
for (Grant grant : accessControlPolicy.aclList.grants) {
if (grant.grantee.type.compareTo(GWConstants.GROUP) == 0) {
if (grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_ALL_USERS) == 0 || grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS) == 0) {
return true;
}
} else if (grant.grantee.type.compareTo(GWConstants.CANONICAL_USER) == 0) {
if (grant.grantee.id.compareTo(id) == 0) {
return true;
}
}
}
break;
default:
logger.error(GWConstants.LOG_REQUEST_GRANT_NOT_DEFINED, s3grant);
new GWException(GWErrorCode.INTERNAL_SERVER_ERROR, s3Parameter);
}
return false;
}
Also used :
Grant(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant)
AccessControlPolicy(com.pspace.ifs.ksan.gw.format.AccessControlPolicy)
JsonMappingException(com.fasterxml.jackson.databind.JsonMappingException)
GWException(com.pspace.ifs.ksan.gw.exception.GWException)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
XmlMapper(com.fasterxml.jackson.dataformat.xml.XmlMapper)
Aggregations
Grant (com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant)11
GWException (com.pspace.ifs.ksan.gw.exception.GWException)10
AccessControlPolicy (com.pspace.ifs.ksan.gw.format.AccessControlPolicy)9
JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)7
AccessControlList (com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList)6
Owner (com.pspace.ifs.ksan.gw.format.AccessControlPolicy.Owner)6
XmlMapper (com.fasterxml.jackson.dataformat.xml.XmlMapper)5
S3Bucket (com.pspace.ifs.ksan.gw.identity.S3Bucket)5
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)4
Metadata (com.pspace.ifs.ksan.objmanager.Metadata)4
Grantee (com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant.Grantee)3
S3Metadata (com.pspace.ifs.ksan.gw.identity.S3Metadata)3
IOException (java.io.IOException)3
JsonMappingException (com.fasterxml.jackson.databind.JsonMappingException)2
S3Object (com.pspace.ifs.ksan.gw.object.S3Object)2
S3ObjectOperation (com.pspace.ifs.ksan.gw.object.S3ObjectOperation)2
Writer (java.io.Writer)2
XMLOutputFactory (javax.xml.stream.XMLOutputFactory)2
XMLStreamException (javax.xml.stream.XMLStreamException)2
XMLStreamWriter (javax.xml.stream.XMLStreamWriter)2
