Google Git
Sign in
cobalt / depot_tools / 39a23508dc3503af629c0b4ac58105281a7fba90 / . / third_party / boto / gs / acl.py
blob: 047254cfa9b98a834a60130c5975555c4ec05126 [file] [log] [blame]
# Copyright 2010 Google Inc.
#
# Permission is hereby granted, free of charge, to any person obtaining a
# copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish, dis-
# tribute, sublicense, and/or sell copies of the Software, and to permit
# persons to whom the Software is furnished to do so, subject to the fol-
# lowing conditions:
#
# The above copyright notice and this permission notice shall be included
# in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL-
# ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
# SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
from boto.gs.user import User
from boto.exception import InvalidAclError
ACCESS_CONTROL_LIST = 'AccessControlList'
ALL_AUTHENTICATED_USERS = 'AllAuthenticatedUsers'
ALL_USERS = 'AllUsers'
DISPLAY_NAME = 'DisplayName'
DOMAIN = 'Domain'
EMAIL_ADDRESS = 'EmailAddress'
ENTRY = 'Entry'
ENTRIES = 'Entries'
GROUP_BY_DOMAIN = 'GroupByDomain'
GROUP_BY_EMAIL = 'GroupByEmail'
GROUP_BY_ID = 'GroupById'
ID = 'ID'
NAME = 'Name'
OWNER = 'Owner'
PERMISSION = 'Permission'
SCOPE = 'Scope'
TYPE = 'type'
USER_BY_EMAIL = 'UserByEmail'
USER_BY_ID = 'UserById'
CannedACLStrings = ['private', 'public-read', 'project-private',
'public-read-write', 'authenticated-read',
'bucket-owner-read', 'bucket-owner-full-control']
"""A list of Google Cloud Storage predefined (canned) ACL strings."""
SupportedPermissions = ['READ', 'WRITE', 'FULL_CONTROL']
"""A list of supported ACL permissions."""
class ACL:
def __init__(self, parent=None):
self.parent = parent
self.entries = []
@property
def acl(self):
return self
def __repr__(self):
# Owner is optional in GS ACLs.
if hasattr(self, 'owner'):
entries_repr = ['Owner:%s' % self.owner.__repr__()]
else:
entries_repr = ['']
acl_entries = self.entries
if acl_entries:
for e in acl_entries.entry_list:
entries_repr.append(e.__repr__())
return '<%s>' % ', '.join(entries_repr)
# Method with same signature as boto.s3.acl.ACL.add_email_grant(), to allow
# polymorphic treatment at application layer.
def add_email_grant(self, permission, email_address):
entry = Entry(type=USER_BY_EMAIL, email_address=email_address,
permission=permission)
self.entries.entry_list.append(entry)
# Method with same signature as boto.s3.acl.ACL.add_user_grant(), to allow
# polymorphic treatment at application layer.
def add_user_grant(self, permission, user_id):
entry = Entry(permission=permission, type=USER_BY_ID, id=user_id)
self.entries.entry_list.append(entry)
def add_group_email_grant(self, permission, email_address):
entry = Entry(type=GROUP_BY_EMAIL, email_address=email_address,
permission=permission)
self.entries.entry_list.append(entry)
def add_group_grant(self, permission, group_id):
entry = Entry(type=GROUP_BY_ID, id=group_id, permission=permission)
self.entries.entry_list.append(entry)
def startElement(self, name, attrs, connection):
if name.lower() == OWNER.lower():
self.owner = User(self)
return self.owner
elif name.lower() == ENTRIES.lower():
self.entries = Entries(self)
return self.entries
else:
return None
def endElement(self, name, value, connection):
if name.lower() == OWNER.lower():
pass
elif name.lower() == ENTRIES.lower():
pass
else:
setattr(self, name, value)
def to_xml(self):
s = '<%s>' % ACCESS_CONTROL_LIST
# Owner is optional in GS ACLs.
if hasattr(self, 'owner'):
s += self.owner.to_xml()
acl_entries = self.entries
if acl_entries:
s += acl_entries.to_xml()
s += '</%s>' % ACCESS_CONTROL_LIST
return s
class Entries:
def __init__(self, parent=None):
self.parent = parent
# Entries is the class that represents the same-named XML
# element. entry_list is the list within this class that holds the data.
self.entry_list = []
def __repr__(self):
entries_repr = []
for e in self.entry_list:
entries_repr.append(e.__repr__())
return '<Entries: %s>' % ', '.join(entries_repr)
def startElement(self, name, attrs, connection):
if name.lower() == ENTRY.lower():
entry = Entry(self)
self.entry_list.append(entry)
return entry
else:
return None
def endElement(self, name, value, connection):
if name.lower() == ENTRY.lower():
pass
else:
setattr(self, name, value)
def to_xml(self):
s = '<%s>' % ENTRIES
for entry in self.entry_list:
s += entry.to_xml()
s += '</%s>' % ENTRIES
return s
# Class that represents a single (Scope, Permission) entry in an ACL.
class Entry:
def __init__(self, scope=None, type=None, id=None, name=None,
email_address=None, domain=None, permission=None):
if not scope:
scope = Scope(self, type, id, name, email_address, domain)
self.scope = scope
self.permission = permission
def __repr__(self):
return '<%s: %s>' % (self.scope.__repr__(), self.permission.__repr__())
def startElement(self, name, attrs, connection):
if name.lower() == SCOPE.lower():
# The following if statement used to look like this:
# if not TYPE in attrs:
# which caused problems because older versions of the
# AttributesImpl class in the xml.sax library neglected to include
# a __contains__() method (which Python calls to implement the
# 'in' operator). So when you use the in operator, like the if
# statement above, Python invokes the __getiter__() method with
# index 0, which raises an exception. More recent versions of
# xml.sax include the __contains__() method, rendering the in
# operator functional. The work-around here is to formulate the
# if statement as below, which is the legal way to query
# AttributesImpl for containment (and is also how the added
# __contains__() method works). At one time gsutil disallowed
# xmlplus-based parsers, until this more specific problem was
# determined.
if TYPE not in attrs:
raise InvalidAclError('Missing "%s" in "%s" part of ACL' %
(TYPE, SCOPE))
self.scope = Scope(self, attrs[TYPE])
return self.scope
elif name.lower() == PERMISSION.lower():
pass
else:
return None
def endElement(self, name, value, connection):
if name.lower() == SCOPE.lower():
pass
elif name.lower() == PERMISSION.lower():
value = value.strip()
if not value in SupportedPermissions:
raise InvalidAclError('Invalid Permission "%s"' % value)
self.permission = value
else:
setattr(self, name, value)
def to_xml(self):
s = '<%s>' % ENTRY
s += self.scope.to_xml()
s += '<%s>%s</%s>' % (PERMISSION, self.permission, PERMISSION)
s += '</%s>' % ENTRY
return s
class Scope:
# Map from Scope type.lower() to lower-cased list of allowed sub-elems.
ALLOWED_SCOPE_TYPE_SUB_ELEMS = {
ALL_AUTHENTICATED_USERS.lower() : [],
ALL_USERS.lower() : [],
GROUP_BY_DOMAIN.lower() : [DOMAIN.lower()],
GROUP_BY_EMAIL.lower() : [
DISPLAY_NAME.lower(), EMAIL_ADDRESS.lower(), NAME.lower()],
GROUP_BY_ID.lower() : [DISPLAY_NAME.lower(), ID.lower(), NAME.lower()],
USER_BY_EMAIL.lower() : [
DISPLAY_NAME.lower(), EMAIL_ADDRESS.lower(), NAME.lower()],
USER_BY_ID.lower() : [DISPLAY_NAME.lower(), ID.lower(), NAME.lower()]
}
def __init__(self, parent, type=None, id=None, name=None,
email_address=None, domain=None):
self.parent = parent
self.type = type
self.name = name
self.id = id
self.domain = domain
self.email_address = email_address
if self.type.lower() not in self.ALLOWED_SCOPE_TYPE_SUB_ELEMS:
raise InvalidAclError('Invalid %s %s "%s" ' %
(SCOPE, TYPE, self.type))
def __repr__(self):
named_entity = None
if self.id:
named_entity = self.id
elif self.email_address:
named_entity = self.email_address
elif self.domain:
named_entity = self.domain
if named_entity:
return '<%s: %s>' % (self.type, named_entity)
else:
return '<%s>' % self.type
def startElement(self, name, attrs, connection):
if (not name.lower() in
self.ALLOWED_SCOPE_TYPE_SUB_ELEMS[self.type.lower()]):
raise InvalidAclError('Element "%s" not allowed in %s %s "%s" ' %
(name, SCOPE, TYPE, self.type))
return None
def endElement(self, name, value, connection):
value = value.strip()
if name.lower() == DOMAIN.lower():
self.domain = value
elif name.lower() == EMAIL_ADDRESS.lower():
self.email_address = value
elif name.lower() == ID.lower():
self.id = value
elif name.lower() == NAME.lower():
self.name = value
else:
setattr(self, name, value)
def to_xml(self):
s = '<%s type="%s">' % (SCOPE, self.type)
if (self.type.lower() == ALL_AUTHENTICATED_USERS.lower()
or self.type.lower() == ALL_USERS.lower()):
pass
elif self.type.lower() == GROUP_BY_DOMAIN.lower():
s += '<%s>%s</%s>' % (DOMAIN, self.domain, DOMAIN)
elif (self.type.lower() == GROUP_BY_EMAIL.lower()
or self.type.lower() == USER_BY_EMAIL.lower()):
s += '<%s>%s</%s>' % (EMAIL_ADDRESS, self.email_address,
EMAIL_ADDRESS)
if self.name:
s += '<%s>%s</%s>' % (NAME, self.name, NAME)
elif (self.type.lower() == GROUP_BY_ID.lower()
or self.type.lower() == USER_BY_ID.lower()):
s += '<%s>%s</%s>' % (ID, self.id, ID)
if self.name:
s += '<%s>%s</%s>' % (NAME, self.name, NAME)
else:
raise InvalidAclError('Invalid scope type "%s" ', self.type)
s += '</%s>' % SCOPE
return s