mirror of https://github.com/apache/jclouds.git
Issue 47: corrected acl tests to work when james isn't running them :)
git-svn-id: http://jclouds.googlecode.com/svn/trunk@1436 3d8758e0-26b5-11de-8745-db77d3ebf521
This commit is contained in:
parent
e09669ca7b
commit
703606cb79
|
@ -41,10 +41,10 @@ import com.google.common.collect.Collections2;
|
||||||
/**
|
/**
|
||||||
* An Access Control List (ACL) describes the access control settings for a bucket or object in S3.
|
* An Access Control List (ACL) describes the access control settings for a bucket or object in S3.
|
||||||
*
|
*
|
||||||
* ACL settings comprise a set of {@link Grant}s, each of which specifies a {@link Permission}
|
* ACL settings comprise a set of {@link Grant}s, each of which specifies a {@link Permission} that
|
||||||
* that has been granted to a specific {@link Grantee}. If an entity tries to access or modify an
|
* has been granted to a specific {@link Grantee}. If an entity tries to access or modify an item in
|
||||||
* item in S3, the operation will be denied unless the item has ACL settings that explicitly
|
* S3, the operation will be denied unless the item has ACL settings that explicitly permit that
|
||||||
* permit that entity to perform that action.
|
* entity to perform that action.
|
||||||
*
|
*
|
||||||
*
|
*
|
||||||
* @author James Murty
|
* @author James Murty
|
||||||
|
@ -56,9 +56,6 @@ public class AccessControlList {
|
||||||
private CanonicalUser owner;
|
private CanonicalUser owner;
|
||||||
private final List<Grant> grants = new ArrayList<Grant>();
|
private final List<Grant> grants = new ArrayList<Grant>();
|
||||||
|
|
||||||
public AccessControlList() {
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setOwner(CanonicalUser owner) {
|
public void setOwner(CanonicalUser owner) {
|
||||||
this.owner = owner;
|
this.owner = owner;
|
||||||
}
|
}
|
||||||
|
@ -113,11 +110,11 @@ public class AccessControlList {
|
||||||
* Revoke a permission for the given grantee, if this specific permission was granted.
|
* Revoke a permission for the given grantee, if this specific permission was granted.
|
||||||
*
|
*
|
||||||
* Note that you must be very explicit about the permissions you revoke, you cannot revoke
|
* Note that you must be very explicit about the permissions you revoke, you cannot revoke
|
||||||
* partial permissions and expect this class to determine the implied remaining permissions.
|
* partial permissions and expect this class to determine the implied remaining permissions. For
|
||||||
* For example, if you revoke the {@link Permission#READ} permission from a grantee with
|
* example, if you revoke the {@link Permission#READ} permission from a grantee with
|
||||||
* {@link Permission#FULL_CONTROL} access, <strong>the revocation will do nothing</strong>
|
* {@link Permission#FULL_CONTROL} access, <strong>the revocation will do nothing</strong> and
|
||||||
* and the grantee will retain full access. To change the access settings for this grantee,
|
* the grantee will retain full access. To change the access settings for this grantee, you must
|
||||||
* you must first remove the {@link Permission#FULL_CONTROL} permission the add back the
|
* first remove the {@link Permission#FULL_CONTROL} permission the add back the
|
||||||
* {@link Permission#READ} permission.
|
* {@link Permission#READ} permission.
|
||||||
*
|
*
|
||||||
* @param grantee
|
* @param grantee
|
||||||
|
@ -138,19 +135,18 @@ public class AccessControlList {
|
||||||
* Revoke a permission for the given group grantee, if this specific permission was granted.
|
* Revoke a permission for the given group grantee, if this specific permission was granted.
|
||||||
*
|
*
|
||||||
* Note that you must be very explicit about the permissions you revoke, you cannot revoke
|
* Note that you must be very explicit about the permissions you revoke, you cannot revoke
|
||||||
* partial permissions and expect this class to determine the implied remaining permissions.
|
* partial permissions and expect this class to determine the implied remaining permissions. For
|
||||||
* For example, if you revoke the {@link Permission#READ} permission from a grantee with
|
* example, if you revoke the {@link Permission#READ} permission from a grantee with
|
||||||
* {@link Permission#FULL_CONTROL} access, <strong>the revocation will do nothing</strong>
|
* {@link Permission#FULL_CONTROL} access, <strong>the revocation will do nothing</strong> and
|
||||||
* and the grantee will retain full access. To change the access settings for this grantee,
|
* the grantee will retain full access. To change the access settings for this grantee, you must
|
||||||
* you must first remove the {@link Permission#FULL_CONTROL} permission the add back the
|
* first remove the {@link Permission#FULL_CONTROL} permission the add back the
|
||||||
* {@link Permission#READ} permission.
|
* {@link Permission#READ} permission.
|
||||||
*
|
*
|
||||||
* @param groupGranteeURI
|
* @param groupGranteeURI
|
||||||
* @param permission
|
* @param permission
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
public AccessControlList revokePermission(GroupGranteeURI groupGranteeURI, Permission permission)
|
public AccessControlList revokePermission(GroupGranteeURI groupGranteeURI, Permission permission) {
|
||||||
{
|
|
||||||
return revokePermission(new GroupGrantee(groupGranteeURI), permission);
|
return revokePermission(new GroupGrantee(groupGranteeURI), permission);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -168,22 +164,20 @@ public class AccessControlList {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param granteeId
|
* @param granteeId
|
||||||
* @return
|
* @return the permissions assigned to a grantee, as identified by the given ID.
|
||||||
* the permissions assigned to a grantee, as identified by the given ID.
|
|
||||||
*/
|
*/
|
||||||
public Collection<Permission> getPermissions(String granteeId) {
|
public Collection<Permission> getPermissions(String granteeId) {
|
||||||
Collection<Grant> grantsForGrantee = findGrantsForGrantee(granteeId);
|
Collection<Grant> grantsForGrantee = findGrantsForGrantee(granteeId);
|
||||||
return Collections2.transform(grantsForGrantee, new Function<Grant, Permission>() {
|
return Collections2.transform(grantsForGrantee, new Function<Grant, Permission>() {
|
||||||
public Permission apply(Grant g) {
|
public Permission apply(Grant g) {
|
||||||
return g.getPermission();
|
return g.getPermission();
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param grantee
|
* @param grantee
|
||||||
* @return
|
* @return the permissions assigned to a grantee.
|
||||||
* the permissions assigned to a grantee.
|
|
||||||
*/
|
*/
|
||||||
public Collection<Permission> getPermissions(Grantee grantee) {
|
public Collection<Permission> getPermissions(Grantee grantee) {
|
||||||
return getPermissions(grantee.getIdentifier());
|
return getPermissions(grantee.getIdentifier());
|
||||||
|
@ -191,8 +185,7 @@ public class AccessControlList {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param granteeURI
|
* @param granteeURI
|
||||||
* @return
|
* @return the permissions assigned to a group grantee.
|
||||||
* the permissions assigned to a group grantee.
|
|
||||||
*/
|
*/
|
||||||
public Collection<Permission> getPermissions(GroupGranteeURI granteeURI) {
|
public Collection<Permission> getPermissions(GroupGranteeURI granteeURI) {
|
||||||
return getPermissions(granteeURI.getIdentifier());
|
return getPermissions(granteeURI.getIdentifier());
|
||||||
|
@ -201,8 +194,7 @@ public class AccessControlList {
|
||||||
/**
|
/**
|
||||||
* @param granteeId
|
* @param granteeId
|
||||||
* @param permission
|
* @param permission
|
||||||
* @return
|
* @return true if the grantee has the given permission.
|
||||||
* true if the grantee has the given permission.
|
|
||||||
*/
|
*/
|
||||||
public boolean hasPermission(String granteeId, Permission permission) {
|
public boolean hasPermission(String granteeId, Permission permission) {
|
||||||
return getPermissions(granteeId).contains(permission);
|
return getPermissions(granteeId).contains(permission);
|
||||||
|
@ -211,38 +203,35 @@ public class AccessControlList {
|
||||||
/**
|
/**
|
||||||
* @param grantee
|
* @param grantee
|
||||||
* @param permission
|
* @param permission
|
||||||
* @return
|
* @return true if the grantee has the given permission.
|
||||||
* true if the grantee has the given permission.
|
|
||||||
*/
|
*/
|
||||||
public boolean hasPermission(Grantee grantee, Permission permission) {
|
public boolean hasPermission(Grantee grantee, Permission permission) {
|
||||||
return hasPermission(grantee.getIdentifier(), permission);
|
return hasPermission(grantee.getIdentifier(), permission);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param granteeURI
|
* @param granteeURI
|
||||||
* @param permission
|
* @param permission
|
||||||
* @return
|
* @return true if the grantee has the given permission.
|
||||||
* true if the grantee has the given permission.
|
|
||||||
*/
|
*/
|
||||||
public boolean hasPermission(GroupGranteeURI granteeURI, Permission permission) {
|
public boolean hasPermission(GroupGranteeURI granteeURI, Permission permission) {
|
||||||
return getPermissions(granteeURI.getIdentifier()).contains(permission);
|
return getPermissions(granteeURI.getIdentifier()).contains(permission);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Find all the grants for a given grantee, identified by an ID which allows all Grantee
|
* Find all the grants for a given grantee, identified by an ID which allows all Grantee types to
|
||||||
* types to be searched.
|
* be searched.
|
||||||
*
|
*
|
||||||
* @param granteeId
|
* @param granteeId
|
||||||
* identifier of a canonical user, email address user, or group.
|
* identifier of a canonical user, email address user, or group.
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
protected Collection<Grant> findGrantsForGrantee(final String granteeId) {
|
protected Collection<Grant> findGrantsForGrantee(final String granteeId) {
|
||||||
return Collections2.filter(grants, new Predicate<Grant>() {
|
return Collections2.filter(grants, new Predicate<Grant>() {
|
||||||
public boolean apply(Grant g) {
|
public boolean apply(Grant g) {
|
||||||
return g.getGrantee().getIdentifier().equals(granteeId);
|
return g.getGrantee().getIdentifier().equals(granteeId);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -252,9 +241,8 @@ public class AccessControlList {
|
||||||
* @param ownerId
|
* @param ownerId
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
public static AccessControlList fromCannedAccessPolicy(
|
public static AccessControlList fromCannedAccessPolicy(CannedAccessPolicy cannedAP,
|
||||||
CannedAccessPolicy cannedAP, String ownerId)
|
String ownerId) {
|
||||||
{
|
|
||||||
AccessControlList acl = new AccessControlList();
|
AccessControlList acl = new AccessControlList();
|
||||||
acl.setOwner(new CanonicalUser(ownerId));
|
acl.setOwner(new CanonicalUser(ownerId));
|
||||||
|
|
||||||
|
@ -274,15 +262,16 @@ public class AccessControlList {
|
||||||
return acl;
|
return acl;
|
||||||
}
|
}
|
||||||
|
|
||||||
///////////////////////////////////////////////////////////////////////////////
|
// /////////////////////////////////////////////////////////////////////////////
|
||||||
// Class and Enum declarations to represent Grants, Grantees and Permissions //
|
// Class and Enum declarations to represent Grants, Grantees and Permissions //
|
||||||
///////////////////////////////////////////////////////////////////////////////
|
// /////////////////////////////////////////////////////////////////////////////
|
||||||
|
|
||||||
public static enum Permission {
|
public static enum Permission {
|
||||||
READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL;
|
READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL;
|
||||||
};
|
};
|
||||||
|
|
||||||
public static class Grant implements Comparable<Grant> {
|
public static class Grant implements Comparable<Grant> {
|
||||||
|
|
||||||
private Grantee grantee;
|
private Grantee grantee;
|
||||||
private final Permission permission;
|
private final Permission permission;
|
||||||
|
|
||||||
|
@ -304,6 +293,16 @@ public class AccessControlList {
|
||||||
return permission;
|
return permission;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String toString() {
|
||||||
|
final StringBuilder sb = new StringBuilder();
|
||||||
|
sb.append("Grant");
|
||||||
|
sb.append("{grantee=").append(grantee);
|
||||||
|
sb.append(", permission=").append(permission);
|
||||||
|
sb.append('}');
|
||||||
|
return sb.toString();
|
||||||
|
}
|
||||||
|
|
||||||
public int compareTo(org.jclouds.aws.s3.domain.AccessControlList.Grant o) {
|
public int compareTo(org.jclouds.aws.s3.domain.AccessControlList.Grant o) {
|
||||||
if (this == o) {
|
if (this == o) {
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -326,6 +325,15 @@ public class AccessControlList {
|
||||||
return identifier;
|
return identifier;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String toString() {
|
||||||
|
final StringBuilder sb = new StringBuilder();
|
||||||
|
sb.append("Grantee");
|
||||||
|
sb.append("{identifier='").append(identifier).append('\'');
|
||||||
|
sb.append('}');
|
||||||
|
return sb.toString();
|
||||||
|
}
|
||||||
|
|
||||||
public int compareTo(org.jclouds.aws.s3.domain.AccessControlList.Grantee o) {
|
public int compareTo(org.jclouds.aws.s3.domain.AccessControlList.Grantee o) {
|
||||||
return (this == o) ? 0 : getIdentifier().compareTo(o.getIdentifier());
|
return (this == o) ? 0 : getIdentifier().compareTo(o.getIdentifier());
|
||||||
}
|
}
|
||||||
|
@ -356,12 +364,22 @@ public class AccessControlList {
|
||||||
public String getDisplayName() {
|
public String getDisplayName() {
|
||||||
return displayName;
|
return displayName;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String toString() {
|
||||||
|
final StringBuilder sb = new StringBuilder();
|
||||||
|
sb.append("CanonicalUserGrantee");
|
||||||
|
sb.append("{displayName='").append(displayName).append('\'');
|
||||||
|
sb.append(", identifier='").append(getIdentifier()).append('\'');
|
||||||
|
|
||||||
|
sb.append('}');
|
||||||
|
return sb.toString();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public enum GroupGranteeURI {
|
public enum GroupGranteeURI {
|
||||||
ALL_USERS ("http://acs.amazonaws.com/groups/global/AllUsers"),
|
ALL_USERS("http://acs.amazonaws.com/groups/global/AllUsers"), AUTHENTICATED_USERS(
|
||||||
AUTHENTICATED_USERS ("http://acs.amazonaws.com/groups/global/AuthenticatedUsers"),
|
"http://acs.amazonaws.com/groups/global/AuthenticatedUsers"), LOG_DELIVERY(
|
||||||
LOG_DELIVERY ("http://acs.amazonaws.com/groups/s3/LogDelivery");
|
"http://acs.amazonaws.com/groups/s3/LogDelivery");
|
||||||
|
|
||||||
private final String uri;
|
private final String uri;
|
||||||
|
|
||||||
|
@ -386,7 +404,6 @@ public class AccessControlList {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
public static class GroupGrantee extends Grantee {
|
public static class GroupGrantee extends Grantee {
|
||||||
|
|
||||||
public GroupGrantee(GroupGranteeURI groupURI) {
|
public GroupGrantee(GroupGranteeURI groupURI) {
|
||||||
|
@ -394,5 +411,13 @@ public class AccessControlList {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String toString() {
|
||||||
|
final StringBuilder sb = new StringBuilder();
|
||||||
|
sb.append("AccessControlList");
|
||||||
|
sb.append("{owner=").append(owner);
|
||||||
|
sb.append(", grants=").append(grants);
|
||||||
|
sb.append('}');
|
||||||
|
return sb.toString();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -44,13 +44,13 @@ import org.testng.annotations.Test;
|
||||||
*
|
*
|
||||||
* @author James Murty
|
* @author James Murty
|
||||||
*/
|
*/
|
||||||
@Test(groups = {"integration", "live"}, testName = "s3.PutAccessControlListIntegrationTest")
|
@Test(groups = { "integration", "live" }, testName = "s3.PutAccessControlListIntegrationTest")
|
||||||
public class PutAccessControlListIntegrationTest extends S3IntegrationTest {
|
public class PutAccessControlListIntegrationTest extends S3IntegrationTest {
|
||||||
|
String jamesId = "1a405254c932b52e5b5caaa88186bc431a1bacb9ece631f835daddaf0c47677c";
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void testUpdateBucketACL() throws InterruptedException, ExecutionException,
|
void testUpdateBucketACL() throws InterruptedException, ExecutionException, TimeoutException,
|
||||||
TimeoutException, IOException, Exception
|
IOException, Exception {
|
||||||
{
|
|
||||||
bucketName = bucketPrefix + ".testPrivateBucketACL".toLowerCase();
|
bucketName = bucketPrefix + ".testPrivateBucketACL".toLowerCase();
|
||||||
|
|
||||||
// Create default (private) bucket
|
// Create default (private) bucket
|
||||||
|
@ -62,29 +62,20 @@ public class PutAccessControlListIntegrationTest extends S3IntegrationTest {
|
||||||
assertEquals(acl.getGrants().size(), 1);
|
assertEquals(acl.getGrants().size(), 1);
|
||||||
assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL));
|
assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL));
|
||||||
|
|
||||||
// Update the bucket's ACL by adding grants.
|
addGrantsToACL(acl);
|
||||||
acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.READ);
|
|
||||||
acl.addPermission(new EmailAddressGrantee("james@misterm.org"), Permission.READ_ACP);
|
|
||||||
acl.addPermission(new CanonicalUserGrantee(ownerId), Permission.WRITE_ACP);
|
|
||||||
assertEquals(acl.getGrants().size(), 4);
|
assertEquals(acl.getGrants().size(), 4);
|
||||||
assertTrue(client.putBucketACL(bucketName, acl).get(10, TimeUnit.SECONDS));
|
assertTrue(client.putBucketACL(bucketName, acl).get(10, TimeUnit.SECONDS));
|
||||||
|
|
||||||
// Confirm that the updated ACL has stuck.
|
// Confirm that the updated ACL has stuck.
|
||||||
acl = client.getBucketACL(bucketName).get(10, TimeUnit.SECONDS);
|
acl = client.getBucketACL(bucketName).get(10, TimeUnit.SECONDS);
|
||||||
assertEquals(acl.getGrants().size(), 4);
|
checkGrants(acl);
|
||||||
assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL));
|
|
||||||
assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ));
|
|
||||||
assertTrue(acl.hasPermission(ownerId, Permission.WRITE_ACP));
|
|
||||||
// EmailAddressGrantee is replaced by a CanonicalUserGrantee, so we cannot test by email addr
|
|
||||||
assertTrue(acl.hasPermission(ownerId, Permission.READ_ACP));
|
|
||||||
|
|
||||||
emptyBucket(bucketName);
|
emptyBucket(bucketName);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void testUpdateObjectACL() throws InterruptedException, ExecutionException,
|
void testUpdateObjectACL() throws InterruptedException, ExecutionException, TimeoutException,
|
||||||
TimeoutException, IOException
|
IOException {
|
||||||
{
|
|
||||||
bucketName = bucketPrefix + ".testObjectACL".toLowerCase();
|
bucketName = bucketPrefix + ".testObjectACL".toLowerCase();
|
||||||
createBucketAndEnsureEmpty(bucketName);
|
createBucketAndEnsureEmpty(bucketName);
|
||||||
|
|
||||||
|
@ -92,32 +83,26 @@ public class PutAccessControlListIntegrationTest extends S3IntegrationTest {
|
||||||
|
|
||||||
// Private object
|
// Private object
|
||||||
addObjectToBucket(bucketName, objectKey);
|
addObjectToBucket(bucketName, objectKey);
|
||||||
AccessControlList acl = client.getObjectACL(bucketName, objectKey)
|
AccessControlList acl = client.getObjectACL(bucketName, objectKey).get(10, TimeUnit.SECONDS);
|
||||||
.get(10, TimeUnit.SECONDS);
|
|
||||||
String ownerId = acl.getOwner().getId();
|
String ownerId = acl.getOwner().getId();
|
||||||
|
|
||||||
assertEquals(acl.getGrants().size(), 1);
|
assertEquals(acl.getGrants().size(), 1);
|
||||||
assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL));
|
assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL));
|
||||||
|
|
||||||
// Update the object's ACL by adding grants.
|
addGrantsToACL(acl);
|
||||||
acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.READ);
|
assertEquals(acl.getGrants().size(), 4);
|
||||||
acl.addPermission(new EmailAddressGrantee("james@misterm.org"), Permission.READ_ACP);
|
|
||||||
acl.addPermission(new CanonicalUserGrantee(ownerId), Permission.WRITE_ACP);
|
|
||||||
assertTrue(client.putObjectACL(bucketName, objectKey, acl).get(10, TimeUnit.SECONDS));
|
assertTrue(client.putObjectACL(bucketName, objectKey, acl).get(10, TimeUnit.SECONDS));
|
||||||
|
|
||||||
// Confirm that the updated ACL has stuck.
|
// Confirm that the updated ACL has stuck.
|
||||||
acl = client.getObjectACL(bucketName, objectKey).get(10, TimeUnit.SECONDS);
|
acl = client.getObjectACL(bucketName, objectKey).get(10, TimeUnit.SECONDS);
|
||||||
assertEquals(acl.getGrants().size(), 4);
|
checkGrants(acl);
|
||||||
assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL));
|
|
||||||
assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ));
|
|
||||||
assertTrue(acl.hasPermission(ownerId, Permission.WRITE_ACP));
|
|
||||||
// EmailAddressGrantee is replaced by a CanonicalUserGrantee, so we cannot test by email addr
|
|
||||||
assertTrue(acl.hasPermission(ownerId, Permission.READ_ACP));
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Revoke all of owner's permissions!
|
* Revoke all of owner's permissions!
|
||||||
*/
|
*/
|
||||||
acl.revokeAllPermissions(new CanonicalUserGrantee(ownerId));
|
acl.revokeAllPermissions(new CanonicalUserGrantee(ownerId));
|
||||||
|
if (!ownerId.equals(jamesId))
|
||||||
|
acl.revokeAllPermissions(new CanonicalUserGrantee(jamesId));
|
||||||
assertEquals(acl.getGrants().size(), 1);
|
assertEquals(acl.getGrants().size(), 1);
|
||||||
// Only public read permission should remain...
|
// Only public read permission should remain...
|
||||||
assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ));
|
assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ));
|
||||||
|
@ -134,4 +119,23 @@ public class PutAccessControlListIntegrationTest extends S3IntegrationTest {
|
||||||
emptyBucket(bucketName);
|
emptyBucket(bucketName);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void checkGrants(AccessControlList acl) {
|
||||||
|
String ownerId = acl.getOwner().getId();
|
||||||
|
|
||||||
|
assertEquals(acl.getGrants().size(), 4);
|
||||||
|
|
||||||
|
assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL));
|
||||||
|
assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ));
|
||||||
|
assertTrue(acl.hasPermission(ownerId, Permission.WRITE_ACP));
|
||||||
|
// EmailAddressGrantee is replaced by a CanonicalUserGrantee, so we cannot test by email addr
|
||||||
|
assertTrue(acl.hasPermission(jamesId, Permission.READ_ACP));
|
||||||
|
}
|
||||||
|
|
||||||
|
private void addGrantsToACL(AccessControlList acl) {
|
||||||
|
String ownerId = acl.getOwner().getId();
|
||||||
|
acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.READ);
|
||||||
|
acl.addPermission(new EmailAddressGrantee("james@misterm.org"), Permission.READ_ACP);
|
||||||
|
acl.addPermission(new CanonicalUserGrantee(ownerId), Permission.WRITE_ACP);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
Loading…
Reference in New Issue