diff options
Diffstat (limited to 'vendor/github.com/minio/minio-go/v7/api-get-object-acl.go')
-rw-r--r-- | vendor/github.com/minio/minio-go/v7/api-get-object-acl.go | 152 |
1 files changed, 0 insertions, 152 deletions
diff --git a/vendor/github.com/minio/minio-go/v7/api-get-object-acl.go b/vendor/github.com/minio/minio-go/v7/api-get-object-acl.go deleted file mode 100644 index 9041d99..0000000 --- a/vendor/github.com/minio/minio-go/v7/api-get-object-acl.go +++ /dev/null | |||
@@ -1,152 +0,0 @@ | |||
1 | /* | ||
2 | * MinIO Go Library for Amazon S3 Compatible Cloud Storage | ||
3 | * Copyright 2018 MinIO, Inc. | ||
4 | * | ||
5 | * Licensed under the Apache License, Version 2.0 (the "License"); | ||
6 | * you may not use this file except in compliance with the License. | ||
7 | * You may obtain a copy of the License at | ||
8 | * | ||
9 | * http://www.apache.org/licenses/LICENSE-2.0 | ||
10 | * | ||
11 | * Unless required by applicable law or agreed to in writing, software | ||
12 | * distributed under the License is distributed on an "AS IS" BASIS, | ||
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
14 | * See the License for the specific language governing permissions and | ||
15 | * limitations under the License. | ||
16 | */ | ||
17 | |||
18 | package minio | ||
19 | |||
20 | import ( | ||
21 | "context" | ||
22 | "encoding/xml" | ||
23 | "net/http" | ||
24 | "net/url" | ||
25 | ) | ||
26 | |||
27 | // Grantee represents the person being granted permissions. | ||
28 | type Grantee struct { | ||
29 | XMLName xml.Name `xml:"Grantee"` | ||
30 | ID string `xml:"ID"` | ||
31 | DisplayName string `xml:"DisplayName"` | ||
32 | URI string `xml:"URI"` | ||
33 | } | ||
34 | |||
35 | // Grant holds grant information | ||
36 | type Grant struct { | ||
37 | XMLName xml.Name `xml:"Grant"` | ||
38 | Grantee Grantee | ||
39 | Permission string `xml:"Permission"` | ||
40 | } | ||
41 | |||
42 | // AccessControlList contains the set of grantees and the permissions assigned to each grantee. | ||
43 | type AccessControlList struct { | ||
44 | XMLName xml.Name `xml:"AccessControlList"` | ||
45 | Grant []Grant | ||
46 | Permission string `xml:"Permission"` | ||
47 | } | ||
48 | |||
49 | type accessControlPolicy struct { | ||
50 | XMLName xml.Name `xml:"AccessControlPolicy"` | ||
51 | Owner Owner | ||
52 | AccessControlList AccessControlList | ||
53 | } | ||
54 | |||
55 | // GetObjectACL get object ACLs | ||
56 | func (c *Client) GetObjectACL(ctx context.Context, bucketName, objectName string) (*ObjectInfo, error) { | ||
57 | resp, err := c.executeMethod(ctx, http.MethodGet, requestMetadata{ | ||
58 | bucketName: bucketName, | ||
59 | objectName: objectName, | ||
60 | queryValues: url.Values{ | ||
61 | "acl": []string{""}, | ||
62 | }, | ||
63 | }) | ||
64 | if err != nil { | ||
65 | return nil, err | ||
66 | } | ||
67 | defer closeResponse(resp) | ||
68 | |||
69 | if resp.StatusCode != http.StatusOK { | ||
70 | return nil, httpRespToErrorResponse(resp, bucketName, objectName) | ||
71 | } | ||
72 | |||
73 | res := &accessControlPolicy{} | ||
74 | |||
75 | if err := xmlDecoder(resp.Body, res); err != nil { | ||
76 | return nil, err | ||
77 | } | ||
78 | |||
79 | objInfo, err := c.StatObject(ctx, bucketName, objectName, StatObjectOptions{}) | ||
80 | if err != nil { | ||
81 | return nil, err | ||
82 | } | ||
83 | |||
84 | objInfo.Owner.DisplayName = res.Owner.DisplayName | ||
85 | objInfo.Owner.ID = res.Owner.ID | ||
86 | |||
87 | objInfo.Grant = append(objInfo.Grant, res.AccessControlList.Grant...) | ||
88 | |||
89 | cannedACL := getCannedACL(res) | ||
90 | if cannedACL != "" { | ||
91 | objInfo.Metadata.Add("X-Amz-Acl", cannedACL) | ||
92 | return &objInfo, nil | ||
93 | } | ||
94 | |||
95 | grantACL := getAmzGrantACL(res) | ||
96 | for k, v := range grantACL { | ||
97 | objInfo.Metadata[k] = v | ||
98 | } | ||
99 | |||
100 | return &objInfo, nil | ||
101 | } | ||
102 | |||
103 | func getCannedACL(aCPolicy *accessControlPolicy) string { | ||
104 | grants := aCPolicy.AccessControlList.Grant | ||
105 | |||
106 | switch { | ||
107 | case len(grants) == 1: | ||
108 | if grants[0].Grantee.URI == "" && grants[0].Permission == "FULL_CONTROL" { | ||
109 | return "private" | ||
110 | } | ||
111 | case len(grants) == 2: | ||
112 | for _, g := range grants { | ||
113 | if g.Grantee.URI == "http://acs.amazonaws.com/groups/global/AuthenticatedUsers" && g.Permission == "READ" { | ||
114 | return "authenticated-read" | ||
115 | } | ||
116 | if g.Grantee.URI == "http://acs.amazonaws.com/groups/global/AllUsers" && g.Permission == "READ" { | ||
117 | return "public-read" | ||
118 | } | ||
119 | if g.Permission == "READ" && g.Grantee.ID == aCPolicy.Owner.ID { | ||
120 | return "bucket-owner-read" | ||
121 | } | ||
122 | } | ||
123 | case len(grants) == 3: | ||
124 | for _, g := range grants { | ||
125 | if g.Grantee.URI == "http://acs.amazonaws.com/groups/global/AllUsers" && g.Permission == "WRITE" { | ||
126 | return "public-read-write" | ||
127 | } | ||
128 | } | ||
129 | } | ||
130 | return "" | ||
131 | } | ||
132 | |||
133 | func getAmzGrantACL(aCPolicy *accessControlPolicy) map[string][]string { | ||
134 | grants := aCPolicy.AccessControlList.Grant | ||
135 | res := map[string][]string{} | ||
136 | |||
137 | for _, g := range grants { | ||
138 | switch { | ||
139 | case g.Permission == "READ": | ||
140 | res["X-Amz-Grant-Read"] = append(res["X-Amz-Grant-Read"], "id="+g.Grantee.ID) | ||
141 | case g.Permission == "WRITE": | ||
142 | res["X-Amz-Grant-Write"] = append(res["X-Amz-Grant-Write"], "id="+g.Grantee.ID) | ||
143 | case g.Permission == "READ_ACP": | ||
144 | res["X-Amz-Grant-Read-Acp"] = append(res["X-Amz-Grant-Read-Acp"], "id="+g.Grantee.ID) | ||
145 | case g.Permission == "WRITE_ACP": | ||
146 | res["X-Amz-Grant-Write-Acp"] = append(res["X-Amz-Grant-Write-Acp"], "id="+g.Grantee.ID) | ||
147 | case g.Permission == "FULL_CONTROL": | ||
148 | res["X-Amz-Grant-Full-Control"] = append(res["X-Amz-Grant-Full-Control"], "id="+g.Grantee.ID) | ||
149 | } | ||
150 | } | ||
151 | return res | ||
152 | } | ||