def get_acl_response(self,
app,
method=None,
container=None,
obj=None,
headers=None,
body=None,
query=None):
"""
Wrapper method of _get_response to add Oss acl information
from response sysmeta headers.
"""
resp = self._get_response(app, method, container, obj, headers, body,
query)
if 'X-Container-Read' and 'X-Container-Write' not in resp.headers:
resp.sysmeta_copy_headers = 'private'
if 'X-Container-Read' in resp.headers:
if resp.headers['X-Container-Read'] == '.rlistings' or '.r:*':
resp.sysmeta_copy_headers = 'public-read'
if 'X-Container-Write' in resp.headers and resp.headers[
'X-Container-Write'] == '.r:*':
resp.sysmeta_copy_headers = 'public-read-write'
elif resp.headers['X-Container-Read'] == ' ' and resp.headers[
'X-Container-Read'] == ' ':
resp.sysmeta_copy_headers = 'private'
else:
resp.sysmeta_copy_headers = CAN_NOT_CAPTURE
resp.owner = self.user_id
resp.bucket_acl = decode_acl('container', resp.sysmeta_headers,
resp.owner)
resp.object_acl = decode_acl('object', resp.sysmeta_headers,
resp.owner)
return resp
def test_decode_acl_undefined(self):
headers = {}
acl = decode_acl('container', headers)
self.assertEqual(type(acl), ACL)
self.assertIsNone(acl.owner.id)
self.assertEqual(len(acl.grants), 0)
def test_decode_acl_object(self):
access_control_policy = \
{'Owner': 'test:tester',
'Grant': [{'Permission': 'FULL_CONTROL',
'Grantee': 'test:tester'}]}
headers = {
sysmeta_header('object', 'acl'): json.dumps(access_control_policy)
}
acl = decode_acl('object', headers)
self.assertEqual(type(acl), ACL)
self.assertEqual(acl.owner.id, 'test:tester')
self.assertEqual(len(acl.grants), 1)
self.assertEqual(str(acl.grants[0].grantee), 'test:tester')
self.assertEqual(acl.grants[0].permission, 'FULL_CONTROL')
def test_decode_acl_empty_list(self):
headers = {sysmeta_header('container', 'acl'): '[]'}
acl = decode_acl('container', headers)
self.assertEqual(type(acl), ACL)
self.assertIsNone(acl.owner.id)
self.assertEqual(len(acl.grants), 0)