def get_acl(self, headers, body, bucket_owner, object_owner=None): """ Get ACL instance from S3 (e.g. x-amz-grant) headers or S3 acl xml body. """ acl = ACL.from_headers(headers, bucket_owner, object_owner, as_private=False) if acl is None: # Get acl from request body if possible. if not body: raise MissingSecurityHeader(missing_header_name='x-amz-acl') try: elem = fromstring(body, ACL.root_tag) acl = ACL.from_elem(elem, True, self.req.allow_no_owner) except (XMLSyntaxError, DocumentInvalid): raise MalformedACLError() except Exception as e: exc_type, exc_value, exc_traceback = sys.exc_info() self.logger.error(e) raise exc_type, exc_value, exc_traceback else: if body: # Specifying grant with both header and xml is not allowed. raise UnexpectedContent() return acl
def get_acl(self, headers, body, bucket_owner, object_owner=None): """ Get ACL instance from S3 (e.g. x-amz-grant) headers or S3 acl xml body. """ acl = ACL.from_headers(headers, bucket_owner, object_owner, as_private=False) if acl is None: # Get acl from request body if possible. if not body: raise MissingSecurityHeader(missing_header_name='x-amz-acl') try: elem = fromstring(body, ACL.root_tag) acl = ACL.from_elem( elem, True, self.req.allow_no_owner) except(XMLSyntaxError, DocumentInvalid): raise MalformedACLError() except Exception as e: exc_type, exc_value, exc_traceback = sys.exc_info() self.logger.error(e) raise exc_type, exc_value, exc_traceback else: if body: # Specifying grant with both header and xml is not allowed. raise UnexpectedContent() return acl
def test_acl_from_elem_by_id_only(self): elem = ACLPrivate(Owner(id='test:tester', name='test:tester'), s3_acl=self.s3_acl, allow_no_owner=self.allow_no_owner).elem() elem.find('./Owner').remove(elem.find('./Owner/DisplayName')) acl = ACL.from_elem(elem, self.s3_acl, self.allow_no_owner) self.assertTrue(self.check_permission(acl, 'test:tester', 'READ')) self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE')) self.assertTrue(self.check_permission(acl, 'test:tester', 'READ_ACP')) self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE_ACP')) self.assertFalse(self.check_permission(acl, 'test:tester2', 'READ')) self.assertFalse(self.check_permission(acl, 'test:tester2', 'WRITE')) self.assertFalse(self.check_permission(acl, 'test:tester2', 'READ_ACP')) self.assertFalse( self.check_permission(acl, 'test:tester2', 'WRITE_ACP'))
def test_acl_from_elem_by_id_only(self): elem = ACLPrivate(Owner(id='test:tester', name='test:tester'), s3_acl=self.s3_acl, allow_no_owner=self.allow_no_owner).elem() elem.find('./Owner').remove(elem.find('./Owner/DisplayName')) acl = ACL.from_elem(elem, self.s3_acl, self.allow_no_owner) self.assertTrue(self.check_permission(acl, 'test:tester', 'READ')) self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE')) self.assertTrue(self.check_permission(acl, 'test:tester', 'READ_ACP')) self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE_ACP')) self.assertFalse(self.check_permission(acl, 'test:tester2', 'READ')) self.assertFalse(self.check_permission(acl, 'test:tester2', 'WRITE')) self.assertFalse(self.check_permission(acl, 'test:tester2', 'READ_ACP')) self.assertFalse(self.check_permission(acl, 'test:tester2', 'WRITE_ACP'))
def test_acl_from_elem(self): # check translation from element acl = ACLPrivate(Owner(id='test:tester', name='test:tester'), s3_acl=self.s3_acl, allow_no_owner=self.allow_no_owner) elem = acl.elem() acl = ACL.from_elem(elem, self.s3_acl, self.allow_no_owner) self.assertTrue(self.check_permission(acl, 'test:tester', 'READ')) self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE')) self.assertTrue(self.check_permission(acl, 'test:tester', 'READ_ACP')) self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE_ACP')) self.assertFalse(self.check_permission(acl, 'test:tester2', 'READ')) self.assertFalse(self.check_permission(acl, 'test:tester2', 'WRITE')) self.assertFalse(self.check_permission(acl, 'test:tester2', 'READ_ACP')) self.assertFalse( self.check_permission(acl, 'test:tester2', 'WRITE_ACP'))
def test_acl_from_elem(self): # check translation from element acl = ACLPrivate(Owner(id='test:tester', name='test:tester'), s3_acl=self.s3_acl, allow_no_owner=self.allow_no_owner) elem = acl.elem() acl = ACL.from_elem(elem, self.s3_acl, self.allow_no_owner) self.assertTrue(self.check_permission(acl, 'test:tester', 'READ')) self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE')) self.assertTrue(self.check_permission(acl, 'test:tester', 'READ_ACP')) self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE_ACP')) self.assertFalse(self.check_permission(acl, 'test:tester2', 'READ')) self.assertFalse(self.check_permission(acl, 'test:tester2', 'WRITE')) self.assertFalse(self.check_permission(acl, 'test:tester2', 'READ_ACP')) self.assertFalse(self.check_permission(acl, 'test:tester2', 'WRITE_ACP'))