Class: Google::Cloud::Storage::Bucket::DefaultAcl

Inherits:
Object
  • Object
show all
Defined in:
lib/google/cloud/storage/bucket/acl.rb

Overview

Bucket Default Access Control List

Represents a Bucket's Default Access Control List.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.default_acl.readers.each { |reader| puts reader }

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#user_projectObject

A boolean value or a project ID string to indicate the project to be billed for operations on the bucket and its files. If this attribute is set to true, transit costs for operations on the bucket will be billed to the current project for this client. (See Project#project for the ID of the current project.) If this attribute is set to a project ID, and that project is authorized for the currently authenticated service account, transit costs will be billed to that project. This attribute is required with requester pays-enabled buckets. The default is nil.

In general, this attribute should be set when first retrieving the owning bucket by providing the user_project option to Project#bucket.

See also Google::Cloud::Storage::Bucket#requester_pays= and Google::Cloud::Storage::Bucket#requester_pays.



502
503
504
# File 'lib/google/cloud/storage/bucket/acl.rb', line 502

def user_project
  @user_project
end

Instance Method Details

#add_owner(entity) ⇒ Object

Grants default owner permission to files in the bucket.

Examples:

Grant access to a user by prepending "user-" to an email:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

email = "[email protected]"
bucket.default_acl.add_owner "user-#{email}"

Grant access to a group by prepending "group-" to email:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

email = "[email protected]"
bucket.default_acl.add_owner "group-#{email}"

Parameters:

  • entity (String)

    The entity holding the permission, in one of the following forms:

    • user-userId
    • user-email
    • group-groupId
    • group-email
    • domain-domain
    • project-team-projectId
    • allUsers
    • allAuthenticatedUsers


613
614
615
616
617
618
619
# File 'lib/google/cloud/storage/bucket/acl.rb', line 613

def add_owner entity
  gapi = @service.insert_default_acl @bucket, entity, "OWNER",
                                     user_project: user_project
  entity = gapi.entity
  @owners&.push entity
  entity
end

#add_reader(entity) ⇒ Object

Grants default reader permission to files in the bucket.

Examples:

Grant access to a user by prepending "user-" to an email:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

email = "[email protected]"
bucket.default_acl.add_reader "user-#{email}"

Grant access to a group by prepending "group-" to email:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

email = "[email protected]"
bucket.default_acl.add_reader "group-#{email}"

Parameters:

  • entity (String)

    The entity holding the permission, in one of the following forms:

    • user-userId
    • user-email
    • group-groupId
    • group-email
    • domain-domain
    • project-team-projectId
    • allUsers
    • allAuthenticatedUsers


656
657
658
659
660
661
662
# File 'lib/google/cloud/storage/bucket/acl.rb', line 656

def add_reader entity
  gapi = @service.insert_default_acl @bucket, entity, "READER",
                                     user_project: user_project
  entity = gapi.entity
  @readers&.push entity
  entity
end

#auth!(if_metageneration_match: nil) ⇒ Object Also known as: authenticatedRead!, auth_read!, authenticated!, authenticated_read!

Convenience method to apply the default authenticatedRead predefined ACL rule to files in the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.default_acl.auth!


718
719
720
# File 'lib/google/cloud/storage/bucket/acl.rb', line 718

def auth! if_metageneration_match: nil
  update_predefined_default_acl! "authenticatedRead", if_metageneration_match: if_metageneration_match
end

#delete(entity) ⇒ Object

Permanently deletes the entity from the bucket's default access control list for files.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

email = "[email protected]"
bucket.default_acl.delete "user-#{email}"

Parameters:

  • entity (String)

    The entity holding the permission, in one of the following forms:

    • user-userId
    • user-email
    • group-groupId
    • group-email
    • domain-domain
    • project-team-projectId
    • allUsers
    • allAuthenticatedUsers


690
691
692
693
694
695
696
# File 'lib/google/cloud/storage/bucket/acl.rb', line 690

def delete entity
  @service.delete_default_acl @bucket, entity,
                              user_project: user_project
  @owners&.delete entity
  @readers&.delete entity
  true
end

#owner_full!(if_metageneration_match: nil) ⇒ Object Also known as: bucketOwnerFullControl!

Convenience method to apply the default bucketOwnerFullControl predefined ACL rule to files in the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.default_acl.owner_full!


739
740
741
# File 'lib/google/cloud/storage/bucket/acl.rb', line 739

def owner_full! if_metageneration_match: nil
  update_predefined_default_acl! "bucketOwnerFullControl", if_metageneration_match: if_metageneration_match
end

#owner_read!(if_metageneration_match: nil) ⇒ Object Also known as: bucketOwnerRead!

Convenience method to apply the default bucketOwnerRead predefined ACL rule to files in the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.default_acl.owner_read!


757
758
759
# File 'lib/google/cloud/storage/bucket/acl.rb', line 757

def owner_read! if_metageneration_match: nil
  update_predefined_default_acl! "bucketOwnerRead", if_metageneration_match: if_metageneration_match
end

#ownersArray<String>

Lists the default owners for files in the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.default_acl.owners.each { |owner| puts owner }

Returns:

  • (Array<String>)


554
555
556
557
# File 'lib/google/cloud/storage/bucket/acl.rb', line 554

def owners
  reload! if @owners.nil?
  @owners
end

#private!(if_metageneration_match: nil) ⇒ Object

Convenience method to apply the default private predefined ACL rule to files in the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.default_acl.private!


775
776
777
# File 'lib/google/cloud/storage/bucket/acl.rb', line 775

def private! if_metageneration_match: nil
  update_predefined_default_acl! "private", if_metageneration_match: if_metageneration_match
end

#project_private!(if_metageneration_match: nil) ⇒ Object Also known as: projectPrivate!

Convenience method to apply the default projectPrivate predefined ACL rule to files in the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.default_acl.project_private!


792
793
794
# File 'lib/google/cloud/storage/bucket/acl.rb', line 792

def project_private! if_metageneration_match: nil
  update_predefined_default_acl! "projectPrivate", if_metageneration_match: if_metageneration_match
end

#public!(if_metageneration_match: nil) ⇒ Object Also known as: publicRead!, public_read!

Convenience method to apply the default publicRead predefined ACL rule to files in the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.default_acl.public!


810
811
812
# File 'lib/google/cloud/storage/bucket/acl.rb', line 810

def public! if_metageneration_match: nil
  update_predefined_default_acl! "publicRead", if_metageneration_match: if_metageneration_match
end

#readersArray<String>

Lists the default readers for files in the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.default_acl.readers.each { |reader| puts reader }

Returns:

  • (Array<String>)


573
574
575
576
# File 'lib/google/cloud/storage/bucket/acl.rb', line 573

def readers
  reload! if @readers.nil?
  @readers
end

#reload!Object Also known as: refresh!

Reloads all Default Access Control List data for the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.default_acl.reload!


527
528
529
530
531
532
533
534
535
536
537
# File 'lib/google/cloud/storage/bucket/acl.rb', line 527

def reload!
  gapi = @service.list_default_acls @bucket,
                                    user_project: user_project
  acls = Array(gapi.items).map do |acl|
    next acl if acl.is_a? Google::Apis::StorageV1::ObjectAccessControl
    raise "Unknown ACL format: #{acl.class}" unless acl.is_a? Hash
    Google::Apis::StorageV1::ObjectAccessControl.from_json acl.to_json
  end
  @owners  = entities_from_acls acls, "OWNER"
  @readers = entities_from_acls acls, "READER"
end