Class: Atmos::ACL
- Inherits:
-
AttributeHashBase
- Object
- Hash
- AttributeHashBase
- Atmos::ACL
- Defined in:
- lib/atmos/attributes.rb
Overview
Access Control Lists (ACLs)
There are two hashes for access control, available as properties on the object: user_acl
and group_acl
.
The keys are the Atmos usernames and the values are one of :none
, :read
, :write
, :full
. The ACLs behave like normal Hash objects. All operations are executed against the Atmos server immediately.
Defaults
By default, when you create an object, the user you gave as a parameter when instantiating Atmos::Store has full permissions on the object The default group is other
. So:
puts obj.user_acl.inspect => {user => :full}
puts obj.group_acl.inspect => {other => :none}
Adding
Adding permissions for a new user is as easy as adding another hash element:
obj.user_acl[newuser] = :read
puts obj.user_acl.inspect => {user => :full, newuser => :read}
Modifying
User and group permissions can be modified by modifying the appropriate key value. Keep in mind that you CAN be dumb and give up access to your own objects, even if there is no other user that has access to them.
obj.user_acl[newuser] = :full
puts obj.user_acl.inspect => {user => :full, newuser => :full}
obj.group_acl['other'] = :full
puts obj.group_acl.inspect => {other => :full}
Deleting
Remove any permissions for a given user or group, you can either modify existing permissions to :none
, or you can delete the user/group name from the appropriate hash. When you do either, the name disappears entirely from the hash.
obj.user_acl.delete(newuser)
puts obj.user_acl.inspect => {user => :full}
obj.user_acl[newuser] = :none
puts obj.user_acl.inspect => {user => :full}
Constant Summary collapse
- USER =
1
- GROUP =
2
Instance Attribute Summary
Attributes inherited from AttributeHashBase
Instance Method Summary collapse
-
#[]=(key, value) ⇒ Object
Adds or modifies permissions for a user or group.
-
#clear ⇒ Object
Removes all permissions for all groups, or for all users except the one used to instantiate the Atmos::Store connection.
-
#delete(key) ⇒ Object
Removes permissions for specified user/group name.
-
#group? ⇒ Boolean
Returns
true
if this ACL object is representing group ACLs. -
#initialize(obj, type) ⇒ ACL
constructor
This constructor is only meant for internal use.
-
#user? ⇒ Boolean
Returns
true
if this ACL object is representing user ACLs.
Methods inherited from AttributeHashBase
#clear_with_atmos, #default_with_atmos=, #delete_with_atmos, #header_name, #header_value, #merge_with_atmos, #merge_with_atmos!, #replace_with_atmos, #store, #to_canonicalized_header, #to_header
Constructor Details
#initialize(obj, type) ⇒ ACL
This constructor is only meant for internal use. To get ACLs on an object:
obj.user_acl => Hash
obj.group_acl => Hash
202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 |
# File 'lib/atmos/attributes.rb', line 202 def initialize(obj, type) raise Atmos::Exceptions::ArgumentException, "The 'obj' parameter cannot be nil." if (obj.nil?) raise Atmos::Exceptions::ArgumentException, "The 'obj' parameter must have an id." if (obj.aoid.nil?) raise Atmos::Exceptions::ArgumentException, "The 'type' parameter must be Atmos::ACL::USER or Atmos::ACL::GROUP." if (![USER, GROUP].include?(type)) super() @obj = obj @type = type @header = (@type == USER) ? 'x-emc-useracl' : 'x-emc-groupacl' @delete_action = @set_action = (@type == USER) ? :set_user_acl : :set_group_acl @reload_action = :list_acl reload(@reload_action, @obj.aoid) end |
Instance Method Details
#[]=(key, value) ⇒ Object
Adds or modifies permissions for a user or group.
The change is made on the Atmos server immediately. Valid values are :none
, :read
, :write
, :full
.
225 226 227 228 229 |
# File 'lib/atmos/attributes.rb', line 225 def []=(key,value) validate_value(value) response = @obj.request.do(@set_action, :id => @obj.aoid, @header => "#{key}=#{xlate_value_from_object_to_header(value)}") reload(@reload_action, @obj.aoid) end |
#clear ⇒ Object
Removes all permissions for all groups, or for all users except the one used to instantiate the Atmos::Store connection.
260 261 262 263 264 265 266 267 268 269 270 271 272 |
# File 'lib/atmos/attributes.rb', line 260 def clear # do a reload to make absolutely sure ACL is up to date reload(@reload_action, @obj.aoid) values = {} self.each do |k,v| values[k] = xlate_value_from_object_to_header(:none) end values.delete(@obj.user) response = @obj.request.do(@set_action, :id => @obj.aoid, @header => Atmos::Util.hash2header(values)) reload(@reload_action, @obj.aoid) end |
#delete(key) ⇒ Object
Removes permissions for specified user/group name. Update is made on the Atmos server immediately.
250 251 252 253 254 |
# File 'lib/atmos/attributes.rb', line 250 def delete(key) response = @obj.request.do(@set_action, :id => @obj.aoid, @header => "#{key}=#{xlate_value_from_object_to_header(:none)}") self.delete_without_atmos(key) reload(@reload_action, @obj.aoid) end |
#group? ⇒ Boolean
Returns true
if this ACL object is representing group ACLs.
242 243 244 |
# File 'lib/atmos/attributes.rb', line 242 def group? @type == GROUP end |
#user? ⇒ Boolean
Returns true
if this ACL object is representing user ACLs.
235 236 237 |
# File 'lib/atmos/attributes.rb', line 235 def user? @type == USER end |