Class: AWS::S3::ACL::Grantee

Inherits:
Object
  • Object
show all
Includes:
SelectiveAttributeProxy
Defined in:
lib/aws-matt/s3/acl.rb

Overview

Grants bestow a access permission to grantees. Each grant of some access control list Policy is associated with a grantee. There are three ways of specifying a grantee at the time of this writing.

  • By canonical user - This format uses the id of a given Amazon account. The id value for a given account is available in the

Owner object of a bucket, object or policy.

 grantee.id = 'bb2041a25975c3d4ce9775fe9e93e5b77a6a9fad97dc7e00686191f3790b13f1'

Often the id will just be fetched from some owner object.

grantee.id = some_object.owner.id
  • By amazon email address - You can specify an email address for any Amazon account. The Amazon account need not be signed up with the S3 service.

though it must be unique across the entire Amazon system. This email address is normalized into a canonical user representation once the grant has been sent back up to the S3 servers.

grantee.email_address = '[email protected]'
  • By group - As of this writing you can not create custom groups, but Amazon provides three group that you can use. See the documentation for the

Grantee.group= method for details.

grantee.group = 'Authenticated'

Defined Under Namespace

Classes: Builder

Instance Method Summary collapse

Constructor Details

#initialize(attributes = {}) {|_self| ... } ⇒ Grantee

Returns a new instance of Grantee.

Yields:

  • (_self)

Yield Parameters:



390
391
392
393
394
395
396
397
# File 'lib/aws-matt/s3/acl.rb', line 390

def initialize(attributes = {})
  # Set default values for attributes that may not be passed in but we still want the object
  # to respond to
  attributes = {'id' => nil, 'display_name' => nil, 'email_address' => nil, 'uri' => nil}.merge(attributes)
  @attributes = attributes
  extract_type!
  yield self if block_given?
end

Instance Method Details

#groupObject

Returns the grantee’s group. If the grantee is not a group, nil is returned.



434
435
436
437
# File 'lib/aws-matt/s3/acl.rb', line 434

def group
  return unless uri
  uri[%r([^/]+$)]
end

#group=(group_name) ⇒ Object

Sets the grantee’s group by name.

grantee.group = 'AllUsers'

Currently, valid groups defined by S3 are:

  • AllUsers: This group represents anyone. In other words, an anonymous request.

  • Authenticated: Any authenticated account on the S3 service.

  • LogDelivery: The entity that delivers bucket access logs.



428
429
430
431
# File 'lib/aws-matt/s3/acl.rb', line 428

def group=(group_name)
  section  = %w(AllUsers Authenticated).include?(group_name) ? 'global' : 's3'
  self.uri = "http://acs.amazonaws.com/groups/#{section}/#{group_name}"
end

#inspectObject

:nodoc:



447
448
449
# File 'lib/aws-matt/s3/acl.rb', line 447

def inspect #:nodoc:
  "#<%s:0x%s %s>" %  [self.class, object_id, type_representation || '(type not set yet)']
end

#to_xmlObject

The xml representation of the current grantee object.



400
401
402
# File 'lib/aws-matt/s3/acl.rb', line 400

def to_xml
  Builder.new(self).to_s
end

#typeObject

Returns the type of grantee. Will be one of CanonicalUser, AmazonCustomerByEmail or Group.



405
406
407
408
409
410
411
412
413
414
415
416
417
# File 'lib/aws-matt/s3/acl.rb', line 405

def type
  return attributes['type'] if attributes['type']
  
  # Lookups are in order of preference so if, for example, you set the uri but display_name and id are also
  # set, we'd rather go with the canonical representation.
  if display_name && id
    'CanonicalUser'
  elsif email_address
    'AmazonCustomerByEmail'
  elsif uri
    'Group'
  end
end

#type_representationObject

:nodoc:



439
440
441
442
443
444
445
# File 'lib/aws-matt/s3/acl.rb', line 439

def type_representation #:nodoc:
  case type
  when 'CanonicalUser'          then display_name || id
  when 'AmazonCustomerByEmail'  then email_address
  when 'Group'                  then "#{group} Group"
  end
end