001 package railo.commons.io.res.type.s3; 002 003 import java.io.IOException; 004 import java.util.ArrayList; 005 import java.util.Iterator; 006 import java.util.List; 007 008 import railo.commons.lang.Md5; 009 import railo.commons.lang.StringUtil; 010 import railo.runtime.exp.PageException; 011 import railo.runtime.functions.s3.StoreGetACL; 012 import railo.runtime.op.Caster; 013 import railo.runtime.type.Array; 014 import railo.runtime.type.Struct; 015 import railo.runtime.type.util.KeyConstants; 016 017 public class AccessControl { 018 019 public static final short TYPE_GROUP=1; 020 public static final short TYPE_EMAIL=2; 021 public static final short TYPE_CANONICAL_USER=4; 022 023 private String id; 024 private String displayName; 025 private String permission; 026 private String uri; 027 private short type; 028 private String email; 029 030 /** 031 * @return the type 032 */ 033 public short getType() { 034 return type; 035 } 036 037 /** 038 * @param type the type to set 039 */ 040 public void setType(short type) { 041 this.type = type; 042 } 043 044 /** 045 * @return the id 046 */ 047 public String getId() { 048 return id; 049 } 050 /** 051 * @param id the id to set 052 */ 053 public void setId(String id) { 054 this.id = id; 055 } 056 /** 057 * @return the displayName 058 */ 059 public String getDisplayName() { 060 return displayName; 061 } 062 /** 063 * @param displayName the displayName to set 064 */ 065 public void setDisplayName(String displayName) { 066 this.displayName = displayName; 067 } 068 /** 069 * @return the permission 070 */ 071 public String getPermission() { 072 return permission; 073 } 074 075 public void setPermission(String permission) { 076 this.permission=permission; 077 } 078 079 /** 080 * @return the uri 081 */ 082 public String getUri() { 083 return uri; 084 } 085 /** 086 * @param uri the uri to set 087 */ 088 public void setUri(String uri) { 089 this.uri = uri; 090 } 091 092 093 094 /** 095 * @return the email 096 */ 097 public String getEmail() { 098 return email; 099 } 100 101 /** 102 * @param email the email to set 103 */ 104 public void setEmail(String email) { 105 this.email = email; 106 } 107 108 109 @Override 110 public String toString(){ 111 return "displayName:"+displayName+";email:"+email+";id:"+id+";permission:"+permission+";type:"+type+";uri:"+uri; 112 } 113 114 public String hash() { 115 try { 116 return Md5.getDigestAsString(toString()); 117 } catch (IOException e) { 118 return null; 119 } 120 } 121 @Override 122 public int hashCode() { 123 return hash().hashCode(); 124 } 125 126 127 128 129 130 131 132 133 public static List<AccessControl> toAccessControlList(Object objACL) throws S3Exception, PageException{ 134 Array arr = Caster.toArray(objACL,null); 135 if(arr==null) 136 throw new S3Exception("ACL Object must be a Array of Structs"); 137 138 Struct sct; 139 Iterator<Object> it = arr.valueIterator(); 140 List<AccessControl> acl=new ArrayList<AccessControl>(); 141 while(it.hasNext()){ 142 sct=Caster.toStruct(it.next(), null); 143 if(sct==null) 144 throw new S3Exception("ACL Object must be a Array of Structs"); 145 acl.add(toAccessControl(sct)); 146 } 147 return acl; 148 } 149 150 151 public static AccessControl toAccessControl(Struct sct) throws S3Exception, PageException{ 152 AccessControl ac=new AccessControl(); 153 ac.setPermission(AccessControl.toPermission(sct.get(StoreGetACL.PERMISSION,null))); 154 155 156 157 // Email 158 String email = Caster.toString(sct.get(KeyConstants._email,null),null); 159 if(!StringUtil.isEmpty(email)){ 160 ac.setType(AccessControl.TYPE_EMAIL); 161 ac.setEmail(email); 162 return ac; 163 } 164 165 // Group 166 String uri=AccessControl.groupToURI(sct.get(KeyConstants._group,null)); 167 if(!StringUtil.isEmpty(uri)) { 168 ac.setType(AccessControl.TYPE_GROUP); 169 ac.setUri(uri); 170 return ac; 171 } 172 173 // Canonical 174 String id = Caster.toString(sct.get(KeyConstants._id),null); 175 String displayName = Caster.toString(sct.get(StoreGetACL.DISPLAY_NAME),null); 176 if(StringUtil.isEmpty(id)) 177 throw new S3Exception("missing id for Canonical User defintion"); 178 179 ac.setType(AccessControl.TYPE_CANONICAL_USER); 180 ac.setId(id); 181 ac.setDisplayName(displayName); 182 183 return ac; 184 } 185 186 187 public static String toPermission(Object oPermission) throws S3Exception { 188 String permission=Caster.toString(oPermission,null); 189 if(StringUtil.isEmpty(permission,true)) 190 throw new S3Exception("missing permission definition"); 191 192 permission=permission.toUpperCase().trim(); 193 permission=AccessControl.removeWordDelimter(permission); 194 195 if("FULLCONTROL".equals(permission)) 196 return "FULL_CONTROL"; 197 else if("WRITEACP".equals(permission)) 198 return "WRITE_ACP"; 199 else if("READACP".equals(permission)) 200 return "READ_ACP"; 201 else if("WRITE".equals(permission)) 202 return "WRITE"; 203 else if("READ".equals(permission)) 204 return "READ"; 205 else 206 throw new S3Exception("invalid permission definition ["+permission+"], valid permissions are [FULL_CONTROL, WRITE, WRITE_ACP, READ, READ_ACP]"); 207 } 208 209 210 public static String groupToURI(Object oGroup) throws S3Exception { 211 if(!StringUtil.isEmpty(oGroup)) { 212 String group=Caster.toString(oGroup,null); 213 if(group==null) 214 throw new S3Exception("invalid object type for group definition"); 215 216 group=removeWordDelimter(group); 217 if("all".equalsIgnoreCase(group)) 218 return "http://acs.amazonaws.com/groups/global/AllUsers"; 219 if("authenticated".equalsIgnoreCase(group) || "AuthenticatedUser".equalsIgnoreCase(group) || "AuthenticatedUsers".equalsIgnoreCase(group)) 220 return "http://acs.amazonaws.com/groups/global/AuthenticatedUsers"; 221 if("logdelivery".equalsIgnoreCase(group)) 222 return "http://acs.amazonaws.com/groups/s3/LogDelivery"; 223 throw new S3Exception("invalid group definition ["+group+"], valid group defintions are are [all,authenticated,log_delivery]"); 224 225 } 226 return null; 227 } 228 229 230 public static String toType(short type) throws S3Exception { 231 String rtn = toType(type, null); 232 if(rtn!=null) return rtn; 233 throw new S3Exception("invalid type defintion"); 234 } 235 236 public static String toType(short type, String defaultValue) { 237 switch(type){ 238 case TYPE_EMAIL: return "AmazonCustomerByEmail"; 239 case TYPE_GROUP: return "Group"; 240 case TYPE_CANONICAL_USER: return "CanonicalUser"; 241 } 242 return defaultValue; 243 } 244 245 public static short toType(String type) throws S3Exception { 246 short rtn = toType(type, (short)-1); 247 if(rtn!=-1) return rtn; 248 249 throw new S3Exception("invalid type defintion ["+type+"], valid types are [Email,Group,CanonicalUser]"); 250 } 251 252 public static short toType(String type, short defaultValue) { 253 type=removeWordDelimter(type); 254 if("Email".equalsIgnoreCase(type)) return TYPE_EMAIL; 255 if("AmazonCustomerByEmail".equalsIgnoreCase(type)) return TYPE_EMAIL; 256 if("CanonicalUser".equalsIgnoreCase(type)) return TYPE_CANONICAL_USER; 257 if("Group".equalsIgnoreCase(type)) return TYPE_GROUP; 258 259 return defaultValue; 260 } 261 262 263 264 private static String removeWordDelimter(String str) { 265 str=StringUtil.replace(str,"_", "", false); 266 str=StringUtil.replace(str,"-", "", false); 267 str=StringUtil.replace(str," ", "", false); 268 return str; 269 } 270 }