Examples of com.cloud.bridge.service.core.s3.S3PolicyContext

• com.cloud.bridge.service.core.s3.S3PolicyContext
  The purpose of this class is to pass into the heart of the Bucket Policy evaluation logic all the context (strings from the request) needed for each defined condition.

    // [B] Is the operationRequested included in the policy statement?
    //  -> if the value in "NotAction:" matches that requested then the statement does not apply
    //  (i.e., "refers to all actions other" than defined).
    PolicyActions notActions = oneStatement.getNotAction();
      //System.out.println( "Statement: NotAction:" + notActions + " op requested: " + operationRequested );

      if ( PolicyActions.UnknownAction != notActions ) {
         if (notActions == operationRequested) return false;
      }

        // [B] "The bucket owner by default has permissions to attach bucket policies to their buckets using PUT Bucket policy."
        //  -> the bucket owner may want to restrict the IP address from where this can be executed
        String client = UserContext.current().getCanonicalUserId();
        S3PolicyContext context = new S3PolicyContext(
                PolicyActions.PutBucketPolicy, bucketName);

        switch (S3Engine.verifyPolicy(context)) {
        case ALLOW:
            break;

        // [B]
        // "The bucket owner by default has permissions to retrieve bucket policies using GET Bucket policy."
        // -> the bucket owner may want to restrict the IP address from where
        // this can be executed
        String client = UserContext.current().getCanonicalUserId();
        S3PolicyContext context = new S3PolicyContext(
                PolicyActions.GetBucketPolicy, bucketName);
        switch (S3Engine.verifyPolicy(context)) {
        case ALLOW:
            break;

        // [B] The owner may want to restrict the IP address at which this can be performed
        String client = UserContext.current().getCanonicalUserId();
        if (!client.equals( sbucket.getOwnerCanonicalId()))
            throw new PermissionDeniedException( "Access Denied - only the owner can read bucket versioning" );

        S3PolicyContext context = new S3PolicyContext( PolicyActions.GetBucketVersioning, bucketName );
        if (PolicyAccess.DENY == S3Engine.verifyPolicy( context )) {
            response.setStatus(403);
            return;
        }

            String client = UserContext.current().getCanonicalUserId();
            if (!client.equals(sbucket.getOwnerCanonicalId()))
                throw new PermissionDeniedException(
                        "Access Denied - only the owner can turn on versioing on a bucket");

            S3PolicyContext context = new S3PolicyContext(
                    PolicyActions.PutBucketVersioning, bucketName);
            if (PolicyAccess.DENY == S3Engine.verifyPolicy(context)) {
                response.setStatus(403);
                return;
            }

                    + " does not exist");
            response.setStatus(404);
            return;
        }

        S3PolicyContext context = new S3PolicyContext(
                PolicyActions.ListBucketMultipartUploads, bucketName);
        context.setEvalParam(ConditionKeys.Prefix, prefix);
        context.setEvalParam(ConditionKeys.Delimiter, delimiter);
        S3Engine.verifyAccess(context, "SBucket", bucket.getId(),
                SAcl.PERMISSION_READ);

        // [B] Query the multipart table to get the list of current uploads
        try {

            initiator = uploadDao.getInitiator( uploadId );
            if (null == initiator || !initiator.equals( UserContext.current().getAccessKey()))
            {
                try {
                    // -> write permission on a bucket allows a PutObject / DeleteObject action on any object in the bucket
                    S3PolicyContext context = new S3PolicyContext( PolicyActions.ListMultipartUploadParts, bucketName );
                    context.setKeyName( exists.getSecond());
                    S3Engine.verifyAccess( context, "SBucket", bucket.getId(), SAcl.PERMISSION_WRITE );
                }
                catch (PermissionDeniedException e) {
                    response.setStatus(403);
                    return;

            // -> the multipart initiator or bucket owner can do this action
            initiator = uploadDao.getInitiator(uploadId);
            if (null == initiator || !initiator.equals(UserContext.current().getAccessKey())) {
                try {
                    // -> write permission on a bucket allows a PutObject / DeleteObject action on any object in the bucket
                    S3PolicyContext context = new S3PolicyContext(PolicyActions.ListMultipartUploadParts, bucketName);
                    context.setKeyName(exists.getSecond());
                    S3Engine.verifyAccess(context, "SBucket", bucket.getId(), SAcl.PERMISSION_WRITE);
                } catch (PermissionDeniedException e) {
                    response.setStatus(403);
                    return;
                }

        }

        // [B] "The bucket owner by default has permissions to attach bucket policies to their buckets using PUT Bucket policy."
        //  -> the bucket owner may want to restrict the IP address from where this can be executed
        String client = UserContext.current().getCanonicalUserId();
        S3PolicyContext context = new S3PolicyContext(PolicyActions.PutBucketPolicy, bucketName);

        switch (S3Engine.verifyPolicy(context)) {
            case ALLOW:
                break;

        // [B]
        // "The bucket owner by default has permissions to retrieve bucket policies using GET Bucket policy."
        // -> the bucket owner may want to restrict the IP address from where
        // this can be executed
        String client = UserContext.current().getCanonicalUserId();
        S3PolicyContext context = new S3PolicyContext(PolicyActions.GetBucketPolicy, bucketName);
        switch (S3Engine.verifyPolicy(context)) {
            case ALLOW:
                break;

            case DEFAULT_DENY: