Examples of com.cloud.bridge.service.core.s3.S3PolicyContext

• com.cloud.bridge.service.core.s3.S3PolicyContext
  The purpose of this class is to pass into the heart of the Bucket Policy evaluation logic all the context (strings from the request) needed for each defined condition.

        // [B] The owner may want to restrict the IP address at which this can be performed
        String client = UserContext.current().getCanonicalUserId();
        if (!client.equals(sbucket.getOwnerCanonicalId()))
            throw new PermissionDeniedException("Access Denied - only the owner can read bucket versioning");

        S3PolicyContext context = new S3PolicyContext(PolicyActions.GetBucketVersioning, bucketName);
        if (PolicyAccess.DENY == S3Engine.verifyPolicy(context)) {
            response.setStatus(403);
            return;
        }

            String client = UserContext.current().getCanonicalUserId();
            if (!client.equals(sbucket.getOwnerCanonicalId()))
                throw new PermissionDeniedException("Access Denied - only the owner can turn on versioing on a bucket");

            S3PolicyContext context = new S3PolicyContext(PolicyActions.PutBucketVersioning, bucketName);
            if (PolicyAccess.DENY == S3Engine.verifyPolicy(context)) {
                response.setStatus(403);
                return;
            }

            logger.error("listMultipartUpload failed since " + bucketName + " does not exist");
            response.setStatus(404);
            return;
        }

        S3PolicyContext context = new S3PolicyContext(PolicyActions.ListBucketMultipartUploads, bucketName);
        context.setEvalParam(ConditionKeys.Prefix, prefix);
        context.setEvalParam(ConditionKeys.Delimiter, delimiter);
        S3Engine.verifyAccess(context, "SBucket", bucket.getId(), SAcl.PERMISSION_READ);

        // [B] Query the multipart table to get the list of current uploads
        try {
            MultipartLoadDao uploadDao = new MultipartLoadDao();

    // [B] "The bucket owner by default has permissions to attach bucket policies to their buckets using PUT Bucket policy."
    //  -> the bucket owner may want to restrict the IP address from where this can be executed
      String client = UserContext.current().getCanonicalUserId();
    S3PolicyContext context = new S3PolicyContext( PolicyActions.PutBucketPolicy, bucketName );
      switch( S3Engine.verifyPolicy( context )) {
      case ALLOW:
             break;

    case DEFAULT_DENY:

    // [B] "The bucket owner by default has permissions to retrieve bucket policies using GET Bucket policy."
    //  -> the bucket owner may want to restrict the IP address from where this can be executed
    String client = UserContext.current().getCanonicalUserId();
    S3PolicyContext context = new S3PolicyContext( PolicyActions.GetBucketPolicy, bucketName );
    switch( S3Engine.verifyPolicy( context )) {
    case ALLOW:
             break;

    case DEFAULT_DENY:

    // [B] The owner may want to restrict the IP address at which this can be performed
    String client = UserContext.current().getCanonicalUserId();
    if (!client.equals( sbucket.getOwnerCanonicalId()))
        throw new PermissionDeniedException( "Access Denied - only the owner can read bucket versioning" );

    S3PolicyContext context = new S3PolicyContext( PolicyActions.GetBucketVersioning, bucketName );
      if (PolicyAccess.DENY == S3Engine.verifyPolicy( context )) {
             response.setStatus(403);
             return;
      }

      String client = UserContext.current().getCanonicalUserId();
      if (!client.equals( sbucket.getOwnerCanonicalId()))
          throw new PermissionDeniedException( "Access Denied - only the owner can turn on versioing on a bucket" );

      S3PolicyContext context = new S3PolicyContext( PolicyActions.PutBucketVersioning, bucketName );
        if (PolicyAccess.DENY == S3Engine.verifyPolicy( context )) {
               response.setStatus(403);
               return;
        }

      logger.error( "listMultipartUpload failed since " + bucketName + " does not exist" );
        response.setStatus(404);
        return;
    }

    S3PolicyContext context = new S3PolicyContext( PolicyActions.ListBucketMultipartUploads, bucketName );
    context.setEvalParam( ConditionKeys.Prefix, prefix );
    context.setEvalParam( ConditionKeys.Delimiter, delimiter );
    S3Engine.verifyAccess( context, "SBucket", bucket.getId(), SAcl.PERMISSION_READ );


    // [B] Query the multipart table to get the list of current uploads
      try {

          initiator = uploadDao.getInitiator( uploadId );
          if (null == initiator || !initiator.equals( UserContext.current().getAccessKey()))
          {
            try {
                // -> write permission on a bucket allows a PutObject / DeleteObject action on any object in the bucket
              S3PolicyContext context = new S3PolicyContext( PolicyActions.ListMultipartUploadParts, bucketName );
              context.setKeyName( exists.getSecond());
              S3Engine.verifyAccess( context, "SBucket", bucket.getId(), SAcl.PERMISSION_WRITE );
            }
            catch (PermissionDeniedException e) {
              response.setStatus(403);
              return;

    // [B] "The bucket owner by default has permissions to attach bucket policies to their buckets using PUT Bucket policy."
    //  -> the bucket owner may want to restrict the IP address from where this can be executed
  String client = UserContext.current().getCanonicalUserId();
  S3PolicyContext context = new S3PolicyContext(
    PolicyActions.PutBucketPolicy, bucketName);

  switch (S3Engine.verifyPolicy(context)) {
  case ALLOW:
      break;