Examples of com.cloud.bridge.service.core.s3.S3PolicyContext

• com.cloud.bridge.service.core.s3.S3PolicyContext
  The purpose of this class is to pass into the heart of the Bucket Policy evaluation logic all the context (strings from the request) needed for each defined condition.

  // [B]
  // "The bucket owner by default has permissions to retrieve bucket policies using GET Bucket policy."
  // -> the bucket owner may want to restrict the IP address from where
  // this can be executed
  String client = UserContext.current().getCanonicalUserId();
  S3PolicyContext context = new S3PolicyContext(
    PolicyActions.GetBucketPolicy, bucketName);
  switch (S3Engine.verifyPolicy(context)) {
  case ALLOW:
      break;

    // [B] The owner may want to restrict the IP address at which this can be performed
    String client = UserContext.current().getCanonicalUserId();
    if (!client.equals( sbucket.getOwnerCanonicalId()))
        throw new PermissionDeniedException( "Access Denied - only the owner can read bucket versioning" );

    S3PolicyContext context = new S3PolicyContext( PolicyActions.GetBucketVersioning, bucketName );
      if (PolicyAccess.DENY == S3Engine.verifyPolicy( context )) {
             response.setStatus(403);
             return;
      }

      String client = UserContext.current().getCanonicalUserId();
      if (!client.equals(sbucket.getOwnerCanonicalId()))
    throw new PermissionDeniedException(
      "Access Denied - only the owner can turn on versioing on a bucket");

      S3PolicyContext context = new S3PolicyContext(
        PolicyActions.PutBucketVersioning, bucketName);
      if (PolicyAccess.DENY == S3Engine.verifyPolicy(context)) {
    response.setStatus(403);
    return;
      }

        + " does not exist");
      response.setStatus(404);
      return;
  }

  S3PolicyContext context = new S3PolicyContext(
    PolicyActions.ListBucketMultipartUploads, bucketName);
  context.setEvalParam(ConditionKeys.Prefix, prefix);
  context.setEvalParam(ConditionKeys.Delimiter, delimiter);
  S3Engine.verifyAccess(context, "SBucket", bucket.getId(),
    SAcl.PERMISSION_READ);

  // [B] Query the multipart table to get the list of current uploads
  try {

          initiator = uploadDao.getInitiator( uploadId );
          if (null == initiator || !initiator.equals( UserContext.current().getAccessKey()))
          {
            try {
                // -> write permission on a bucket allows a PutObject / DeleteObject action on any object in the bucket
              S3PolicyContext context = new S3PolicyContext( PolicyActions.ListMultipartUploadParts, bucketName );
              context.setKeyName( exists.getSecond());
              S3Engine.verifyAccess( context, "SBucket", bucket.getId(), SAcl.PERMISSION_WRITE );
            }
            catch (PermissionDeniedException e) {
              response.setStatus(403);
              return;

        // [B] "The bucket owner by default has permissions to attach bucket policies to their buckets using PUT Bucket policy."
        //  -> the bucket owner may want to restrict the IP address from where this can be executed
        String client = UserContext.current().getCanonicalUserId();
        S3PolicyContext context = new S3PolicyContext(
                PolicyActions.PutBucketPolicy, bucketName);

        switch (S3Engine.verifyPolicy(context)) {
        case ALLOW:
            break;

        // [B]
        // "The bucket owner by default has permissions to retrieve bucket policies using GET Bucket policy."
        // -> the bucket owner may want to restrict the IP address from where
        // this can be executed
        String client = UserContext.current().getCanonicalUserId();
        S3PolicyContext context = new S3PolicyContext(
                PolicyActions.GetBucketPolicy, bucketName);
        switch (S3Engine.verifyPolicy(context)) {
        case ALLOW:
            break;

        // [B] The owner may want to restrict the IP address at which this can be performed
        String client = UserContext.current().getCanonicalUserId();
        if (!client.equals( sbucket.getOwnerCanonicalId()))
            throw new PermissionDeniedException( "Access Denied - only the owner can read bucket versioning" );

        S3PolicyContext context = new S3PolicyContext( PolicyActions.GetBucketVersioning, bucketName );
        if (PolicyAccess.DENY == S3Engine.verifyPolicy( context )) {
            response.setStatus(403);
            return;
        }

            String client = UserContext.current().getCanonicalUserId();
            if (!client.equals(sbucket.getOwnerCanonicalId()))
                throw new PermissionDeniedException(
                        "Access Denied - only the owner can turn on versioing on a bucket");

            S3PolicyContext context = new S3PolicyContext(
                    PolicyActions.PutBucketVersioning, bucketName);
            if (PolicyAccess.DENY == S3Engine.verifyPolicy(context)) {
                response.setStatus(403);
                return;
            }

                    + " does not exist");
            response.setStatus(404);
            return;
        }

        S3PolicyContext context = new S3PolicyContext(
                PolicyActions.ListBucketMultipartUploads, bucketName);
        context.setEvalParam(ConditionKeys.Prefix, prefix);
        context.setEvalParam(ConditionKeys.Delimiter, delimiter);
        S3Engine.verifyAccess(context, "SBucket", bucket.getId(),
                SAcl.PERMISSION_READ);

        // [B] Query the multipart table to get the list of current uploads
        try {