Class: Atmos::ACL

Inherits:

AttributeHashBase

• Object
• Hash
• AttributeHashBase
• Atmos::ACL

Defined in:

lib/atmos/attributes.rb

Overview

Access Control Lists (ACLs)

There are two hashes for access control, available as properties on the object: user_acl and group_acl.

The keys are the Atmos usernames and the values are one of :none, :read, :write, :full. The ACLs behave like normal Hash objects. All operations are executed against the Atmos server immediately.

Defaults

By default, when you create an object, the user you gave as a parameter when instantiating Atmos::Store has full permissions on the object The default group is other. So:

puts obj.user_acl.inspect => {user => :full}
puts obj.group_acl.inspect => {other => :none}

Adding

Adding permissions for a new user is as easy as adding another hash element:

obj.user_acl[newuser] = :read

puts obj.user_acl.inspect => {user => :full, newuser => :read}

Modifying

User and group permissions can be modified by modifying the appropriate key value. Keep in mind that you CAN be dumb and give up access to your own objects, even if there is no other user that has access to them.

obj.user_acl[newuser] = :full
puts obj.user_acl.inspect => {user => :full, newuser => :full}

obj.group_acl['other'] = :full
puts obj.group_acl.inspect => {other => :full}

Deleting

Remove any permissions for a given user or group, you can either modify existing permissions to :none, or you can delete the user/group name from the appropriate hash. When you do either, the name disappears entirely from the hash.

obj.user_acl.delete(newuser)
puts obj.user_acl.inspect => {user => :full}

obj.user_acl[newuser] = :none
puts obj.user_acl.inspect => {user => :full}

Constant Summary

USER =

1

GROUP =

2

Instance Attribute Summary

Attributes inherited from AttributeHashBase

#last_reload_at

Instance Method Summary

• #[]=(key, value) ⇒ Object

  Adds or modifies permissions for a user or group.

• #clear ⇒ Object

  Removes all permissions for all groups, or for all users except the one used to instantiate the Atmos::Store connection.

• #delete(key) ⇒ Object

  Removes permissions for specified user/group name.

• #group? ⇒ Boolean

  Returns true if this ACL object is representing group ACLs.

• #initialize(obj, type) ⇒ ACL constructor

  This constructor is only meant for internal use.

• #user? ⇒ Boolean

  Returns true if this ACL object is representing user ACLs.

Methods inherited from AttributeHashBase

#clear_with_atmos, #default_with_atmos=, #delete_with_atmos, #header_name, #header_value, #merge_with_atmos, #merge_with_atmos!, #replace_with_atmos, #store, #to_canonicalized_header, #to_header

Constructor Details

#initialize(obj, type) ⇒ ACL

This constructor is only meant for internal use. To get ACLs on an object:

obj.user_acl => Hash
obj.group_acl => Hash

Raises:

• (Atmos::Exceptions::ArgumentException)

# File 'lib/atmos/attributes.rb', line 202

def initialize(obj, type)
   raise Atmos::Exceptions::ArgumentException, "The 'obj' parameter cannot be nil." if (obj.nil?)
   raise Atmos::Exceptions::ArgumentException, "The 'obj' parameter must have an id." if (obj.aoid.nil?)
   raise Atmos::Exceptions::ArgumentException, "The 'type' parameter must be Atmos::ACL::USER or Atmos::ACL::GROUP." if (![USER, GROUP].include?(type))
   
   super()
   
   @obj = obj
   @type = type
   
   @header = (@type == USER) ? 'x-emc-useracl' : 'x-emc-groupacl'
   @delete_action = @set_action = (@type == USER) ? :set_user_acl : :set_group_acl
   @reload_action = :list_acl
   
   reload(@reload_action, @obj.aoid)
end

Instance Method Details

#[]=(key, value) ⇒ Object

Adds or modifies permissions for a user or group.

The change is made on the Atmos server immediately. Valid values are :none, :read, :write, :full.

# File 'lib/atmos/attributes.rb', line 225

def []=(key,value)
   validate_value(value)
   response = @obj.request.do(@set_action, :id => @obj.aoid, @header => "#{key}=#{xlate_value_from_object_to_header(value)}")
   reload(@reload_action, @obj.aoid)
end

#clear ⇒ Object

Removes all permissions for all groups, or for all users except the one used to instantiate the Atmos::Store connection.

# File 'lib/atmos/attributes.rb', line 260

def clear
   # do a reload to make absolutely sure ACL is up to date
   reload(@reload_action, @obj.aoid)
   
   values = {}
   self.each do |k,v|
      values[k] = xlate_value_from_object_to_header(:none)
   end
   values.delete(@obj.user)
   
   response = @obj.request.do(@set_action, :id => @obj.aoid, @header => Atmos::Util.hash2header(values))
   reload(@reload_action, @obj.aoid)         
end

#delete(key) ⇒ Object

Removes permissions for specified user/group name. Update is made on the Atmos server immediately.

# File 'lib/atmos/attributes.rb', line 250

def delete(key)
   response = @obj.request.do(@set_action, :id => @obj.aoid, @header => "#{key}=#{xlate_value_from_object_to_header(:none)}")
   self.delete_without_atmos(key)
   reload(@reload_action, @obj.aoid)         
end

#group? ⇒ Boolean

Returns true if this ACL object is representing group ACLs.

Returns:

• (Boolean)

# File 'lib/atmos/attributes.rb', line 242

def group?
   @type == GROUP
end

#user? ⇒ Boolean

Returns true if this ACL object is representing user ACLs.

Returns:

• (Boolean)

# File 'lib/atmos/attributes.rb', line 235

def user?
   @type == USER
end