Class: Google::Cloud::Storage::Bucket::DefaultAcl

Inherits:
Object
  • Object
show all
Defined in:
lib/google/cloud/storage/bucket/acl.rb

Overview

Bucket Default Access Control List

Represents a Bucket's Default Access Control List.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.default_acl.readers.each { |reader| puts reader }

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#user_projectObject

A boolean value or a project ID string for a requester pays bucket and its files. If this attribute is set to true, transit costs for operations on the bucket will be billed to the current project for this client. (See Project#project for the ID of the current project.) If this attribute is set to a project ID, and that project is authorized for the currently authenticated service account, transit costs will be billed to the that project. The default is nil.

In general, this attribute should be set when first retrieving the owning bucket by providing the user_project option to Project#bucket.

The requester pays feature is currently available only to whitelisted projects.

See also Google::Cloud::Storage::Bucket#requester_pays= and Google::Cloud::Storage::Bucket#requester_pays to enable requester pays for a bucket.



498
499
500
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 498

def user_project
  @user_project
end

Instance Method Details

#add_owner(entity) ⇒ Object

Grants default owner permission to files in the bucket.

Examples:

Grant access to a user by prepending "user-" to an email:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

email = "heidi@example.net"
bucket.default_acl.add_owner "user-#{email}"

Grant access to a group by prepending "group-" to email:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

email = "authors@example.net"
bucket.default_acl.add_owner "group-#{email}"

Parameters:

  • entity (String)

    The entity holding the permission, in one of the following forms:

    • user-userId
    • user-email
    • group-groupId
    • group-email
    • domain-domain
    • project-team-projectId
    • allUsers
    • allAuthenticatedUsers


609
610
611
612
613
614
615
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 609

def add_owner entity
  gapi = @service.insert_default_acl @bucket, entity, "OWNER",
                                     user_project: user_project
  entity = gapi.entity
  @owners.push entity unless @owners.nil?
  entity
end

#add_reader(entity) ⇒ Object

Grants default reader permission to files in the bucket.

Examples:

Grant access to a user by prepending "user-" to an email:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

email = "heidi@example.net"
bucket.default_acl.add_reader "user-#{email}"

Grant access to a group by prepending "group-" to email:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

email = "authors@example.net"
bucket.default_acl.add_reader "group-#{email}"

Parameters:

  • entity (String)

    The entity holding the permission, in one of the following forms:

    • user-userId
    • user-email
    • group-groupId
    • group-email
    • domain-domain
    • project-team-projectId
    • allUsers
    • allAuthenticatedUsers


652
653
654
655
656
657
658
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 652

def add_reader entity
  gapi = @service.insert_default_acl @bucket, entity, "READER",
                                     user_project: user_project
  entity = gapi.entity
  @readers.push entity unless @readers.nil?
  entity
end

#auth!Object Also known as: authenticatedRead!, auth_read!, authenticated!, authenticated_read!

Convenience method to apply the default authenticatedRead predefined ACL rule to files in the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.default_acl.auth!


714
715
716
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 714

def auth!
  update_predefined_default_acl! "authenticatedRead"
end

#delete(entity) ⇒ Object

Permanently deletes the entity from the bucket's default access control list for files.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

email = "heidi@example.net"
bucket.default_acl.delete "user-#{email}"

Parameters:

  • entity (String)

    The entity holding the permission, in one of the following forms:

    • user-userId
    • user-email
    • group-groupId
    • group-email
    • domain-domain
    • project-team-projectId
    • allUsers
    • allAuthenticatedUsers


686
687
688
689
690
691
692
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 686

def delete entity
  @service.delete_default_acl @bucket, entity,
                              user_project: user_project
  @owners.delete entity  unless @owners.nil?
  @readers.delete entity unless @readers.nil?
  true
end

#owner_full!Object Also known as: bucketOwnerFullControl!

Convenience method to apply the default bucketOwnerFullControl predefined ACL rule to files in the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.default_acl.owner_full!


735
736
737
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 735

def owner_full!
  update_predefined_default_acl! "bucketOwnerFullControl"
end

#owner_read!Object Also known as: bucketOwnerRead!

Convenience method to apply the default bucketOwnerRead predefined ACL rule to files in the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.default_acl.owner_read!


753
754
755
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 753

def owner_read!
  update_predefined_default_acl! "bucketOwnerRead"
end

#ownersArray<String>

Lists the default owners for files in the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.default_acl.owners.each { |owner| puts owner }

Returns:

  • (Array<String>) 


550
551
552
553
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 550

def owners
  reload! if @owners.nil?
  @owners
end

#private!Object

Convenience method to apply the default private predefined ACL rule to files in the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.default_acl.private!


771
772
773
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 771

def private!
  update_predefined_default_acl! "private"
end

#project_private!Object Also known as: projectPrivate!

Convenience method to apply the default projectPrivate predefined ACL rule to files in the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.default_acl.project_private!


788
789
790
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 788

def project_private!
  update_predefined_default_acl! "projectPrivate"
end

#public!Object Also known as: publicRead!, public_read!

Convenience method to apply the default publicRead predefined ACL rule to files in the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.default_acl.public!


806
807
808
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 806

def public!
  update_predefined_default_acl! "publicRead"
end

#readersArray<String>

Lists the default readers for files in the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.default_acl.readers.each { |reader| puts reader }

Returns:

  • (Array<String>) 


569
570
571
572
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 569

def readers
  reload! if @readers.nil?
  @readers
end

#reload!Object Also known as: refresh!

Reloads all Default Access Control List data for the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.default_acl.reload!


523
524
525
526
527
528
529
530
531
532
533
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 523

def reload!
  gapi = @service.list_default_acls @bucket,
                                    user_project: user_project
  acls = Array(gapi.items).map do |acl|
    next acl if acl.is_a? Google::Apis::StorageV1::ObjectAccessControl
    fail "Unknown ACL format: #{acl.class}" unless acl.is_a? Hash
    Google::Apis::StorageV1::ObjectAccessControl.from_json acl.to_json
  end
  @owners  = entities_from_acls acls, "OWNER"
  @readers = entities_from_acls acls, "READER"
end