Class: Google::Cloud::Storage::Bucket::Acl

Inherits:
Object
  • Object
show all
Defined in:
lib/google/cloud/storage/bucket/acl.rb

Overview

Bucket Access Control List

Represents a Bucket's Access Control List.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.acl.readers.each { |reader| puts reader }

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#user_projectObject

A boolean value or a project ID string for a requester pays bucket and its files. If this attribute is set to true, transit costs for operations on the bucket will be billed to the current project for this client. (See Project#project for the ID of the current project.) If this attribute is set to a project ID, and that project is authorized for the currently authenticated service account, transit costs will be billed to the that project. The default is nil.

In general, this attribute should be set when first retrieving the owning bucket by providing the user_project option to Project#bucket.

The requester pays feature is currently available only to whitelisted projects.

See also Google::Cloud::Storage::Bucket#requester_pays= and Google::Cloud::Storage::Bucket#requester_pays to enable requester pays for a bucket.



71
72
73
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 71

def user_project
  @user_project
end

Instance Method Details

#add_owner(entity) ⇒ Object

Grants owner permission to the bucket.

Examples:

Grant access to a user by prepending "user-" to an email:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

email = "heidi@example.net"
bucket.acl.add_owner "user-#{email}"

Grant access to a group by prepending "group-" to email:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

email = "authors@example.net"
bucket.acl.add_owner "group-#{email}"

Parameters:

  • entity (String)

    The entity holding the permission, in one of the following forms:

    • user-userId
    • user-email
    • group-groupId
    • group-email
    • domain-domain
    • project-team-projectId
    • allUsers
    • allAuthenticatedUsers


198
199
200
201
202
203
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 198

def add_owner entity
  gapi = @service.insert_bucket_acl @bucket, entity, "OWNER"
  entity = gapi.entity
  @owners.push entity unless @owners.nil?
  entity
end

#add_reader(entity) ⇒ Object

Grants reader permission to the bucket.

Examples:

Grant access to a user by prepending "user-" to an email:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

email = "heidi@example.net"
bucket.acl.add_reader "user-#{email}"

Grant access to a group by prepending "group-" to email:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

email = "authors@example.net"
bucket.acl.add_reader "group-#{email}"

Parameters:

  • entity (String)

    The entity holding the permission, in one of the following forms:

    • user-userId
    • user-email
    • group-groupId
    • group-email
    • domain-domain
    • project-team-projectId
    • allUsers
    • allAuthenticatedUsers


283
284
285
286
287
288
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 283

def add_reader entity
  gapi = @service.insert_bucket_acl @bucket, entity, "READER"
  entity = gapi.entity
  @readers.push entity unless @readers.nil?
  entity
end

#add_writer(entity) ⇒ Object

Grants writer permission to the bucket.

Examples:

Grant access to a user by prepending "user-" to an email:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

email = "heidi@example.net"
bucket.acl.add_writer "user-#{email}"

Grant access to a group by prepending "group-" to email:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

email = "authors@example.net"
bucket.acl.add_writer "group-#{email}"

Parameters:

  • entity (String)

    The entity holding the permission, in one of the following forms:

    • user-userId
    • user-email
    • group-groupId
    • group-email
    • domain-domain
    • project-team-projectId
    • allUsers
    • allAuthenticatedUsers


240
241
242
243
244
245
246
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 240

def add_writer entity
  gapi = @service.insert_bucket_acl @bucket, entity, "WRITER",
                                    user_project: user_project
  entity = gapi.entity
  @writers.push entity unless @writers.nil?
  entity
end

#auth!Object Also known as: authenticatedRead!, auth_read!, authenticated!, authenticated_read!

Convenience method to apply the authenticatedRead predefined ACL rule to the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.acl.auth!


345
346
347
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 345

def auth!
  update_predefined_acl! "authenticatedRead"
end

#delete(entity) ⇒ Object

Permanently deletes the entity from the bucket's access control list.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

email = "heidi@example.net"
bucket.acl.delete "user-#{email}"

Parameters:

  • entity (String)

    The entity holding the permission, in one of the following forms:

    • user-userId
    • user-email
    • group-groupId
    • group-email
    • domain-domain
    • project-team-projectId
    • allUsers
    • allAuthenticatedUsers


316
317
318
319
320
321
322
323
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 316

def delete entity
  @service.delete_bucket_acl @bucket, entity,
                             user_project: user_project
  @owners.delete entity  unless @owners.nil?
  @writers.delete entity unless @writers.nil?
  @readers.delete entity unless @readers.nil?
  true
end

#ownersArray<String>

Lists the owners of the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.acl.owners.each { |owner| puts owner }

Returns:

  • (Array<String>) 


120
121
122
123
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 120

def owners
  reload! if @owners.nil?
  @owners
end

#private!Object

Convenience method to apply the private predefined ACL rule to the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.acl.private!


366
367
368
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 366

def private!
  update_predefined_acl! "private"
end

#project_private!Object Also known as: projectPrivate!

Convenience method to apply the projectPrivate predefined ACL rule to the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.acl.project_private!


383
384
385
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 383

def project_private!
  update_predefined_acl! "projectPrivate"
end

#public!Object Also known as: publicRead!, public_read!

Convenience method to apply the publicRead predefined ACL rule to the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.acl.public!


401
402
403
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 401

def public!
  update_predefined_acl! "publicRead"
end

#public_write!Object Also known as: publicReadWrite!

Convenience method to apply the publicReadWrite predefined ACL rule to the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.acl.public_write!


419
420
421
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 419

def public_write!
  update_predefined_acl! "publicReadWrite"
end

#readersArray<String>

Lists the readers of the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.acl.readers.each { |reader| puts reader }

Returns:

  • (Array<String>) 


158
159
160
161
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 158

def readers
  reload! if @readers.nil?
  @readers
end

#reload!Object Also known as: refresh!

Reloads all Access Control List data for the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.acl.reload!


97
98
99
100
101
102
103
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 97

def reload!
  gapi = @service.list_bucket_acls @bucket, user_project: user_project
  acls = Array(gapi.items)
  @owners  = entities_from_acls acls, "OWNER"
  @writers = entities_from_acls acls, "WRITER"
  @readers = entities_from_acls acls, "READER"
end

#writersArray<String>

Lists the owners of the bucket.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.acl.writers.each { |writer| puts writer }

Returns:

  • (Array<String>) 


139
140
141
142
 
# File 'lib/google/cloud/storage/bucket/acl.rb', line 139

def writers
  reload! if @writers.nil?
  @writers
end