Class: Google::Cloud::Storage::File::Acl

Inherits:
Object
  • Object
show all
Defined in:
lib/google/cloud/storage/file/acl.rb

Overview

File Access Control List

Represents a File's Access Control List.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

file = bucket.file "path/to/my-file.ext"
file.acl.readers.each { |reader| puts reader }

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#user_projectObject

A boolean value or a project ID string for a requester pays bucket and its files. If this attribute is set to true, transit costs for operations on the file will be billed to the current project for this client. (See Project#project for the ID of the current project.) If this attribute is set to a project ID, and that project is authorized for the currently authenticated service account, transit costs will be billed to the that project. The default is nil.

In general, this attribute should be set when first retrieving the owning bucket by providing the user_project option to Project#bucket.

The requester pays feature is currently available only to whitelisted projects.

See also Bucket#requester_pays= and Bucket#requester_pays to enable requester pays for a bucket.



73
74
75
# File 'lib/google/cloud/storage/file/acl.rb', line 73

def user_project
  @user_project
end

Instance Method Details

#add_owner(entity, generation: nil) ⇒ Object

Grants owner permission to the file.

Examples:

Grant access to a user by prepending "user-" to an email:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

file = bucket.file "path/to/my-file.ext"
email = "heidi@example.net"
file.acl.add_owner "user-#{email}"

Grant access to a group by prepending "group-" to email:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

file = bucket.file "path/to/my-file.ext"
email = "authors@example.net"
file.acl.add_owner "group-#{email}"

Parameters:

  • entity (String)

    The entity holding the permission, in one of the following forms:

    • user-userId
    • user-email
    • group-groupId
    • group-email
    • domain-domain
    • project-team-projectId
    • allUsers
    • allAuthenticatedUsers
  • generation (Integer)

    When present, selects a specific revision of this object. Default is the latest version.



189
190
191
192
193
194
195
196
# File 'lib/google/cloud/storage/file/acl.rb', line 189

def add_owner entity, generation: nil
  gapi = @service.insert_file_acl @bucket, @file, entity, "OWNER",
                                  generation: generation,
                                  user_project: user_project
  entity = gapi.entity
  @owners.push entity unless @owners.nil?
  entity
end

#add_reader(entity, generation: nil) ⇒ Object

Grants reader permission to the file.

Examples:

Grant access to a user by prepending "user-" to an email:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

file = bucket.file "path/to/my-file.ext"
email = "heidi@example.net"
file.acl.add_reader "user-#{email}"

Grant access to a group by prepending "group-" to email:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

file = bucket.file "path/to/my-file.ext"
email = "authors@example.net"
file.acl.add_reader "group-#{email}"

Parameters:

  • entity (String)

    The entity holding the permission, in one of the following forms:

    • user-userId
    • user-email
    • group-groupId
    • group-email
    • domain-domain
    • project-team-projectId
    • allUsers
    • allAuthenticatedUsers
  • generation (Integer)

    When present, selects a specific revision of this object. Default is the latest version.



238
239
240
241
242
243
244
245
# File 'lib/google/cloud/storage/file/acl.rb', line 238

def add_reader entity, generation: nil
  gapi = @service.insert_file_acl @bucket, @file, entity, "READER",
                                  generation: generation,
                                  user_project: user_project
  entity = gapi.entity
  @readers.push entity unless @readers.nil?
  entity
end

#auth!Object Also known as: authenticatedRead!, auth_read!, authenticated!, authenticated_read!

Convenience method to apply the authenticatedRead predefined ACL rule to the file.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

file = bucket.file "path/to/my-file.ext"
file.acl.auth!


306
307
308
# File 'lib/google/cloud/storage/file/acl.rb', line 306

def auth!
  update_predefined_acl! "authenticatedRead"
end

#delete(entity, generation: nil) ⇒ Object

Permanently deletes the entity from the file's access control list.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

file = bucket.file "path/to/my-file.ext"
email = "heidi@example.net"
file.acl.delete "user-#{email}"

Parameters:

  • entity (String)

    The entity holding the permission, in one of the following forms:

    • user-userId
    • user-email
    • group-groupId
    • group-email
    • domain-domain
    • project-team-projectId
    • allUsers
    • allAuthenticatedUsers
  • generation (Integer)

    When present, selects a specific revision of this object. Default is the latest version.



276
277
278
279
280
281
282
283
# File 'lib/google/cloud/storage/file/acl.rb', line 276

def delete entity, generation: nil
  @service.delete_file_acl \
    @bucket, @file, entity,
    generation: generation, user_project: user_project
  @owners.delete entity  unless @owners.nil?
  @readers.delete entity unless @readers.nil?
  true
end

#owner_full!Object Also known as: bucketOwnerFullControl!

Convenience method to apply the bucketOwnerFullControl predefined ACL rule to the file.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

file = bucket.file "path/to/my-file.ext"
file.acl.owner_full!


328
329
330
# File 'lib/google/cloud/storage/file/acl.rb', line 328

def owner_full!
  update_predefined_acl! "bucketOwnerFullControl"
end

#owner_read!Object Also known as: bucketOwnerRead!

Convenience method to apply the bucketOwnerRead predefined ACL rule to the file.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

file = bucket.file "path/to/my-file.ext"
file.acl.owner_read!


347
348
349
# File 'lib/google/cloud/storage/file/acl.rb', line 347

def owner_read!
  update_predefined_acl! "bucketOwnerRead"
end

#ownersArray<String>

Lists the owners of the file.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

file = bucket.file "path/to/my-file.ext"
file.acl.owners.each { |owner| puts owner }

Returns:

  • (Array<String>)


124
125
126
127
# File 'lib/google/cloud/storage/file/acl.rb', line 124

def owners
  reload! if @owners.nil?
  @owners
end

#private!Object

Convenience method to apply the private predefined ACL rule to the file.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

file = bucket.file "path/to/my-file.ext"
file.acl.private!


366
367
368
# File 'lib/google/cloud/storage/file/acl.rb', line 366

def private!
  update_predefined_acl! "private"
end

#project_private!Object Also known as: projectPrivate!

Convenience method to apply the projectPrivate predefined ACL rule to the file.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

file = bucket.file "path/to/my-file.ext"
file.acl.project_private!


384
385
386
# File 'lib/google/cloud/storage/file/acl.rb', line 384

def project_private!
  update_predefined_acl! "projectPrivate"
end

#public!Object Also known as: publicRead!, public_read!

Convenience method to apply the publicRead predefined ACL rule to the file.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

file = bucket.file "path/to/my-file.ext"
file.acl.public!


403
404
405
# File 'lib/google/cloud/storage/file/acl.rb', line 403

def public!
  update_predefined_acl! "publicRead"
end

#readersArray<String>

Lists the readers of the file.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

file = bucket.file "path/to/my-file.ext"
file.acl.readers.each { |reader| puts reader }

Returns:

  • (Array<String>)


144
145
146
147
# File 'lib/google/cloud/storage/file/acl.rb', line 144

def readers
  reload! if @readers.nil?
  @readers
end

#reload!Object Also known as: refresh!

Reloads all Access Control List data for the file.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

file = bucket.file "path/to/my-file.ext"
file.acl.reload!


100
101
102
103
104
105
106
# File 'lib/google/cloud/storage/file/acl.rb', line 100

def reload!
  gapi = @service.list_file_acls @bucket, @file,
                                 user_project: user_project
  acls = Array(gapi.items)
  @owners  = entities_from_acls acls, "OWNER"
  @readers = entities_from_acls acls, "READER"
end