a !fH@sXdZGdddeZGdddeZGdddeZGdddeZGd d d eZd S) aManipulate access control lists that Cloud Storage provides. :class:`gcloud.storage.bucket.Bucket` has a getting method that creates an ACL object under the hood, and you can interact with that using :func:`gcloud.storage.bucket.Bucket.acl`:: >>> from gcloud import storage >>> client = storage.Client() >>> bucket = client.get_bucket(bucket_name) >>> acl = bucket.acl Adding and removing permissions can be done with the following methods (in increasing order of granularity): - :func:`ACL.all` corresponds to access for all users. - :func:`ACL.all_authenticated` corresponds to access for all users that are signed into a Google account. - :func:`ACL.domain` corresponds to access on a per Google Apps domain (ie, ``example.com``). - :func:`ACL.group` corresponds to access on a per group basis (either by ID or e-mail address). - :func:`ACL.user` corresponds to access on a per user basis (either by ID or e-mail address). And you are able to ``grant`` and ``revoke`` the following roles: - **Reading**: :func:`_ACLEntity.grant_read` and :func:`_ACLEntity.revoke_read` - **Writing**: :func:`_ACLEntity.grant_write` and :func:`_ACLEntity.revoke_write` - **Owning**: :func:`_ACLEntity.grant_owner` and :func:`_ACLEntity.revoke_owner` You can use any of these like any other factory method (these happen to be :class:`_ACLEntity` factories):: >>> acl.user('me@example.org').grant_read() >>> acl.all_authenticated().grant_write() You can also chain these ``grant_*`` and ``revoke_*`` methods together for brevity:: >>> acl.all().grant_read().revoke_write() After that, you can save any changes you make with the :func:`gcloud.storage.acl.ACL.save` method:: >>> acl.save() You can alternatively save any existing :class:`gcloud.storage.acl.ACL` object (whether it was created by a factory method or not) from a :class:`gcloud.storage.bucket.Bucket`:: >>> bucket.acl.save(acl=acl) To get the list of ``entity`` and ``role`` for each unique pair, the :class:`ACL` class is iterable:: >>> print list(ACL) [{'role': 'OWNER', 'entity': 'allUsers'}, ...] This list of tuples can be used as the ``entity`` and ``role`` fields when sending metadata for ACLs to the API. c@s~eZdZdZdZdZdZdddZdd Zd d Z d d Z ddZ ddZ ddZ ddZddZddZddZddZdS) _ACLEntityaClass representing a set of roles for an entity. This is a helper class that you likely won't ever construct outside of using the factor methods on the :class:`ACL` object. :type entity_type: string :param entity_type: The type of entity (ie, 'group' or 'user'). :type identifier: string :param identifier: The ID or e-mail of the entity. For the special entity types (like 'allUsers') this is optional. ZREADERZWRITERZOWNERNcCs||_tg|_||_dSN) identifiersetrolestype)self entity_typerr S/var/www/html/python-backend/venv/lib/python3.9/site-packages/gcloud/storage/acl.py__init__ds z_ACLEntity.__init__cCs |jst|jSdj|dSdS)Nz{acl.type}-{acl.identifier})acl)rstrrformatrr r r __str__is z_ACLEntity.__str__cCsdj|d|jdS)Nzz, )r r)rjoinrrr r r __repr__os z_ACLEntity.__repr__cCs|jS)zGet the list of roles permitted by this entity. :rtype: list of strings :returns: The list of roles associated with this entity. )rrr r r get_rolesssz_ACLEntity.get_rolescCs|j|dS)zrAdd a role to the entity. :type role: string :param role: The role to add to the entity. N)raddrroler r r grant{sz_ACLEntity.grantcCs||jvr|j|dS)z|Remove a role from the entity. :type role: string :param role: The role to remove from the entity. N)rremoverr r r revokes z_ACLEntity.revokecCs|tjdS)z(Grant read access to the current entity.N)rr READER_ROLErr r r grant_readsz_ACLEntity.grant_readcCs|tjdS)z)Grant write access to the current entity.N)rr WRITER_ROLErr r r grant_writesz_ACLEntity.grant_writecCs|tjdS)z)Grant owner access to the current entity.N)rr OWNER_ROLErr r r grant_ownersz_ACLEntity.grant_ownercCs|tjdS)z+Revoke read access from the current entity.N)rrrrr r r revoke_readsz_ACLEntity.revoke_readcCs|tjdS)z,Revoke write access from the current entity.N)rrrrr r r revoke_writesz_ACLEntity.revoke_writecCs|tjdS)z,Revoke owner access from the current entity.N)rrrrr r r revoke_ownersz_ACLEntity.revoke_owner)N)__name__ __module__ __qualname____doc__rrrr rrrrrrrrr r!r"r r r r rRs    rc@seZdZdZdZdZdddddd d Zegd Zd Z d Z d Z ddZ ddZ ddZddZddZddZd:ddZddZd;ddZd d!Zd"d#Zd$d%Zd&d'Zd(d)Zd*d+Zed,d-Zd.d/Zdd6d7Z!d?d8d9Z"d S)@ACLz7Container class representing a list of access controls.r Z predefinedAclprojectPrivate publicReadpublicReadWriteauthenticatedReadbucketOwnerReadbucketOwnerFullControl)zproject-privatez public-readzpublic-read-writezauthenticated-readzbucket-owner-readzbucket-owner-full-control)privater(r)r*r+r,r-FNcCs i|_dSr)entitiesrr r r r sz ACL.__init__cCs|js|dS)zLoad if not already loaded.N)loadedreloadrr r r _ensure_loadedszACL._ensure_loadedcCs|jd|_dS)z@Remove all entities from the ACL, and clear the ``loaded`` flag.FN)r/clearr0rr r r resets z ACL.resetccs>||jD]&}|D]}|rt||dVqqdS)N)entityr)r2r/valuesrr )rr5rr r r __iter__s  z ACL.__iter__cCs~|d}|d}|dkr"|}n8|dkr4|}n&d|vrZ|dd\}}|j||d}t|tsptd||||S) aBuild an _ACLEntity object from a dictionary of data. An entity is a mutable object that represents a list of roles belonging to either a user or group or the special types for all users and all authenticated users. :type entity_dict: dict :param entity_dict: Dictionary full of data from an ACL lookup. :rtype: :class:`_ACLEntity` :returns: An Entity constructed from the dictionary. r5rallUsersallAuthenticatedUsers-rrzInvalid dictionary: %s)allall_authenticatedsplitr5 isinstancer ValueErrorr)rZ entity_dictr5rrrr r r entity_from_dicts      zACL.entity_from_dictcCs|t||jvS)a Returns whether or not this ACL has any entries for an entity. :type entity: :class:`_ACLEntity` :param entity: The entity to check for existence in this ACL. :rtype: boolean :returns: True of the entity exists in the ACL. )r2r r/rr5r r r has_entitys zACL.has_entitycCs||jt||S)aGets an entity object from the ACL. :type entity: :class:`_ACLEntity` or string :param entity: The entity to get lookup in the ACL. :type default: anything :param default: This value will be returned if the entity doesn't exist. :rtype: :class:`_ACLEntity` :returns: The corresponding entity or the value provided to ``default``. )r2r/getr )rr5defaultr r r get_entity szACL.get_entitycCs|||jt|<dS)zAdd an entity to the ACL. :type entity: :class:`_ACLEntity` :param entity: The entity to add to this ACL. N)r2r/r rCr r r add_entityszACL.add_entitycCs0t||d}||r"||}n |||S)aFactory method for creating an Entity. If an entity with the same type and identifier already exists, this will return a reference to that entity. If not, it will create a new one and add it to the list of known entities for this ACL. :type entity_type: string :param entity_type: The type of entity to create (ie, ``user``, ``group``, etc) :type identifier: string :param identifier: The ID of the entity (if applicable). This can be either an ID or an e-mail address. :rtype: :class:`_ACLEntity` :returns: A new Entity or a reference to an existing identical entity. r<)rrDrGrH)rrrr5r r r r5%s     z ACL.entitycCs|jd|dS)zFactory method for a user Entity. :type identifier: string :param identifier: An id or e-mail for this particular user. :rtype: :class:`_ACLEntity` :returns: An Entity corresponding to this user. userrr5rrr r r rI?s zACL.usercCs|jd|dS)zFactory method for a group Entity. :type identifier: string :param identifier: An id or e-mail for this particular group. :rtype: :class:`_ACLEntity` :returns: An Entity corresponding to this group. grouprJrKrLr r r rMJs z ACL.groupcCs|jd|dS)zFactory method for a domain Entity. :type domain: string :param domain: The domain for this entity. :rtype: :class:`_ACLEntity` :returns: An entity corresponding to this domain. domainrJrK)rrNr r r rNUs z ACL.domaincCs |dS)zFactory method for an Entity representing all users. :rtype: :class:`_ACLEntity` :returns: An entity representing all users. r8rKrr r r r=`szACL.allcCs |dS)zFactory method for an Entity representing all authenticated users. :rtype: :class:`_ACLEntity` :returns: An entity representing all authenticated users. r9rKrr r r r>hszACL.all_authenticatedcCs|t|jS)zGet a list of all Entity objects. :rtype: list of :class:`_ACLEntity` objects :returns: A list of all Entity objects. )r2listr/r6rr r r get_entitiespszACL.get_entitiescCstdS)z&Abstract getter for the object client.N)NotImplementedErrorrr r r clientysz ACL.clientcCs|dur|j}|S)a}Check client or verify over-ride. :type client: :class:`gcloud.storage.client.Client` or ``NoneType`` :param client: the client to use. If not passed, falls back to the ``client`` stored on the current ACL. :rtype: :class:`gcloud.storage.client.Client` :returns: The client passed in or the currently bound client. NrRrrRr r r _require_client~s zACL._require_clientcCsV|j}||}|j|jjd|d}d|_|ddD]}|| |qrPpropertyrRrUr1rhrirlr3r r r r r'sJ !        !  r'csDeZdZdZfddZeddZeddZedd ZZ S) BucketACLzAn ACL specifically for a bucket. :type bucket: :class:`gcloud.storage.bucket.Bucket` :param bucket: The bucket to which this ACL relates. cstt|||_dSr)superror bucket)rrq __class__r r r szBucketACL.__init__cCs|jjS)z&The client bound to this ACL's bucket.)rqrRrr r r rRszBucketACL.clientcCsd|jj|jfS)3Compute the path for GET API requests for this ACL.z%s/%s)rqrXrerr r r rZszBucketACL.reload_pathcCs|jjSz5Compute the path for PATCH API requests for this ACL.)rqrXrr r r rd szBucketACL.save_path r#r$r%r&r rnrRrZrd __classcell__r r rrr ros   roc@seZdZdZdZdZdS)DefaultObjectACLz9A class representing the default object ACL for a bucket.ZdefaultObjectAclZpredefinedDefaultObjectAclN)r#r$r%r&rercr r r r rxsrxcsDeZdZdZfddZeddZeddZedd ZZ S) ObjectACLzAn ACL specifically for a Cloud Storage object / blob. :type blob: :class:`gcloud.storage.blob.Blob` :param blob: The blob that this ACL corresponds to. cstt|||_dSr)rpryr blob)rrzrrr r r szObjectACL.__init__cCs|jjS)z$The client bound to this ACL's blob.)rzrRrr r r rR#szObjectACL.clientcCs d|jjS)rtz%s/aclrzrXrr r r rZ(szObjectACL.reload_pathcCs|jjSrur{rr r r rd-szObjectACL.save_pathrvr r rrr rys   ryN)r&objectrr'rorxryr r r r sCSS