a !fc@sdZddlmZddlmZddlmZddlmZGdddeZ Gdd d eZ Gd d d e Z Gd d d e Z Gddde Z dS)z%Manage access to objects and buckets.) _add_generation_match_parameters)_DEFAULT_TIMEOUT) DEFAULT_RETRY))DEFAULT_RETRY_IF_METAGENERATION_SPECIFIEDc@s~eZdZdZdZdZdZdddZdd Zd d Z d d Z ddZ ddZ ddZ ddZddZddZddZddZdS) _ACLEntityaClass representing a set of roles for an entity. This is a helper class that you likely won't ever construct outside of using the factor methods on the :class:`ACL` object. :type entity_type: str :param entity_type: The type of entity (ie, 'group' or 'user'). :type identifier: str :param identifier: (Optional) The ID or e-mail of the entity. For the special entity types (like 'allUsers'). ZREADERZWRITERZOWNERNcCs||_tg|_||_dSN) identifiersetrolestype)self entity_typerrY/var/www/html/python-backend/venv/lib/python3.9/site-packages/google/cloud/storage/acl.py__init__)s z_ACLEntity.__init__cCs |jst|jSdj|dSdS)Nz{acl.type}-{acl.identifier})acl)rstrr formatr rrr__str__.s z_ACLEntity.__str__cCsd|dd|jdS)Nz )joinr rrrr__repr__4sz_ACLEntity.__repr__cCs|jS)zGet the list of roles permitted by this entity. :rtype: list of strings :returns: The list of roles associated with this entity. )r rrrr get_roles7sz_ACLEntity.get_rolescCs|j|dS)zoAdd a role to the entity. :type role: str :param role: The role to add to the entity. N)r addr rolerrrgrant?sz_ACLEntity.grantcCs||jvr|j|dS)zyRemove a role from the entity. :type role: str :param role: The role to remove from the entity. N)r removerrrrrevokeGs z_ACLEntity.revokecCs|tjdS)z(Grant read access to the current entity.N)rr READER_ROLErrrr grant_readPsz_ACLEntity.grant_readcCs|tjdS)z)Grant write access to the current entity.N)rr WRITER_ROLErrrr grant_writeTsz_ACLEntity.grant_writecCs|tjdS)z)Grant owner access to the current entity.N)rr OWNER_ROLErrrr grant_ownerXsz_ACLEntity.grant_ownercCs|tjdS)z+Revoke read access from the current entity.N)rrrrrrr revoke_read\sz_ACLEntity.revoke_readcCs|tjdS)z,Revoke write access from the current entity.N)rrr!rrrr revoke_write`sz_ACLEntity.revoke_writecCs|tjdS)z,Revoke owner access from the current entity.N)rrr#rrrr revoke_ownerdsz_ACLEntity.revoke_owner)N)__name__ __module__ __qualname____doc__rr!r#rrrrrrr r"r$r%r&r'rrrrrs    rc@sZeZdZdZdZdZdddddd d Zegd Zd Z d Z d Z d Z d Z ddZefddZeddZddZddZddZddZdACLz7Container class representing a list of access controls.rZ predefinedAclprojectPrivate publicReadpublicReadWriteauthenticatedReadbucketOwnerReadbucketOwnerFullControl)zproject-privatez public-readzpublic-read-writezauthenticated-readzbucket-owner-readzbucket-owner-full-control)privater-r.r/r0r1r2FNcCs i|_dSr)entitiesrrrrrsz ACL.__init__cCs|js|j|ddS)zLoad if not already loaded. :type timeout: float or tuple :param timeout: (Optional) The amount of time, in seconds, to wait for the server response. See: :ref:`configuring_timeouts` )timeoutN)loadedreload)r r5rrr_ensure_loadedszACL._ensure_loadedcCs.|j||}|r*||jvr*td||S)a:Ensures predefined is in list of predefined json values :type predefined: str :param predefined: name of a predefined acl :type predefined: str :param predefined: validated JSON name of predefined acl :raises: :exc: `ValueError`: If predefined is not a valid acl zInvalid predefined ACL: )PREDEFINED_XML_ACLSgetPREDEFINED_JSON_ACLS ValueError)cls predefinedrrrvalidate_predefineds zACL.validate_predefinedcCs|jd|_dS)z@Remove all entities from the ACL, and clear the ``loaded`` flag.FN)r4clearr6rrrrresets z ACL.resetccs>||jD]&}|D]}|rt||dVqqdS)N)entityr)r8r4valuesrr)r rBrrrr__iter__s  z ACL.__iter__cCs|d}|d}|dkr"|}n8|dkr4|}n&d|vrZ|dd\}}|j||d}t|tsrtd||||S) aBuild an _ACLEntity object from a dictionary of data. An entity is a mutable object that represents a list of roles belonging to either a user or group or the special types for all users and all authenticated users. :type entity_dict: dict :param entity_dict: Dictionary full of data from an ACL lookup. :rtype: :class:`_ACLEntity` :returns: An Entity constructed from the dictionary. rBrallUsersallAuthenticatedUsers-r rzInvalid dictionary: )allall_authenticatedsplitrB isinstancerr<r)r Z entity_dictrBrr rrrrentity_from_dicts     zACL.entity_from_dictcCs|t||jvS)aReturns whether or not this ACL has any entries for an entity. :type entity: :class:`_ACLEntity` :param entity: The entity to check for existence in this ACL. :rtype: bool :returns: True of the entity exists in the ACL. )r8rr4r rBrrr has_entitys zACL.has_entitycCs||jt||S)aGets an entity object from the ACL. :type entity: :class:`_ACLEntity` or string :param entity: The entity to get lookup in the ACL. :type default: anything :param default: This value will be returned if the entity doesn't exist. :rtype: :class:`_ACLEntity` :returns: The corresponding entity or the value provided to ``default``. )r8r4r:r)r rBdefaultrrr get_entityszACL.get_entitycCs|||jt|<dS)zAdd an entity to the ACL. :type entity: :class:`_ACLEntity` :param entity: The entity to add to this ACL. N)r8r4rrOrrr add_entityszACL.add_entitycCs0t||d}||r"||}n |||S)aFactory method for creating an Entity. If an entity with the same type and identifier already exists, this will return a reference to that entity. If not, it will create a new one and add it to the list of known entities for this ACL. :type entity_type: str :param entity_type: The type of entity to create (ie, ``user``, ``group``, etc) :type identifier: str :param identifier: The ID of the entity (if applicable). This can be either an ID or an e-mail address. :rtype: :class:`_ACLEntity` :returns: A new Entity or a reference to an existing identical entity. rI)rrPrRrS)r r rrBrrrrBs     z ACL.entitycCs|jd|dS)zFactory method for a user Entity. :type identifier: str :param identifier: An id or e-mail for this particular user. :rtype: :class:`_ACLEntity` :returns: An Entity corresponding to this user. userrrBr rrrrrTs zACL.usercCs|jd|dS)zFactory method for a group Entity. :type identifier: str :param identifier: An id or e-mail for this particular group. :rtype: :class:`_ACLEntity` :returns: An Entity corresponding to this group. grouprUrVrWrrrrX(s z ACL.groupcCs|jd|dS)zFactory method for a domain Entity. :type domain: str :param domain: The domain for this entity. :rtype: :class:`_ACLEntity` :returns: An entity corresponding to this domain. domainrUrV)r rYrrrrY3s z ACL.domaincCs |dS)zFactory method for an Entity representing all users. :rtype: :class:`_ACLEntity` :returns: An entity representing all users. rErVrrrrrJ>szACL.allcCs |dS)zFactory method for an Entity representing all authenticated users. :rtype: :class:`_ACLEntity` :returns: An entity representing all authenticated users. rFrVrrrrrKFszACL.all_authenticatedcCs|t|jS)zGet a list of all Entity objects. :rtype: list of :class:`_ACLEntity` objects :returns: A list of all Entity objects. )r8listr4rCrrrr get_entitiesNszACL.get_entitiescCstdS)z&Abstract getter for the object client.N)NotImplementedErrorrrrrclientWsz ACL.clientcCs|dur|j}|S)aCheck client or verify over-ride. :type client: :class:`~google.cloud.storage.client.Client` or ``NoneType`` :param client: the client to use. If not passed, falls back to the ``client`` stored on the current ACL. :rtype: :class:`google.cloud.storage.client.Client` :returns: The client passed in or the currently bound client. N)r])r r]rrr_require_client\s zACL._require_clientcCsp|j}||}i}|jdur(|j|d<|j|j||||d}d|_|ddD]}|| |qVdS)aReload the ACL data from Cloud Storage. If :attr:`user_project` is set, bills the API request to that project. :type client: :class:`~google.cloud.storage.client.Client` or ``NoneType`` :param client: (Optional) The client to use. If not passed, falls back to the ``client`` stored on the ACL's parent. :type timeout: float or tuple :param timeout: (Optional) The amount of time, in seconds, to wait for the server response. See: :ref:`configuring_timeouts` :type retry: :class:`~google.api_core.retry.Retry` :param retry: (Optional) How to retry the RPC. See: :ref:`configuring_retries` N userProject query_paramsr5retryTitemsr) reload_pathr^ user_projectr4r@Z _get_resourcer6r:rSrN)r r]r5rbpathrafoundentryrrrr7ks    z ACL.reloadc Cs||}ddi} |dur(g}|| |j<|jdur<|j| d<t| ||||d|j} |j| |jt|i| || d} |j | |jdD]} | | | qd|_ dS) aHelper for :meth:`save` and :meth:`save_predefined`. :type acl: :class:`google.cloud.storage.acl.ACL`, or a compatible list. :param acl: The ACL object to save. If left blank, this will save current entries. :type predefined: str :param predefined: An identifier for a predefined ACL. Must be one of the keys in :attr:`PREDEFINED_JSON_ACLS` If passed, `acl` must be None. :type client: :class:`~google.cloud.storage.client.Client` or ``NoneType`` :param client: (Optional) The client to use. If not passed, falls back to the ``client`` stored on the ACL's parent. :type if_generation_match: long :param if_generation_match: (Optional) See :ref:`using-if-generation-match` :type if_generation_not_match: long :param if_generation_not_match: (Optional) See :ref:`using-if-generation-not-match` :type if_metageneration_match: long :param if_metageneration_match: (Optional) See :ref:`using-if-metageneration-match` :type if_metageneration_not_match: long :param if_metageneration_not_match: (Optional) See :ref:`using-if-metageneration-not-match` :type timeout: float or tuple :param timeout: (Optional) The amount of time, in seconds, to wait for the server response. See: :ref:`configuring_timeouts` :type retry: google.api_core.retry.Retry or google.cloud.storage.retry.ConditionalRetryPolicy :param retry: (Optional) How to retry the RPC. See: :ref:`configuring_retries` Z projectionfullNr_)if_generation_matchif_generation_not_matchif_metageneration_matchif_metageneration_not_matchr`rT)r^_PREDEFINED_QUERY_PARAMrer save_pathZ_patch_resource_URL_PATH_ELEMrZr4r@r:rSrNr6)r rr>r]rjrkrlrmr5rbrarfresultrhrrr_saves44      z ACL._savec Cs<|dur|}|j} nd} | r8|j|d|||||||d dS)a!Save this ACL for the current bucket. If :attr:`user_project` is set, bills the API request to that project. :type acl: :class:`google.cloud.storage.acl.ACL`, or a compatible list. :param acl: The ACL object to save. If left blank, this will save current entries. :type client: :class:`~google.cloud.storage.client.Client` or ``NoneType`` :param client: (Optional) The client to use. If not passed, falls back to the ``client`` stored on the ACL's parent. :type if_generation_match: long :param if_generation_match: (Optional) See :ref:`using-if-generation-match` :type if_generation_not_match: long :param if_generation_not_match: (Optional) See :ref:`using-if-generation-not-match` :type if_metageneration_match: long :param if_metageneration_match: (Optional) See :ref:`using-if-metageneration-match` :type if_metageneration_not_match: long :param if_metageneration_not_match: (Optional) See :ref:`using-if-metageneration-not-match` :type timeout: float or tuple :param timeout: (Optional) The amount of time, in seconds, to wait for the server response. See: :ref:`configuring_timeouts` :type retry: google.api_core.retry.Retry or google.cloud.storage.retry.ConditionalRetryPolicy :param retry: (Optional) How to retry the RPC. See: :ref:`configuring_retries` NTrjrkrlrmr5rb)r6rr) r rr]rjrkrlrmr5rbZsave_to_backendrrrsaves 1zACL.savec Cs*||}|jd||||||||d dS)aSave this ACL for the current bucket using a predefined ACL. If :attr:`user_project` is set, bills the API request to that project. :type predefined: str :param predefined: An identifier for a predefined ACL. Must be one of the keys in :attr:`PREDEFINED_JSON_ACLS` or :attr:`PREDEFINED_XML_ACLS` (which will be aliased to the corresponding JSON name). If passed, `acl` must be None. :type client: :class:`~google.cloud.storage.client.Client` or ``NoneType`` :param client: (Optional) The client to use. If not passed, falls back to the ``client`` stored on the ACL's parent. :type if_generation_match: long :param if_generation_match: (Optional) See :ref:`using-if-generation-match` :type if_generation_not_match: long :param if_generation_not_match: (Optional) See :ref:`using-if-generation-not-match` :type if_metageneration_match: long :param if_metageneration_match: (Optional) See :ref:`using-if-metageneration-match` :type if_metageneration_not_match: long :param if_metageneration_not_match: (Optional) See :ref:`using-if-metageneration-not-match` :type timeout: float or tuple :param timeout: (Optional) The amount of time, in seconds, to wait for the server response. See: :ref:`configuring_timeouts` :type retry: google.api_core.retry.Retry or google.cloud.storage.retry.ConditionalRetryPolicy :param retry: (Optional) How to retry the RPC. See: :ref:`configuring_retries` Nrs)r?rr) r r>r]rjrkrlrmr5rbrrrsave_predefined,s4 zACL.save_predefinedc Cs|jg|||||||ddS)aIRemove all ACL entries. If :attr:`user_project` is set, bills the API request to that project. Note that this won't actually remove *ALL* the rules, but it will remove all the non-default rules. In short, you'll still have access to a bucket that you created even after you clear ACL rules with this method. :type client: :class:`~google.cloud.storage.client.Client` or ``NoneType`` :param client: (Optional) The client to use. If not passed, falls back to the ``client`` stored on the ACL's parent. :type if_generation_match: long :param if_generation_match: (Optional) See :ref:`using-if-generation-match` :type if_generation_not_match: long :param if_generation_not_match: (Optional) See :ref:`using-if-generation-not-match` :type if_metageneration_match: long :param if_metageneration_match: (Optional) See :ref:`using-if-metageneration-match` :type if_metageneration_not_match: long :param if_metageneration_not_match: (Optional) See :ref:`using-if-metageneration-not-match` :type timeout: float or tuple :param timeout: (Optional) The amount of time, in seconds, to wait for the server response. See: :ref:`configuring_timeouts` :type retry: google.api_core.retry.Retry or google.cloud.storage.retry.ConditionalRetryPolicy :param retry: (Optional) How to retry the RPC. See: :ref:`configuring_retries` )r]rjrkrlrmr5rbN)rt)r r]rjrkrlrmr5rbrrrr@ms1z ACL.clear)N)N))r(r)r*r+rprnr9 frozensetr;r6r]rdrorerrr8 classmethodr?rArDrNrPrRrSrBrTrXrYrJrKr[propertyr^rr7rrrrtrur@rrrrr,is           + Y G Cr,csPeZdZdZfddZeddZeddZedd Zed d Z Z S) BucketACLzAn ACL specifically for a bucket. :type bucket: :class:`google.cloud.storage.bucket.Bucket` :param bucket: The bucket to which this ACL relates. cstt|||_dSr)superryrbucket)r r{ __class__rrrszBucketACL.__init__cCs|jjS)z&The client bound to this ACL's bucket.)r{r]rrrrr]szBucketACL.clientcCs|jjd|jS)3Compute the path for GET API requests for this ACL./)r{rfrprrrrrdszBucketACL.reload_pathcCs|jjSz5Compute the path for PATCH API requests for this ACL.)r{rfrrrrroszBucketACL.save_pathcCs|jjSz?Compute the user project charged for API requests for this ACL.)r{rerrrrreszBucketACL.user_project r(r)r*r+rrxr]rdrore __classcell__rrr|rrys    ryc@seZdZdZdZdZdS)DefaultObjectACLz9A class representing the default object ACL for a bucket.ZdefaultObjectAclZpredefinedDefaultObjectAclN)r(r)r*r+rprnrrrrrsrcsPeZdZdZfddZeddZeddZedd Zed d Z Z S) ObjectACLzAn ACL specifically for a Cloud Storage object / blob. :type blob: :class:`google.cloud.storage.blob.Blob` :param blob: The blob that this ACL corresponds to. cstt|||_dSr)rzrrblob)r rr|rrrszObjectACL.__init__cCs|jjS)z$The client bound to this ACL's blob.)rr]rrrrr]szObjectACL.clientcCs|jjdS)r~z/aclrrfrrrrrdszObjectACL.reload_pathcCs|jjSrrrrrrroszObjectACL.save_pathcCs|jjSr)rrerrrrreszObjectACL.user_projectrrrr|rrs    rN)r+Zgoogle.cloud.storage._helpersrZgoogle.cloud.storage.constantsrZgoogle.cloud.storage.retryrrobjectrr,ryrrrrrrs    RE