class AWS::S3::ACL::Grantee
Grants bestow a access permission to grantees. Each grant of some access control list Policy is associated with a grantee. There are three ways of specifying a grantee at the time of this writing.
-
By canonical user - This format uses the
id
of a given Amazon account. The id value for a given account is available in the
Owner object of a bucket, object or policy. grantee.id = 'bb2041a25975c3d4ce9775fe9e93e5b77a6a9fad97dc7e00686191f3790b13f1'
Often the id will just be fetched from some owner object.
grantee.id = some_object.owner.id
-
By amazon email address - You can specify an email address for any Amazon account. The Amazon account need not be signed up with the S3 service.
though it must be unique across the entire Amazon system. This email address is normalized into a canonical user representation once the grant has been sent back up to the S3 servers.
grantee.email_address = 'joe@example.org'
-
By group - As of this writing you can not create custom groups, but Amazon provides three group that you can use. See the documentation for the
#group= method for details.
grantee.group = 'Authenticated'
Public Class Methods
# File lib/aws/s3/acl.rb, line 390 def initialize(attributes = {}) # Set default values for attributes that may not be passed in but we still want the object # to respond to attributes = {'id' => nil, 'display_name' => nil, 'email_address' => nil, 'uri' => nil}.merge(attributes) @attributes = attributes extract_type! yield self if block_given? end
Public Instance Methods
Returns the grantee's group. If the grantee is not a group,
nil
is returned.
# File lib/aws/s3/acl.rb, line 434 def group return unless uri uri[%r([^/]+$)] end
Sets the grantee's group by name.
grantee.group = 'AllUsers'
Currently, valid groups defined by S3 are:
-
AllUsers
: This group represents anyone. In other words, an anonymous request. -
Authenticated
: Any authenticated account on the S3 service. -
LogDelivery
: The entity that delivers bucket access logs.
# File lib/aws/s3/acl.rb, line 428 def group=(group_name) section = %w(AllUsers Authenticated).include?(group_name) ? 'global' : 's3' self.uri = "http://acs.amazonaws.com/groups/#{section}/#{group_name}" end
The xml representation of the current grantee object.
# File lib/aws/s3/acl.rb, line 400 def to_xml Builder.new(self).to_s end
Returns the type of grantee. Will be one of CanonicalUser
,
AmazonCustomerByEmail
or Group
.
# File lib/aws/s3/acl.rb, line 405 def type return attributes['type'] if attributes['type'] # Lookups are in order of preference so if, for example, you set the uri but display_name and id are also # set, we'd rather go with the canonical representation. if display_name && id 'CanonicalUser' elsif email_address 'AmazonCustomerByEmail' elsif uri 'Group' end end
Private Instance Methods
# File lib/aws/s3/acl.rb, line 452 def extract_type! attributes['type'] = attributes.delete('xsi:type') end