2dZddlmZddlmZddlmZddlmZddlZddlmZddl m Z Gd d e Z Gd d e ZGd de ZdZy)z7Contains helper objects for changing and deleting ACLs.)absolute_import)print_function)division)unicode_literalsN)CommandException)storage_v1_messagesceZdZdZdZdZy) ChangeTypeUserGroupProjectN)__name__ __module__ __qualname__USERGROUPPROJECT)platform/gsutil/gslib/utils/acl_helper.pyr r s $ % 'rr ceZdZdZddgZddgZddgZdgZd gZeezezezezZ d Z d Z e e fZ d Z d ZdZdZdZddddddddZdZdZdZdZdZdZdZdZdZy) AclChangez6Represents a logical change to an access control list.AllAuthenticatedUsersAllUsersUserById GroupById UserByEmail GroupByEmail GroupByDomainr allUsersallAuthenticatedUsers)zproject-editors-zproject-owners-zproject-viewers-zgroup-zuser-zdomain-zproject-READERWRITEROWNER)RWFCOREADWRITE FULL_CONTROLcdd|_||_|j|||jy)a<Creates an AclChange object. Args: acl_change_descriptor: An acl change as described in the "ch" section of the "acl" command's help. scope_type: Either ChangeType.USER or ChangeType.GROUP or ChangeType.PROJECT, specifying the extent of the scope. N) identifierraw_descriptor_Parse _Validate)selfacl_change_descriptor scope_types r__init__zAclChange.__init__@s,DO/DKK%z2NNrcddj|j|j|jS)NzAclChange<{0}|{1}|{2}>)formatr4permr.r2s r__str__zAclChange.__str__Os( # * *4??DII+/?? <._ClassifyScopeIdentifierVsL#G(!$%5 f!'  +u 88E4 / !/r:z%{0} is an invalid change description.r?z {0}ByDomain)r=r>z{0}By{1}rrr N) countrr7splitupperpermission_shorthand_mappingr8r4r.)r2change_descriptorr4rH scope_string perm_token scope_classs rr0zAclChange._ParseSs s#q(  1 8 89J K MM 166s;L*!!#JT66633J?didi*<8Kh&,,Z8do$do  '"))*kBdo$do / //do  ""do  !!do$do%dorcfd}jjvr!|djjjjvr-jr!|djjjj vr-js!|djjjj vr-js!|djjjjvr-js!|djjjjjvrJdjtjj}|dj|y y ) z$Validates a parsed AclChange object.cNtdjj|)Nz!{0} is not a valid ACL change {1})rr7r/)msgr2s r _ThrowErrorz(AclChange._Validate.._ThrowErrors) AHH   s$ %%rz{0} is not a valid scope typez{0} requires no argumentsz{0} requires an idz{0} requires an email addressz{0} requires domainz, zAllowed permissions are {0}N) r4 scope_typesr7 public_scopesr. id_scopes email_scopes domain_scopesr8rNvaluesjoinset)r2rVpermss` rr1zAclChange._ValidatesI% d...188IJ $,,,-44T__EF $..(&--doo>? $+++DOO188IJ $,,,T__'..t?@ yy99@@BBiiD==DDFGHe/66u=>Crc#VK|D]}|jdvr*|jr|j|jk(r|<|jdvr*|jr|j|jk(r|t|jdk(r*|jr|j|jk(r||jdk(rN|j rB|j|j j d|j jk(r| |jdk(r;|jj|jjk(r|T|jdk(se|jj|jjk(s|yw) aRGenerator that yields entries that match the change descriptor. Args: current_acl: A list of apitools_messages.BucketAccessControls or ObjectAccessControls which will be searched for matching entries. Yields: An apitools_messages.BucketAccessControl or ObjectAccessControl. )rrrrrr -rrN) r4entityIdr.emaildomain projectTeamteam projectNumberentitylowerpublic_entity_all_userspublic_entity_all_auth_usersr2 current_aclentrys r_YieldMatchingEntrieszAclChange._YieldMatchingEntriess= //6 65>> //U^^ + OO> > KKDOOu{{: OO .5<< OOu|| + OOy (U->-> OO    # #U%6%6%D%D F F OOz ) LL   D$@$@$F$F$H H OO6 6 LL   D$E$E$K$K$M M 'sE&F)*5F)!F)c|jdvr|j|jzS|jdvr|j|jzS|jdk(r|j|jzS|jdk(r|j |jzS|jdk(r |j S|jdk(r |jStd|jz)z3Gets an appropriate entity string for an ACL grant.)rr)rrr rrrz.Add entry to ACL got unexpected scope type %s.) r4user_entity_prefixr.group_entity_prefixproject_entity_prefixdomain_entity_prefixrlrkrr9s r GetEntityzAclChange.GetEntitys 55  $ $t 66 9 9  % % 77 I %  ' '$// 99 O +  & & 88 3 3  . .. J &  ) )) M!__- ..rc.|j}||j|}|jdvr|j|_n@|jdvr|j|_n |jdk(r|j|_|j|y)zAdds an entry to current_acl.)roleri)rrr rarN)rvr8r4r.rcrdreappend)r2rn entry_classriros r _AddEntryzAclChange._AddEntryss ^^ F TYYv 6E >>en ; ;OOek O +__elurcf|D]}|jcStjjS)N) __class__apitools_messagesObjectAccessControl)r2rn acl_entrys r_GetEntriesClasszAclChange._GetEntriesClasss/   !  0 0 2 < <*J7-;')0,"#-;.*\9MI +'!802NO1 "$    " </%b?4@.$ =&rrc,eZdZdZdddZdZdZdZy) AclDelz8Represents a logical change from an access control list.rr)z All(Users)?$zAllAuth(enticatedUsers)?$c dj||_||_|jj D]<\}}t j ||jt js6||_>d|_d|_ y)Nz-d {0}AnyNONE) r7r/r. scope_regexesr@rArBrCr4r8)r2r.rGscopes rr5zAclDel.__init__sf"//*5D DO**002 u %"-- 83DODIrc#bK|D]}|jr:|jj|jjk(r|J|jr:|jj|jjk(r||jr:|jj|jjk(r||j r^|jjdj|j j |j jfzk(r|@|jjdk(r|jdk(r|r|jjdk(s|jdk(s|yw)aWGenerator that yields entries that match the change descriptor. Args: current_acl: An instance of apitools_messages.BucketAccessControls or ObjectAccessControls which will be searched for matching entries. Yields: An apitools_messages.BucketAccessControl or ObjectAccessControl. z%s-%sallusersrallauthenticatedusersrN) rcr.rjrdrerfrgrhrirms rrpzAclDel._YieldMatchingEntriess7 DOO113u~~7K7K7MM ;;4??002ekk6G6G6II <F#F <<   : -$//Z2O LL   $; ; OO6 6 sFF/F/'F/c|jd||j|t|j|}|D]}|j ||jdt |t |S)Nrr)rr/rrpremoverlen)r2rrnrrrros rrzAclDel.Execute8sk LL(,8K8KD66{CD!" LL[!12   rN)rrrrrr5rprrrrrr s!@!$;- 6!rrcg}tjtjtjd}|D]\}}||vrNt |||}dj |j |j}|j||fX|dk(r)t|}|jd|jf|j||f|S)N)z-gz-pz-u)r4zentity={},role={}z-d) r rrrrr7rvr8ryrr.)sub_optstranslated_sub_optsscope_type_from_flagflagvaluechange new_values rtranslate_sub_opts_for_shimrBs       OO  mtU ##+?+EFf%,,V-=-=-?Mi  $ !23 e}f  $(9(9!:;  $/  r)r __future__rrrrrAgslib.exceptionr"gslib.third_party.storage_apitoolsrr~objectr rrrrrrrsL>&%' ,W hhV2!V2!jr