class AWS::S3::ACL::Grantee
Grants bestow a access permission to grantees. Each grant of some access control list Policy is associated with a grantee. There are three ways of specifying a grantee at the time of this writing.
-
By canonical user - This format uses the
id
of a given Amazon account. The id value for a given account is available in the
Owner object of a bucket, object or policy. grantee.id = 'bb2041a25975c3d4ce9775fe9e93e5b77a6a9fad97dc7e00686191f3790b13f1'
Often the id will just be fetched from some owner object.
grantee.id = some_object.owner.id
-
By amazon email address - You can specify an email address for any Amazon account. The Amazon account need not be signed up with the S3 service.
though it must be unique across the entire Amazon system. This email address is normalized into a canonical user representation once the grant has been sent back up to the S3 servers.
grantee.email_address = 'joe@example.org'
-
By group - As of this writing you can not create custom groups, but Amazon provides three group that you can use. See the documentation for the
Grantee.group=
method for details.
grantee.group = 'Authenticated'
Public Class Methods
Source
# File lib/aws/s3/acl.rb 390 def initialize(attributes = {}) 391 # Set default values for attributes that may not be passed in but we still want the object 392 # to respond to 393 attributes = {'id' => nil, 'display_name' => nil, 'email_address' => nil, 'uri' => nil}.merge(attributes) 394 @attributes = attributes 395 extract_type! 396 yield self if block_given? 397 end
Public Instance Methods
Source
# File lib/aws/s3/acl.rb 434 def group 435 return unless uri 436 uri[%r([^/]+$)] 437 end
Returns the grantee’s group. If the grantee is not a group, nil
is returned.
Source
# File lib/aws/s3/acl.rb 428 def group=(group_name) 429 section = %w(AllUsers Authenticated).include?(group_name) ? 'global' : 's3' 430 self.uri = "http://acs.amazonaws.com/groups/#{section}/#{group_name}" 431 end
Sets the grantee’s group by name.
grantee.group = 'AllUsers'
Currently, valid groups defined by S3 are:
-
AllUsers
: This group represents anyone. In other words, an anonymous request. -
Authenticated
: Any authenticated account on the S3 service. -
LogDelivery
: The entity that delivers bucket access logs.
Source
# File lib/aws/s3/acl.rb 400 def to_xml 401 Builder.new(self).to_s 402 end
The xml representation of the current grantee object.
Source
# File lib/aws/s3/acl.rb 405 def type 406 return attributes['type'] if attributes['type'] 407 408 # Lookups are in order of preference so if, for example, you set the uri but display_name and id are also 409 # set, we'd rather go with the canonical representation. 410 if display_name && id 411 'CanonicalUser' 412 elsif email_address 413 'AmazonCustomerByEmail' 414 elsif uri 415 'Group' 416 end 417 end
Returns the type of grantee. Will be one of CanonicalUser
, AmazonCustomerByEmail
or Group
.
Private Instance Methods
Source
# File lib/aws/s3/acl.rb 452 def extract_type! 453 attributes['type'] = attributes.delete('xsi:type') 454 end