class AWS::S3::ACL::Policy
The ACL::Policy class lets you inspect and modify access controls for buckets and objects. A policy is made up of one or more Grants which specify a permission and a Grantee
to whom that permission is granted.
Buckets and objects are given a default access policy which contains one grant permitting the owner of the bucket or object FULL_CONTROL over its contents. This means they can read the object, write to the object, as well as read and write its policy.
The acl
method for both buckets and objects returns the policy object for that entity:
policy = Bucket.acl('some-bucket')
The grants
method of a policy exposes its grants. You can treat this collection as an array and push new grants onto it:
policy.grants << grant
Check the documentation for Grant
and Grantee
for more details on how to create new grants.
Attributes
Public Class Methods
Source
# File lib/aws/s3/acl.rb 123 def initialize(attributes = {}) 124 @attributes = attributes 125 @grants = [].extend(GrantListExtensions) 126 extract_owner! if owner? 127 extract_grants! if grants? 128 end
Public Instance Methods
Source
# File lib/aws/s3/acl.rb 131 def to_xml 132 Builder.new(owner, grants).to_s 133 end
The xml representation of the policy.
Private Instance Methods
Source
# File lib/aws/s3/acl.rb 149 def extract_grants! 150 attributes['access_control_list']['grant'].each do |grant| 151 grants << Grant.new(grant) 152 end 153 end
Source
# File lib/aws/s3/acl.rb 145 def extract_owner! 146 @owner = Owner.new(attributes.delete('owner')) 147 end
Source
# File lib/aws/s3/acl.rb 141 def grants? 142 (attributes.has_key?('access_control_list') && attributes['access_control_list']['grant']) || !grants.empty? 143 end
Source
# File lib/aws/s3/acl.rb 137 def owner? 138 attributes.has_key?('owner') || !owner.nil? 139 end