638fb68955
To make controller classes clean, this patch introduces new
mechanism called ACL Handlers. It is really useful for customizing
acl checking algorithms for each controller.
BaseAclHandler wraps basic Acl handling as same as current one.
(i.e. it will check acl from ACL_MAP by using HEAD)
In addition, we can make some extended custom classes with the same
name of the controllers. (e.g. BucketAclHandler is for BucketController)
They consist of method(s) for actual S3 method on controllers as follows.
e.g.:
class BucketAclHandler(BaseAclHandler):
def PUT:
<< put acl handling algorithms here for PUT bucket >>
Change-Id: I155cd6387c81c03a2092ecd933f4769e5148c591
65 lines
1.9 KiB
Python
65 lines
1.9 KiB
Python
# Copyright (c) 2014 OpenStack Foundation.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
# implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
from urllib import quote
|
|
|
|
from swift3.controllers.base import Controller
|
|
from swift3.response import HTTPOk
|
|
from swift3.etree import tostring
|
|
|
|
|
|
class S3AclController(Controller):
|
|
"""
|
|
Handles the following APIs:
|
|
|
|
- GET Bucket acl
|
|
- PUT Bucket acl
|
|
- GET Object acl
|
|
- PUT Object acl
|
|
|
|
Those APIs are logged as ACL operations in the S3 server log.
|
|
"""
|
|
def GET(self, req):
|
|
"""
|
|
Handles GET Bucket acl and GET Object acl.
|
|
"""
|
|
resp = req.get_response(self.app)
|
|
acl = getattr(resp, '%s_acl' %
|
|
('object' if req.is_object_request else 'bucket'))
|
|
|
|
resp = HTTPOk()
|
|
resp.body = tostring(acl.elem())
|
|
|
|
return resp
|
|
|
|
def PUT(self, req):
|
|
"""
|
|
Handles PUT Bucket acl and PUT Object acl.
|
|
"""
|
|
if req.is_object_request:
|
|
headers = {}
|
|
src_path = '/%s/%s' % (req.container_name, req.object_name)
|
|
|
|
# object-sysmeta' can be updated by 'Copy' method,
|
|
# but can not be by 'POST' method.
|
|
# So headers['X-Copy-From'] for copy request is added here.
|
|
headers['X-Copy-From'] = quote(src_path)
|
|
headers['Content-Length'] = 0
|
|
req.get_response(self.app, 'PUT', headers=headers)
|
|
else:
|
|
req.get_response(self.app, 'POST')
|
|
|
|
return HTTPOk()
|