Story #453: As a user I can set the ACL on a container.

2012-01-11 17:44:26 -06:00
parent fefba207c9
commit b652e443fc
2 changed files with 69 additions and 0 deletions
--- a/src/HPCloud/Storage/ObjectStorage/ACL.php
+++ b/src/HPCloud/Storage/ObjectStorage/ACL.php
@@ -489,6 +489,47 @@ class ACL {
    }
  }

+  /**
+   * Check if the ACL marks this private.
+   *
+   * This returns TRUE only if this ACL does not grant any permissions
+   * at all.
+   *
+   * @return boolean
+   *   TRUE if this is private (non-public), FALSE if
+   *   any permissions are granted via this ACL.
+   */
+  public function isNonPublic() {
+    return empty($this->rules);
+  }
+
+  /**
+   * Check whether this object allows public reading.
+   *
+   * This will return TRUE the ACL allows (a) any host to access
+   * the item, and (b) it allows container listings.
+   *
+   * This checks whether the object allows public reading,
+   * not whether it is ONLY allowing public reads.
+   *
+   * See ACL::publicRead().
+   */
+  public function isPublicRead() {
+    $allowsAllHosts = FALSE;
+    $allowsRListings = FALSE;
+    foreach ($this->rules as $rule) {
+      if (self::READ & $rule['mask']) {
+        if (!empty($rule['rlistings'])) {
+          $allowsRListings = TRUE;
+        }
+        elseif(!empty($rule['host']) && trim($rule['host']) == '*') {
+          $allowsAllHosts = TRUE;
+        }
+      }
+    }
+    return $allowsAllHosts && $allowsRListings;
+  }
+
  public function __toString() {
    $headers = $this->headers();

--- a/test/Tests/ACLTest.php
+++ b/test/Tests/ACLTest.php
@@ -161,4 +161,32 @@ class ACLTest extends \HPCloud\Tests\TestCase {

  }

+  public function testIsNonPublic() {
+    $acl = new ACL();
+
+    $this->assertTrue($acl->isNonPublic());
+
+    $acl->addReferrer(ACL::READ, '*.evil.net');
+    $this->assertFalse($acl->isNonPublic());
+
+    $acl = ACL::nonPublic();
+    $this->assertTrue($acl->isNonPublic());
+  }
+
+  public function testIsPublicRead() {
+    $acl = new ACL();
+
+    $this->assertFalse($acl->isPublicRead());
+    $acl->allowListings();
+    $acl->addReferrer(ACL::READ, '*');
+
+    $this->assertTrue($acl->isPublicRead());
+
+    $acl->addAccount(ACL::WRITE, 'foo', 'bar');
+    $this->assertTrue($acl->isPublicRead());
+
+    $acl = ACL::publicRead();
+    $this->assertTrue($acl->isPublicRead());
+  }
+
 }