o tBhV@spdZddlmZddlmZGdddeZGdddeZGdd d eZGd d d eZ Gd d d eZ dS)aI Manipulate access control lists that Cloud Storage provides. :class:`google.cloud.storage.bucket.Bucket` has a getting method that creates an ACL object under the hood, and you can interact with that using :func:`google.cloud.storage.bucket.Bucket.acl`: .. literalinclude:: snippets.py :start-after: [START client_bucket_acl] :end-before: [END client_bucket_acl] :dedent: 4 Adding and removing permissions can be done with the following methods (in increasing order of granularity): - :func:`ACL.all` corresponds to access for all users. - :func:`ACL.all_authenticated` corresponds to access for all users that are signed into a Google account. - :func:`ACL.domain` corresponds to access on a per Google Apps domain (ie, ``example.com``). - :func:`ACL.group` corresponds to access on a per group basis (either by ID or e-mail address). - :func:`ACL.user` corresponds to access on a per user basis (either by ID or e-mail address). And you are able to ``grant`` and ``revoke`` the following roles: - **Reading**: :func:`_ACLEntity.grant_read` and :func:`_ACLEntity.revoke_read` - **Writing**: :func:`_ACLEntity.grant_write` and :func:`_ACLEntity.revoke_write` - **Owning**: :func:`_ACLEntity.grant_owner` and :func:`_ACLEntity.revoke_owner` You can use any of these like any other factory method (these happen to be :class:`_ACLEntity` factories): .. literalinclude:: snippets.py :start-after: [START acl_user_settings] :end-before: [END acl_user_settings] :dedent: 4 After that, you can save any changes you make with the :func:`google.cloud.storage.acl.ACL.save` method: .. literalinclude:: snippets.py :start-after: [START acl_save] :end-before: [END acl_save] :dedent: 4 You can alternatively save any existing :class:`google.cloud.storage.acl.ACL` object (whether it was created by a factory method or not) from a :class:`google.cloud.storage.bucket.Bucket`: .. literalinclude:: snippets.py :start-after: [START acl_save_bucket] :end-before: [END acl_save_bucket] :dedent: 4 To get the list of ``entity`` and ``role`` for each unique pair, the :class:`ACL` class is iterable: .. literalinclude:: snippets.py :start-after: [START acl_print] :end-before: [END acl_print] :dedent: 4 This list of tuples can be used as the ``entity`` and ``role`` fields when sending metadata for ACLs to the API. )_DEFAULT_TIMEOUT) DEFAULT_RETRYc@s~eZdZdZdZdZdZdddZdd Zd d Z d d Z ddZ ddZ ddZ ddZddZddZddZddZdS) _ACLEntityaClass representing a set of roles for an entity. This is a helper class that you likely won't ever construct outside of using the factor methods on the :class:`ACL` object. :type entity_type: str :param entity_type: The type of entity (ie, 'group' or 'user'). :type identifier: str :param identifier: (Optional) The ID or e-mail of the entity. For the special entity types (like 'allUsers'). READERWRITEROWNERNcCs||_tg|_||_dSN) identifiersetrolestype)self entity_typer ro/var/www/html/riverr-enterprise-integrations-main/venv/lib/python3.10/site-packages/google/cloud/storage/acl.py__init__ms  z_ACLEntity.__init__cCs|jst|jSdj|dS)Nz{acl.type}-{acl.identifier})acl)r strr formatr rrr__str__rs  z_ACLEntity.__str__cCsdj|d|jdS)Nzz, )rr )rjoinr rrrr__repr__xs z_ACLEntity.__repr__cCs|jS)zGet the list of roles permitted by this entity. :rtype: list of strings :returns: The list of roles associated with this entity. )r rrrr get_roles}sz_ACLEntity.get_rolescCs|j|dS)zoAdd a role to the entity. :type role: str :param role: The role to add to the entity. N)r addr rolerrrgrantsz_ACLEntity.grantcCs||jvr |j|dSdS)zyRemove a role from the entity. :type role: str :param role: The role to remove from the entity. N)r removerrrrrevokes z_ACLEntity.revokecC|tjdS)z(Grant read access to the current entity.N)rr READER_ROLErrrr grant_readz_ACLEntity.grant_readcCr )z)Grant write access to the current entity.N)rr WRITER_ROLErrrr grant_writer#z_ACLEntity.grant_writecCr )z)Grant owner access to the current entity.N)rr OWNER_ROLErrrr grant_ownerr#z_ACLEntity.grant_ownercCr )z+Revoke read access from the current entity.N)rrr!rrrr revoke_readr#z_ACLEntity.revoke_readcCr )z,Revoke write access from the current entity.N)rrr$rrrr revoke_writer#z_ACLEntity.revoke_writecCr )z,Revoke owner access from the current entity.N)rrr&rrrr revoke_ownerr#z_ACLEntity.revoke_ownerr)__name__ __module__ __qualname____doc__r!r$r&rrrrrrr"r%r'r(r)r*rrrrr[s"    rc@s4eZdZdZdZdZdddddd d Zegd Z d Z d Z d Z d Z d Z ddZefddZeddZddZddZddZddZd frozensetr@r;rgrnrwrorrr= classmethodrDrFrIrTrVrXrYrGr[r`rarOrPrepropertyrhrr<r{r}r~rErrrrr/sZ           #4r/cPeZdZdZfddZeddZeddZedd Zed d Z Z S) BucketACLzAn ACL specifically for a bucket. :type bucket: :class:`google.cloud.storage.bucket.Bucket` :param bucket: The bucket to which this ACL relates. ctt|||_dSr)superrrbucket)r r __class__rrr[ zBucketACL.__init__cC|jjS)z&The client bound to this ACL's bucket.)rrgrrrrrg_zBucketACL.clientcCsd|jj|jfS)3Compute the path for GET API requests for this ACL.z%s/%s)rrqryrrrrrndszBucketACL.reload_pathcCrz5Compute the path for PATCH API requests for this ACL.)rrqrrrrrwirzBucketACL.save_pathcCrz?Compute the user project charged for API requests for this ACL.)rrorrrrronrzBucketACL.user_project r+r,r-r.rrrgrnrwro __classcell__rrrrrT    rc@seZdZdZdZdZdS)DefaultObjectACLz9A class representing the default object ACL for a bucket.defaultObjectAclpredefinedDefaultObjectAclN)r+r,r-r.ryrvrrrrrtsrcr) ObjectACLzAn ACL specifically for a Cloud Storage object / blob. :type blob: :class:`google.cloud.storage.blob.Blob` :param blob: The blob that this ACL corresponds to. crr)rrrblob)r rrrrrrzObjectACL.__init__cCr)z$The client bound to this ACL's blob.)rrgrrrrrgrzObjectACL.clientcCs d|jjS)rz%s/aclrrqrrrrrns zObjectACL.reload_pathcCrrrrrrrrwrzObjectACL.save_pathcCrr)rrorrrrrorzObjectACL.user_projectrrrrrr{rrN) r.google.cloud.storage.constantsrgoogle.cloud.storage.retryrobjectrr/rrrrrrrs H T(