/**
* Returns new object statements for given policy type.
*/
private List <Statement> newObjectStatement(PolicyType policy, String prefix)
{
List <Statement> statements = new List <Statement>();
if (policy.Equals(PolicyType.NONE) || bucketName == null || bucketName.Length == 0)
{
return(statements);
}
Resources resources = new Resources(PolicyConstants.AWS_RESOURCE_PREFIX + bucketName + "/" + prefix + "*");
Statement statement = new Statement();
statement.effect = "Allow";
statement.principal = new Principal("*");
statement.resources = resources;
statement.sid = "";
if (policy.Equals(PolicyType.READ_ONLY))
{
statement.actions = PolicyConstants.READ_ONLY_OBJECT_ACTIONS;
}
else if (policy.Equals(PolicyType.WRITE_ONLY))
{
statement.actions = PolicyConstants.WRITE_ONLY_OBJECT_ACTIONS;
}
else if (policy.Equals(PolicyType.READ_WRITE))
{
statement.actions = PolicyConstants.READ_WRITE_OBJECT_ACTIONS();
}
statements.Add(statement);
return(statements);
}
/**
* Appends new statements for given policy type.
*/
private void appendStatements(PolicyType policy, String prefix)
{
List <Statement> appendStatements = newStatements(policy, prefix);
foreach (Statement statement in appendStatements)
{
appendStatement(statement);
}
}
/**
* Returns new statements for given policy type.
*/
private List <Statement> newStatements(PolicyType policy, String prefix)
{
List <Statement> statements = this.newBucketStatement(policy, prefix);
List <Statement> objectStatements = this.newObjectStatement(policy, prefix);
statements.AddRange(objectStatements);
return(statements);
}
/**
* Sets policy type for given prefix.
*/
// @JsonIgnore
public void SetPolicy(PolicyType policy, String prefix)
{
if (statements == null)
{
statements = new List <Statement>();
}
removeStatements(prefix);
appendStatements(policy, prefix);
}
/**
* Returns new bucket statements for given policy type.
*/
private List <Statement> newBucketStatement(PolicyType policy, String prefix)
{
List <Statement> statements = new List <Statement>();
if (policy.Equals(PolicyType.NONE) || bucketName == null || bucketName.Length == 0)
{
return(statements);
}
Resources resources = new Resources(PolicyConstants.AWS_RESOURCE_PREFIX + bucketName);
Statement statement = new Statement();
statement.actions = PolicyConstants.COMMON_BUCKET_ACTIONS;
statement.effect = "Allow";
statement.principal = new Principal("*");
statement.resources = resources;
statement.sid = "";
statements.Add(statement);
if (policy.Equals(PolicyType.READ_ONLY) || policy.Equals(PolicyType.READ_WRITE))
{
statement = new Statement();
statement.actions = PolicyConstants.READ_ONLY_BUCKET_ACTIONS;
statement.effect = "Allow";
statement.principal = new Principal("*");
statement.resources = resources;
statement.sid = "";
if (prefix != null && prefix.Length != 0)
{
ConditionKeyMap map = new ConditionKeyMap();
map.Put("s3:prefix", prefix);
statement.conditions = new ConditionMap("StringEquals", map);
}
statements.Add(statement);
}
if (policy.Equals(PolicyType.WRITE_ONLY) || policy.Equals(PolicyType.READ_WRITE))
{
statement = new Statement();
statement.actions = PolicyConstants.WRITE_ONLY_BUCKET_ACTIONS;
statement.effect = "Allow";
statement.principal = new Principal("*");
statement.resources = resources;
statement.sid = "";
statements.Add(statement);
}
return(statements);
}
/**
* Returns policy type of all prefixes.
*/
//@JsonIgnore
public Dictionary <String, PolicyType> GetPolicies()
{
Dictionary <String, PolicyType> policyRules = new Dictionary <string, PolicyType>();
ISet <String> objResources = new HashSet <String>();
String bucketResource = PolicyConstants.AWS_RESOURCE_PREFIX + bucketName;
// Search all resources related to objects policy
foreach (Statement s in statements)
{
if (s.resources != null)
{
objResources.UnionWith(s.resources.startsWith(bucketResource + "/"));
}
}
// Pretend that policy resource as an actual object and fetch its policy
foreach (string r in objResources)
{
// Put trailing * if exists in asterisk
string asterisk = "";
string resource = r;
if (r.EndsWith("*"))
{
resource = r.Substring(0, r.Length - 1);
asterisk = "*";
}
// String objectPath = resource.Substring(bucketResource.Length + 1, resource.Length);
String objectPath = resource.Substring(bucketResource.Length + 1, resource.Length - bucketResource.Length - 1);
PolicyType policy = this.GetPolicy(objectPath);
policyRules.Add(bucketName + "/" + objectPath + asterisk, policy);
}
return(policyRules);
}