2SrSSKJr SSKJr SSKJr SSKJr SSKrSSKJr SSK J r "S S \ 5r "S S \ 5r"S S\ 5rSrg)z7Contains helper objects for changing and deleting ACLs.)absolute_import)print_function)division)unicode_literalsN)CommandException)storage_v1_messagesc \rSrSrSrSrSrSrg) ChangeTypeUserGroupProjectN)__name__ __module__ __qualname____firstlineno__USERGROUPPROJECT__static_attributes__r)platform/gsutil/gslib/utils/acl_helper.pyr r s $ % 'rr c\rSrSrSrSS/rSS/rSS/rS /rS /r \\-\-\-\ -r S r S r \ \ 4r S rSrSrSrSrSSSSSSSS.rSrSrSrSrSrSrSrSrSrSrg )! AclChange"z6Represents a logical change to an access control list.AllAuthenticatedUsersAllUsersUserById GroupById UserByEmail GroupByEmail GroupByDomainrallUsersallAuthenticatedUsers)zproject-editors-zproject-owners-zproject-viewers-zgroup-zuser-zdomain-zproject-READERWRITEROWNER)RWFCOREADWRITE FULL_CONTROLc`SUlXlURX5 UR5 g)a$Creates an AclChange object. Args: acl_change_descriptor: An acl change as described in the "ch" section of the "acl" command's help. scope_type: Either ChangeType.USER or ChangeType.GROUP or ChangeType.PROJECT, specifying the extent of the scope. N) identifierraw_descriptor_Parse _Validate)selfacl_change_descriptor scope_types r__init__AclChange.__init__@s(DO/KK%2NNrcdSRURURUR5$)NzAclChange<{0}|{1}|{2}>)formatr8permr2r6s r__str__AclChange.__str__Os( # * *4??DII+/?? <._ClassifyScopeIdentifierVsK#G(!$%5 f!'  + 88E / / !/r:z%{0} is an invalid change description.rEz {0}ByDomain)rCrDz{0}By{1}rrrN) countrr<splitupperpermission_shorthand_mappingr=r8r2)r6change_descriptorr8rN scope_string perm_token scope_classs rr4AclChange._ParseSs s#q(  1 8 89J K MM 166s;L!!#J66633J?dii*<8Kh&,,Z8do$o  '"))*Bdo$o / //do  ""do  !!do$o%orc^U4SjnTRTR;a!U"SRTR55 TRTR;a2TR(a!U"SRTR55 TRTR ;a2TR(d!U"SRTR55 TRTR ;a2TR(d!U"SRTR55 TRTR;a2TR(d!U"SRTR55 TRTRR5;aJSR[TRR555nU"SRU55 g g ) z$Validates a parsed AclChange object.cN>[SRTRU55e)Nz!{0} is not a valid ACL change {1})rr<r3)msgr6s r _ThrowError(AclChange._Validate.._ThrowErrors) AHH   s$ %%rz{0} is not a valid scope typez{0} requires no argumentsz{0} requires an idz{0} requires an email addressz{0} requires domainz, zAllowed permissions are {0}N) r8 scope_typesr< public_scopesr2 id_scopes email_scopes domain_scopesr=rUvaluesjoinset)r6r^permss` rr5AclChange._ValidatesI% d...188IJ $,,,-44T__EF $..(&--doo>? $+++DOO188IJ $,,,T__'..t?@ yy99@@BBiiD==DDFGHe/66u=>Crc## UGHnURS;a1UR(a URUR:XaUv MEURS;a1UR(a URUR:XaUv MURS:Xa1UR(a URUR:XaUv MURS:XaWUR (aFURUR R <SUR R<3:XaUv GM.URS:Xa=URR5URR5:XaUv GM{URS:XdGMURR5URR5:XdGMUv GM g7f) a6Generator that yields entries that match the change descriptor. Args: current_acl: A list of apitools_messages.BucketAccessControls or ObjectAccessControls which will be searched for matching entries. Yields: An apitools_messages.BucketAccessControl or ObjectAccessControl. )rr r!r"r#r-rrN) r8entityIdr2emaildomain projectTeamteam projectNumberentitylowerpublic_entity_all_userspublic_entity_all_auth_usersr6 current_aclentrys r_YieldMatchingEntriesAclChange._YieldMatchingEntriess< //6 65>> //U^^ + OO> > KKDOOu{{: OO .5<< OOu|| + OOy (U->-> OO    # #U%6%6%D%D F F OOz ) LL   D$@$@$F$F$H H OO6 6 LL   D$E$E$K$K$M M 'sF G4G GcURS;aURUR-$URS;aURUR-$URS:XaURUR-$URS:XaUR UR-$URS:Xa UR $URS:Xa UR$[SUR-5e)z3Gets an appropriate entity string for an ACL grant.)rr!)r r"rr#rrz.Add entry to ACL got unexpected scope type %s.) r8user_entity_prefixr2group_entity_prefixproject_entity_prefixdomain_entity_prefixrvrurr>s r GetEntityAclChange.GetEntitys 55  $ $t 66 9 9  % % 77 I %  ' '$// 99 O +  & & 88 3 3  . .. J &  ) )) M!__- ..rc2UR5nU"URUS9nURS;aURUlOCURS;aURUlO!URS:XaURUlURU5 g)zAdds an entry to current_acl.)rolers)rr rrkr#N)rr=r8r2rmrnroappend)r6rx entry_classrsrys r _AddEntryAclChange._AddEntryss ^^ F TYYv 6E >>en ; ;OOek O +__elurcjUHnURs $ [R"5R$)N) __class__apitools_messagesObjectAccessControl)r6rx acl_entrys r_GetEntriesClassAclChange._GetEntriesClasss/   !  0 0 2 < <*J7-;')0,"#-;.*\9MI +'!802NO1 "$    " </%b?4@.$ =&rrc4\rSrSrSrSSS.rSrSrSrS r g ) AclDeli z8Represents a logical change from an access control list.rr)z All(Users)?$zAllAuth(enticatedUsers)?$cSRU5UlXlURR 5HAup#[ R "X R[ R5(dM;X0lMC SUlSUl g)Nz-d {0}AnyNONE) r<r3r2 scope_regexesrFrGrHrIr8r=)r6r2rMscopes rr9AclDel.__init__sa"//*5D O**002  %"-- 8 83DODIrc## UGHnUR(a<URR5URR5:XaUv MQUR(a<URR5URR5:XaUv MUR(a<URR5URR5:XaUv MUR (a`URR5SR5UR R UR R4-:XaUv GM\URR5S:XaURS:XaUv GMURR5S:XdGMURS:XdGMUv GM g7f)a;Generator that yields entries that match the change descriptor. Args: current_acl: An instance of apitools_messages.BucketAccessControls or ObjectAccessControls which will be searched for matching entries. Yields: An apitools_messages.BucketAccessControl or ObjectAccessControl. z%s-%sallusersrallauthenticatedusersrN) rmr2rtrnrorprqrrrsrws rrzAclDel._YieldMatchingEntriess6 DOO113u~~7K7K7MM ;;4??002ekk6G6G6II <F#F <<   : -$//Z2O LL   $; ; OO6 6 sF0G7G GcURSX0RU5 [URU55nUHnUR U5 M URS[ U55 [ U5$)Nrr)rr3rrzremoverlen)r6rrxrrrrys rrAclDel.Execute8si LL(,8K8KD66{CD!" LL[!12   rrN) rrrrrrr9rzrrrrrrr s!@!$;- 6!rrc/n[R[R[RS.nUHup4X2;aJ[ XBUS9nSR UR 5UR5nURX645 MTUS:Xa*[U5nURSUR45 MURX445 M U$)N)z-gz-pz-u)r8zentity={},role={}z-d) r rrrrr<rr=rrr2)sub_optstranslated_sub_optsscope_type_from_flagflagvaluechange new_values rtranslate_sub_opts_for_shimrBs       OO  mt #+EFf%,,V-=-=-?Mi  $!23 e}f  $(9(9!:;  $/  r)r __future__rrrrrGgslib.exceptionr"gslib.third_party.storage_apitoolsrrobjectr rrrrrrrsL>&%' ,W hhV2!V2!jr