Class AWS::S3::ACL::Grant
In: lib/aws/s3/acl.rb
Parent: Object

A Policy is made up of one or more Grant objects. A grant sets a specific permission and grants it to the associated grantee.

When creating a new grant to add to a policy, you need only set its permission and then associate with a Grantee.

  grant = ACL::Grant.new
  => #<AWS::S3::ACL::Grant (permission) to (grantee)>

Here we see that neither the permission nor the grantee have been set. Let’s make this grant provide the READ permission.

  grant.permission = 'READ'
  grant
  => #<AWS::S3::ACL::Grant READ to (grantee)>

Now let’s assume we have a grantee to the AllUsers group already set up. Just associate that grantee with our grant.

  grant.grantee = all_users_group_grantee
  grant
  => #<AWS::S3::ACL::Grant READ to AllUsers Group>

And now are grant is complete. It provides READ permission to the AllUsers group, effectively making this object publicly readable without any authorization.

Assuming we have some object’s policy available in a local variable called policy, we can now add this grant onto its collection of grants.

  policy.grants << grant

And then we send the updated policy to the S3 servers.

  some_s3object.acl(policy)

Methods

grant   new   permission=   to_xml  

Included Modules

SelectiveAttributeProxy

External Aliases

eql? -> ==

Attributes

grantee  [RW] 

Public Class methods

Returns stock grants with name type.

  public_read_grant = ACL::Grant.grant :public_read
  => #<AWS::S3::ACL::Grant READ to AllUsers Group>

Valid stock grant types are:

  • :authenticated_read
  • :authenticated_read_acp
  • :authenticated_write
  • :authenticated_write_acp
  • :logging_read
  • :logging_read_acp
  • :logging_write
  • :logging_write_acp
  • :public_read
  • :public_read_acp
  • :public_write
  • :public_write_acp

[Source]

     # File lib/aws/s3/acl.rb, line 258
258:           def grant(type)
259:             case type
260:             when *stock_grant_map.keys
261:               build_stock_grant_for type
262:             else
263:               raise ArgumentError, "Unknown grant type `#{type}'"
264:             end
265:           end

[Source]

     # File lib/aws/s3/acl.rb, line 294
294:         def initialize(attributes = {})
295:           attributes = {'permission' => nil}.merge(attributes)
296:           @attributes = attributes
297:           extract_grantee!
298:           yield self if block_given?
299:         end

Public Instance methods

Set the permission for this grant.

  grant.permission = 'READ'
  grant
  => #<AWS::S3::ACL::Grant READ to (grantee)>

If the specified permisison level is not valid, an InvalidAccessControlLevel exception will be raised.

[Source]

     # File lib/aws/s3/acl.rb, line 308
308:         def permission=(permission_level)
309:           unless self.class.valid_permissions.include?(permission_level)
310:             raise InvalidAccessControlLevel.new(self.class.valid_permissions, permission_level)
311:           end
312:           attributes['permission'] = permission_level
313:         end

The xml representation of this grant.

[Source]

     # File lib/aws/s3/acl.rb, line 316
316:         def to_xml
317:           Builder.new(permission, grantee).to_s
318:         end

[Validate]