/** * @group public */ public function testAcl() { $store = $this->objectStore(); $cname = self::$settings['openstack.swift.container'] . 'PUBLIC'; if ($store->hasContainer($cname)) { $store->deleteContainer($cname); } $store->createContainer($cname, ACL::makePublic()); $store->containers(); $container = $store->container($cname); $acl = $container->acl(); $this->assertInstanceOf('\\OpenStack\\ObjectStore\\v1\\Resource\\ACL', $acl); $this->assertTrue($acl->isPublic()); $store->deleteContainer($cname); }
/** * Get missing fields. * * Not all containers come fully instantiated. This method is sometimes * called to "fill in" missing fields. * * @return \OpenStack\ObjectStore\v1\Resource\Container */ protected function loadExtraData() { // If URL and token are empty, we are dealing with a local item that // has not been saved, and was not created with Container::createContainer(). // We treat this as an error condition. if (empty($this->url) || empty($this->token)) { throw new Exception('Remote data cannot be fetched. A Token and endpoint URL are required.'); } // Do a GET on $url to fetch headers. $headers = ['X-Auth-Token' => $this->token]; $response = $this->client->get($this->url, ['headers' => $headers]); $headers = self::reformatHeaders($response->getHeaders()); // Get ACL. $this->acl = ACL::newFromHeaders($headers); // Update size and count. $this->bytes = $response->getHeader('X-Container-Bytes-Used', 0); $this->count = $response->getHeader('X-Container-Object-Count', 0); // Get metadata. $prefix = Container::CONTAINER_METADATA_HEADER_PREFIX; $this->setMetadata(Container::extractHeaderAttributes($headers, $prefix)); return $this; }
public function testIsPublic() { $acl = new ACL(); $this->assertFalse($acl->isPublic()); $acl->allowListings(); $acl->addReferrer(ACL::READ, '*'); $this->assertTrue($acl->isPublic()); $acl->addAccount(ACL::WRITE, 'foo', 'bar'); $this->assertTrue($acl->isPublic()); $acl = ACL::makePublic(); $this->assertTrue($acl->isPublic()); }
/** * Create a container with the given name. * * This creates a new container on the ObjectStorage * server with the name provided in $name. * * A boolean is returned when the operation did not generate an error * condition. * * - true means that the container was created. * - false means that the container was not created because it already * exists. * * Any actual error will cause an exception to be thrown. These will * be the HTTP-level exceptions. * * ACLs * * Swift supports an ACL stream that allows for specifying (with * certain caveats) various levels of read and write access. However, * there are two standard settings that cover the vast majority of * cases. * * - Make the resource private: This grants read and write access to * ONLY the creating user tenant. This is the default; it can also be * specified with ACL::makeNonPublic(). * - Make the resource public: This grants READ permission to any * requesting host, yet only allows the creator to WRITE to the * object. This level can be granted by ACL::makePublic(). * * Note that ACLs operate at a container level. Thus, marking a * container public will allow access to ALL objects inside of the * container. * * To find out whether an existing container is public, you can * write something like this: * * <?php * // Get the container. * $container = $objectStorage->container('my_container'); * * //Check the permission on the ACL: * $boolean = $container->acl()->isPublic(); * ?> * * For details on ACLs, see \OpenStack\ObjectStore\v1\Resource\ACL. * * @param string $name The name of the container. * @param object $acl \OpenStack\ObjectStore\v1\Resource\ACL An access control * list object. By default, a container is non-public * (private). To change this behavior, you can add a * custom ACL. To make the container publically * readable, you can use this: \OpenStack\ObjectStore\v1\Resource\ACL::makePublic(). * @param array $metadata An associative array of metadata to attach to the * container. * * @return boolean true if the container was created, false if the container * was not created because it already exists. */ public function createContainer($name, ACL $acl = null, $metadata = []) { $url = $this->url() . '/' . rawurlencode($name); $headers = ['X-Auth-Token' => $this->token()]; if (!empty($metadata)) { $prefix = Container::CONTAINER_METADATA_HEADER_PREFIX; $headers += Container::generateMetadataHeaders($metadata, $prefix); } // Add ACLs to header. if (!empty($acl)) { $headers += $acl->headers(); } $data = $this->client->put($url, null, ['headers' => $headers]); $status = $data->getStatusCode(); if ($status == 201) { return true; } elseif ($status == 202) { return false; } else { // According to the OpenStack docs, there are no other return codes. throw new Exception('Server returned unexpected code: ' . $status); } }
/** * @depends testCreateContainerPublic */ public function testChangeContainerACL() { $testCollection = self::$settings['openstack.swift.container'] . 'PUBLIC'; $store = $this->objectStore(); if ($store->hasContainer($testCollection)) { $store->deleteContainer($testCollection); } $ret = $store->createContainer($testCollection); $acl = ACL::makePublic(); $ret = $store->changeContainerACL($testCollection, $acl); $this->assertFalse($ret); $container = $store->container($testCollection); $url = $container->url() . '?format=xml'; $data = file_get_contents($url); $this->assertNotEmpty($data, $url); $store->deleteContainer($testCollection); }