Object权限控制

1PutObjectAclRequest putObjectAclRequest(bucketName, objectKey);
2PutObjectAclResponse putObjectAclResponse;
3
4// 1. 使用x-bce-acl Header设置
5// cannedAcl支持:private、public-read
6std::string cannedAcl="public-read";
7putObjectAclRequest.set_canned_acl(cannedAcl);
8
9// 2. 使用x-bce-grant-read / x-bce-grant-read-permission Header设置
10// idStrings为id集合, 可一次传入多个id, 用逗号隔开, 字符串固定格式为:"id=/"xxxxx/", id=/"xxxxx/"";
11std::string idStrings="id=\"77f47fbbc29d41xxxxxxxxxx6\"";
12putObjectAclRequest.set_xbce_grant_read(idStrings);
13putObjectAclRequest.set_xbce_grant_full_control(idStrings);
14
15int ret = client.put_object_acl(putObjectAclRequest, &putObjectAclResponse);
16if (ret) {
17    LOGF(WARN, "client err: %d", ret);
18}
19if (putObjectAclResponse.is_fail()) {
20    LOGF(WARN,"put_object_acl: [status_code = %d], [message = %s], [requestid = %s]",
21         putObjectAclResponse.status_code(),
22         putObjectAclResponse.error().message().c_str(),
23         putObjectAclResponse.error().request_id().c_str());
24}

1PutObjectAclRequest putObjectAclRequest(bucketName, objectKey);
2PutObjectAclResponse putObjectAclResponse;
3
4// 1. 通过上传acl json串
5std::string jsonAcl =
6                "{\"accessControlList\":[{\"grantee\":[{\"id\":\"*\"}],\"permission\":[\"READ\"]},{"
7                "\"grantee\":[{\"id\":\"cb5f8xxxxxxxxxx82bbc\"}],\"permission\":["
8                "\"FULL_CONTROL\"]}]}";
9std::string cannedAcl="public-read";
10putObjectAclRequest.set_json_acl(jsonAcl);
11
12
13// 2. 上传acl文件
14std::string aclFilePath = "/tmp/acl.json"
15int setRet = putObjectAclRequest.set_acl_file(aclFilePath);
16if (ret) {
17    LOGF(WARN, "client set_acl_file: %d", ret);
18}
19
20// 3. 通过设置access_control_list数据
21std::vector<Grant> grants;
22Grant grant;
23grantee.id = "77fxxxxxxxxxxx5fa406";
24grant.grantee.push_back(grantee);
25grant.permission.push_back("READ");
26grants.push_back(grant);
27putObjectAclRequest.set_access_control_list(grants);
28
29int ret = client.put_object_acl(putObjectAclRequest, &putObjectAclResponse);
30if (ret) {
31    LOGF(WARN, "client err: %d", ret);
32}
33if (putObjectAclResponse.is_fail()) {
34    LOGF(WARN,"put_object_acl: [status_code = %d], [message = %s], [requestid = %s]",
35         putObjectAclResponse.status_code(),
36         putObjectAclResponse.error().message().c_str(),
37         putObjectAclResponse.error().request_id().c_str());
38}

1GetObjectAclRequest getObjectAclRequest(bucketName, objectKey);
2GetObjectAclResponse getObjectAclResponse;
3
4int ret = client()->get_object_acl(getObjectAclRequest, &getObjectAclResponse);
5if (ret) {
6    LOGF(WARN, "get_object_acl err: %d", ret);
7}
8
9if (getObjectAclResponse.is_fail()) {
10    LOGF(WARN,
11         "get_object_acl: [status_code = %d], [message = %s], [requestid = %s]",
12         getObjectAclResponse.status_code(),
13         getObjectAclResponse.error().message().c_str(),
14         getObjectAclResponse.error().request_id().c_str());
15}
16
17//获取具体权限(两种方式)
18std::vector<Grant> objectAcl = getObjectAclResponse.access_control_list();
19std::string objectAclJsonStr = getObjectAclResponse.json_access_control_list();

1//acl具体结构
2struct Grantee {
3    std::string id;
4};
5struct Grant {
6    std::vector<Grantee> grantee;
7    std::vector<std::string> permission;
8    //std::vector<std::string> resource;
9    //std::vector<std::string> notResource;
10    //Condition condition;
11    //std::string effect;
12}

1DeleteObjectAclRequest deleteObjectAclRequest(BUCKET_NAME, OBJECT_NAME);
2DeleteObjectAclResponse deleteObjectAclResponse;
3
4int ret = client.delete_object_acl(deleteObjectAclRequest, &deleteObjectAclResponse);
5if (ret) {
6    LOGF(WARN, "client err: %d", ret);
7}
8if (deleteObjectAclResponse.is_fail()) {
9    LOGF(WARN, "put_object_acl: [status_code = %d], [message = %s], [requestid = %s]",
10         deleteObjectAclResponse.status_code(),
11         deleteObjectAclResponse.error().message().c_str(),
12         deleteObjectAclResponse.error().request_id().c_str());
13}