o Mf c@sdZddlmZddlmZddlmZddlmZGdddeZ Gdd d eZ Gd d d e Z Gd d d e Z Gddde Z dS)z%Manage access to objects and buckets.) _add_generation_match_parameters)_DEFAULT_TIMEOUT) DEFAULT_RETRY))DEFAULT_RETRY_IF_METAGENERATION_SPECIFIEDc@s~eZdZdZdZdZdZdddZdd Zd d Z d d Z ddZ ddZ ddZ ddZddZddZddZddZdS) _ACLEntityaClass representing a set of roles for an entity. This is a helper class that you likely won't ever construct outside of using the factor methods on the :class:`ACL` object. :type entity_type: str :param entity_type: The type of entity (ie, 'group' or 'user'). :type identifier: str :param identifier: (Optional) The ID or e-mail of the entity. For the special entity types (like 'allUsers'). READERWRITEROWNERNcCs||_tg|_||_dSN) identifiersetrolestype)self entity_typer rZ/var/www/html/analyze/labelStudio/lib/python3.10/site-packages/google/cloud/storage/acl.py__init__)s  z_ACLEntity.__init__cCs|jst|jSdj|dS)Nz{acl.type}-{acl.identifier})acl)r strrformatrrrr__str__.s  z_ACLEntity.__str__cCsd|dd|jdS)Nz )joinr rrrr__repr__4sz_ACLEntity.__repr__cCs|jS)zGet the list of roles permitted by this entity. :rtype: list of strings :returns: The list of roles associated with this entity. )r rrrr get_roles7sz_ACLEntity.get_rolescCs|j|dS)zoAdd a role to the entity. :type role: str :param role: The role to add to the entity. N)r addrrolerrrgrant?sz_ACLEntity.grantcCs||jvr |j|dSdS)zyRemove a role from the entity. :type role: str :param role: The role to remove from the entity. N)r removerrrrrevokeGs z_ACLEntity.revokecC|tjdS)z(Grant read access to the current entity.N)rr READER_ROLErrrr grant_readPz_ACLEntity.grant_readcCr")z)Grant write access to the current entity.N)rr WRITER_ROLErrrr grant_writeTr%z_ACLEntity.grant_writecCr")z)Grant owner access to the current entity.N)rr OWNER_ROLErrrr grant_ownerXr%z_ACLEntity.grant_ownercCr")z+Revoke read access from the current entity.N)r!rr#rrrr revoke_read\r%z_ACLEntity.revoke_readcCr")z,Revoke write access from the current entity.N)r!rr&rrrr revoke_write`r%z_ACLEntity.revoke_writecCr")z,Revoke owner access from the current entity.N)r!rr(rrrr revoke_ownerdr%z_ACLEntity.revoke_ownerr )__name__ __module__ __qualname____doc__r#r&r(rrrrrr!r$r'r)r*r+r,rrrrrs"    rc@sXeZdZdZdZdZdddddd d Zegd Z d Z d Z d Z d Z ddZ efddZeddZddZddZddZddZdr:valuesrr)rrHrrrr__iter__s z ACL.__iter__cCs|d}|d}|dkr|}n|dkr|}nd|vr-|dd\}}|j||d}t|ts9td||||S) aBuild an _ACLEntity object from a dictionary of data. An entity is a mutable object that represents a list of roles belonging to either a user or group or the special types for all users and all authenticated users. :type entity_dict: dict :param entity_dict: Dictionary full of data from an ACL lookup. :rtype: :class:`_ACLEntity` :returns: An Entity constructed from the dictionary. rHrallUsersallAuthenticatedUsers-rr zInvalid dictionary: )allall_authenticatedsplitrH isinstancerrBr)r entity_dictrHrrr rrrentity_from_dicts     zACL.entity_from_dictcCs|t||jvS)aReturns whether or not this ACL has any entries for an entity. :type entity: :class:`_ACLEntity` :param entity: The entity to check for existence in this ACL. :rtype: bool :returns: True of the entity exists in the ACL. )r>rr:rrHrrr has_entitys zACL.has_entitycCs||jt||S)aGets an entity object from the ACL. :type entity: :class:`_ACLEntity` or string :param entity: The entity to get lookup in the ACL. :type default: anything :param default: This value will be returned if the entity doesn't exist. :rtype: :class:`_ACLEntity` :returns: The corresponding entity or the value provided to ``default``. )r>r:r@r)rrHdefaultrrr get_entityszACL.get_entitycCs|||jt|<dS)zAdd an entity to the ACL. :type entity: :class:`_ACLEntity` :param entity: The entity to add to this ACL. N)r>r:rrVrrr add_entityszACL.add_entitycCs2t||d}||r||}|S|||S)aFactory method for creating an Entity. If an entity with the same type and identifier already exists, this will return a reference to that entity. If not, it will create a new one and add it to the list of known entities for this ACL. :type entity_type: str :param entity_type: The type of entity to create (ie, ``user``, ``group``, etc) :type identifier: str :param identifier: The ID of the entity (if applicable). This can be either an ID or an e-mail address. :rtype: :class:`_ACLEntity` :returns: A new Entity or a reference to an existing identical entity. rO)rrWrYrZ)rrr rHrrrrHs    z ACL.entitycC|jd|dS)zFactory method for a user Entity. :type identifier: str :param identifier: An id or e-mail for this particular user. :rtype: :class:`_ACLEntity` :returns: An Entity corresponding to this user. userr rHrr rrrr\ zACL.usercCr[)zFactory method for a group Entity. :type identifier: str :param identifier: An id or e-mail for this particular group. :rtype: :class:`_ACLEntity` :returns: An Entity corresponding to this group. groupr]r^r_rrrra'r`z ACL.groupcCr[)zFactory method for a domain Entity. :type domain: str :param domain: The domain for this entity. :rtype: :class:`_ACLEntity` :returns: An entity corresponding to this domain. domainr]r^)rrbrrrrb2r`z ACL.domaincC |dS)zFactory method for an Entity representing all users. :rtype: :class:`_ACLEntity` :returns: An entity representing all users. rKr^rrrrrP= zACL.allcCrc)zFactory method for an Entity representing all authenticated users. :rtype: :class:`_ACLEntity` :returns: An entity representing all authenticated users. rLr^rrrrrQErdzACL.all_authenticatedcCs|t|jS)zGet a list of all Entity objects. :rtype: list of :class:`_ACLEntity` objects :returns: A list of all Entity objects. )r>listr:rIrrrr get_entitiesMszACL.get_entitiescCst)z&Abstract getter for the object client.)NotImplementedErrorrrrrclientVsz ACL.clientcCs|dur|j}|S)aCheck client or verify over-ride. :type client: :class:`~google.cloud.storage.client.Client` or ``NoneType`` :param client: the client to use. If not passed, falls back to the ``client`` stored on the current ACL. :rtype: :class:`google.cloud.storage.client.Client` :returns: The client passed in or the currently bound client. N)rh)rrhrrr_require_client[s zACL._require_clientcCsp|j}||}i}|jdur|j|d<|j|j||||d}d|_|ddD] }|| |q+dS)aReload the ACL data from Cloud Storage. If :attr:`user_project` is set, bills the API request to that project. :type client: :class:`~google.cloud.storage.client.Client` or ``NoneType`` :param client: (Optional) The client to use. If not passed, falls back to the ``client`` stored on the ACL's parent. :type timeout: float or tuple :param timeout: (Optional) The amount of time, in seconds, to wait for the server response. See: :ref:`configuring_timeouts` :type retry: :class:`~google.api_core.retry.Retry` :param retry: (Optional) How to retry the RPC. See: :ref:`configuring_retries` N userProject query_paramsr;retryTitemsr) reload_pathri user_projectr:rF _get_resourcer<r@rZrU)rrhr;rmpathrlfoundentryrrrr=js     z ACL.reloadc Cs||}ddi} |durg}|| |j<|jdur|j| d<t| ||||d|j} |j| |jt|i| || d} |j | |jdD] } | | | qEd|_ dS) aHelper for :meth:`save` and :meth:`save_predefined`. :type acl: :class:`google.cloud.storage.acl.ACL`, or a compatible list. :param acl: The ACL object to save. If left blank, this will save current entries. :type predefined: str :param predefined: An identifier for a predefined ACL. Must be one of the keys in :attr:`PREDEFINED_JSON_ACLS` If passed, `acl` must be None. :type client: :class:`~google.cloud.storage.client.Client` or ``NoneType`` :param client: (Optional) The client to use. If not passed, falls back to the ``client`` stored on the ACL's parent. :type if_generation_match: long :param if_generation_match: (Optional) See :ref:`using-if-generation-match` :type if_generation_not_match: long :param if_generation_not_match: (Optional) See :ref:`using-if-generation-not-match` :type if_metageneration_match: long :param if_metageneration_match: (Optional) See :ref:`using-if-metageneration-match` :type if_metageneration_not_match: long :param if_metageneration_not_match: (Optional) See :ref:`using-if-metageneration-not-match` :type timeout: float or tuple :param timeout: (Optional) The amount of time, in seconds, to wait for the server response. See: :ref:`configuring_timeouts` :type retry: google.api_core.retry.Retry or google.cloud.storage.retry.ConditionalRetryPolicy :param retry: (Optional) How to retry the RPC. See: :ref:`configuring_retries` projectionfullNrj)if_generation_matchif_generation_not_matchif_metageneration_matchif_metageneration_not_matchrkrT)ri_PREDEFINED_QUERY_PARAMrpr save_path_patch_resource_URL_PATH_ELEMrer:rFr@rZrUr<)rrrDrhrwrxryrzr;rmrlrrresultrtrrr_saves4 4      z ACL._savec Cs@|dur |}|j} nd} | r|j|d|||||||d dSdS)a!Save this ACL for the current bucket. If :attr:`user_project` is set, bills the API request to that project. :type acl: :class:`google.cloud.storage.acl.ACL`, or a compatible list. :param acl: The ACL object to save. If left blank, this will save current entries. :type client: :class:`~google.cloud.storage.client.Client` or ``NoneType`` :param client: (Optional) The client to use. If not passed, falls back to the ``client`` stored on the ACL's parent. :type if_generation_match: long :param if_generation_match: (Optional) See :ref:`using-if-generation-match` :type if_generation_not_match: long :param if_generation_not_match: (Optional) See :ref:`using-if-generation-not-match` :type if_metageneration_match: long :param if_metageneration_match: (Optional) See :ref:`using-if-metageneration-match` :type if_metageneration_not_match: long :param if_metageneration_not_match: (Optional) See :ref:`using-if-metageneration-not-match` :type timeout: float or tuple :param timeout: (Optional) The amount of time, in seconds, to wait for the server response. See: :ref:`configuring_timeouts` :type retry: google.api_core.retry.Retry or google.cloud.storage.retry.ConditionalRetryPolicy :param retry: (Optional) How to retry the RPC. See: :ref:`configuring_retries` NTrwrxryrzr;rm)r<r) rrrhrwrxryrzr;rmsave_to_backendrrrsaves"1 zACL.savec Cs*||}|jd||||||||d dS)aSave this ACL for the current bucket using a predefined ACL. If :attr:`user_project` is set, bills the API request to that project. :type predefined: str :param predefined: An identifier for a predefined ACL. Must be one of the keys in :attr:`PREDEFINED_JSON_ACLS` or :attr:`PREDEFINED_XML_ACLS` (which will be aliased to the corresponding JSON name). If passed, `acl` must be None. :type client: :class:`~google.cloud.storage.client.Client` or ``NoneType`` :param client: (Optional) The client to use. If not passed, falls back to the ``client`` stored on the ACL's parent. :type if_generation_match: long :param if_generation_match: (Optional) See :ref:`using-if-generation-match` :type if_generation_not_match: long :param if_generation_not_match: (Optional) See :ref:`using-if-generation-not-match` :type if_metageneration_match: long :param if_metageneration_match: (Optional) See :ref:`using-if-metageneration-match` :type if_metageneration_not_match: long :param if_metageneration_not_match: (Optional) See :ref:`using-if-metageneration-not-match` :type timeout: float or tuple :param timeout: (Optional) The amount of time, in seconds, to wait for the server response. See: :ref:`configuring_timeouts` :type retry: google.api_core.retry.Retry or google.cloud.storage.retry.ConditionalRetryPolicy :param retry: (Optional) How to retry the RPC. See: :ref:`configuring_retries` Nr)rEr) rrDrhrwrxryrzr;rmrrrsave_predefined+s 4 zACL.save_predefinedc Cs|jg|||||||ddS)aIRemove all ACL entries. If :attr:`user_project` is set, bills the API request to that project. Note that this won't actually remove *ALL* the rules, but it will remove all the non-default rules. In short, you'll still have access to a bucket that you created even after you clear ACL rules with this method. :type client: :class:`~google.cloud.storage.client.Client` or ``NoneType`` :param client: (Optional) The client to use. If not passed, falls back to the ``client`` stored on the ACL's parent. :type if_generation_match: long :param if_generation_match: (Optional) See :ref:`using-if-generation-match` :type if_generation_not_match: long :param if_generation_not_match: (Optional) See :ref:`using-if-generation-not-match` :type if_metageneration_match: long :param if_metageneration_match: (Optional) See :ref:`using-if-metageneration-match` :type if_metageneration_not_match: long :param if_metageneration_not_match: (Optional) See :ref:`using-if-metageneration-not-match` :type timeout: float or tuple :param timeout: (Optional) The amount of time, in seconds, to wait for the server response. See: :ref:`configuring_timeouts` :type retry: google.api_core.retry.Retry or google.cloud.storage.retry.ConditionalRetryPolicy :param retry: (Optional) How to retry the RPC. See: :ref:`configuring_retries` )rhrwrxryrzr;rmN)r)rrhrwrxryrzr;rmrrrrFls1 z ACL.clearr ))r-r.r/r0r~r{r? frozensetrAr<ror|rprrr> classmethodrErGrJrUrWrYrZrHr\rarbrPrQrfpropertyrhrirr=rrrrrFrrrrr1is          + Y G Cr1cPeZdZdZfddZeddZeddZedd Zed d Z Z S) BucketACLzAn ACL specifically for a bucket. :type bucket: :class:`google.cloud.storage.bucket.Bucket` :param bucket: The bucket to which this ACL relates. ctt|||_dSr )superrrbucket)rr __class__rrr zBucketACL.__init__cC|jjS)z&The client bound to this ACL's bucket.)rrhrrrrrhzBucketACL.clientcCs|jjd|jS)3Compute the path for GET API requests for this ACL./)rrrr~rrrrroszBucketACL.reload_pathcCrz5Compute the path for PATCH API requests for this ACL.)rrrrrrrr|rzBucketACL.save_pathcCrz?Compute the user project charged for API requests for this ACL.)rrprrrrrprzBucketACL.user_project r-r.r/r0rrrhror|rp __classcell__rrrrr    rc@seZdZdZdZdZdS)DefaultObjectACLz9A class representing the default object ACL for a bucket.defaultObjectAclpredefinedDefaultObjectAclN)r-r.r/r0r~r{rrrrrsrcr) ObjectACLzAn ACL specifically for a Cloud Storage object / blob. :type blob: :class:`google.cloud.storage.blob.Blob` :param blob: The blob that this ACL corresponds to. crr )rrrblob)rrrrrrrzObjectACL.__init__cCr)z$The client bound to this ACL's blob.)rrhrrrrrhrzObjectACL.clientcCs|jjdS)rz/aclrrrrrrrroszObjectACL.reload_pathcCrrrrrrrr|rzObjectACL.save_pathcCrr)rrprrrrrprzObjectACL.user_projectrrrrrrrrN)r0google.cloud.storage._helpersrgoogle.cloud.storage.constantsrgoogle.cloud.storage.retryrrobjectrr1rrrrrrrs    RD