search

pellegrinimarcos / plsql-utils

Automatically exported from code.google.com/p/plsql-utils
0 stars 0 forks source link

AMAZON_AWS_S3_PKG - add get owner, get grantee functions (enhancement) #15

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
These allow callers to ask who the owner of an object is, and who has been 
granted what permissions for an object.

--SPEC--

  type t_grantee is record (
    grantee_type varchar2(20),  -- CanonicalUser or Group
    user_id varchar2(200),      -- for users
    user_name varchar2(200),    -- for users
    group_uri varchar2(200),    -- for groups
    permission varchar2(20)     -- FULL_CONTROL, WRITE, READ_ACP
  );

  type t_grantee_list is table of t_grantee index by binary_integer;
  type t_grantee_tab is table of t_grantee;

  -- get owner for an object
  function get_object_owner (p_bucket_name in varchar2,
                             p_key in varchar2)
                             return t_owner;

  -- get grantees for an object
  function get_object_grantee_list (p_bucket_name in varchar2,
                                    p_key in varchar2)
                                    return t_grantee_list;

  -- get grantees for an object
  function get_object_grantee_tab (p_bucket_name in varchar2,
                                   p_key in varchar2)
                                   return t_grantee_tab pipelined;

--BODY--

-- get the ACL for an object (private - used by get_object_owner,
-- get_object_grantee_list, get_object_grantee_tab)
function get_object_acl (p_bucket_name in varchar2,
                         p_key in varchar2)
                         return XMLType is

  l_clob                         clob;
  l_xml                          xmltype;

  l_date_str                     varchar2(255);
  l_auth_str                     varchar2(255);

  l_header_names                 t_str_array := t_str_array();
  l_header_values                t_str_array := t_str_array();

  l_returnvalue                  xmltype;

begin
  /*

  Purpose:   get object ACL

  Example return value:

  <AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <Owner>
      <ID>c244a7539c1fc912a06691246c90cb93629690ee4703efac8f08e6ff4cb48ef1</ID>
      <DisplayName>jeffreykemp</DisplayName>
    </Owner>
    <AccessControlList>
      <Grant>
        <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
          <ID>c244a7539c1fc912a06691246c90cb93629690ee4703efac8f08e6ff4cb48ef1</ID>
          <DisplayName>jeffreykemp</DisplayName>
        </Grantee>
        <Permission>FULL_CONTROL</Permission>
      </Grant>
      <Grant>
        <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
          <URI>http://acs.amazonaws.com/groups/global/AllUsers</URI>
        </Grantee>
        <Permission>READ</Permission>
      </Grant>
    </AccessControlList>
  </AccessControlPolicy>

  Remarks:

  Who     Date        Description
  ------  ----------  -------------------------------------
  JKEMP   10.08.2012  Created

  */

  l_date_str := amazon_aws_auth_pkg.get_date_string;
  l_auth_str := amazon_aws_auth_pkg.get_auth_string ('GET' || chr(10) || chr(10) || chr(10) || l_date_str || chr(10) || '/' || p_bucket_name || '/' || p_key || '?acl');

  l_header_names.extend;
  l_header_names(1) := 'Host';
  l_header_values.extend;
  l_header_values(1) := g_aws_host_s3;

  l_header_names.extend;
  l_header_names(2) := 'Date';
  l_header_values.extend;
  l_header_values(2) := l_date_str;

  l_header_names.extend;
  l_header_names(3) := 'Authorization';
  l_header_values.extend;
  l_header_values(3) := l_auth_str;

  l_clob := make_request (get_url(p_bucket_name, p_key) || '?acl', 'GET', l_header_names, l_header_values, null);

  if (l_clob is not null) and (length(l_clob) > 0) then

    l_xml := xmltype (l_clob);

    check_for_errors (l_xml);

    l_returnvalue := l_xml;

  end if;

  return l_returnvalue;

end get_object_acl;

function get_object_owner (p_bucket_name in varchar2,
                           p_key in varchar2)
                           return t_owner is
  l_xml                          xmltype;
  l_returnvalue                  t_owner;
begin
  /*

  Purpose:   get owner for an object

  Remarks:

  Who     Date        Description
  ------  ----------  -------------------------------------
  JKEMP   14.08.2012  Created

  */

  l_xml := get_object_acl(p_bucket_name, p_key);

  l_returnvalue.user_id := l_xml.extract('//AccessControlPolicy/Owner/ID/text()', g_aws_namespace_s3_full).getStringVal;
  l_returnvalue.user_name := l_xml.extract('//AccessControlPolicy/Owner/DisplayName/text()', g_aws_namespace_s3_full).getStringVal;

  return l_returnvalue;

end get_object_owner;

function get_object_grantee_list (p_bucket_name in varchar2,
                                  p_key in varchar2)
                                  return t_grantee_list is
  l_xml                          xmltype;
  l_count                        pls_integer := 0;
  l_returnvalue                  t_grantee_list;
begin
  /*

  Purpose:   get grantees for an object

  Remarks:

  Who     Date        Description
  ------  ----------  -------------------------------------
  JKEMP   14.08.2012  Created

  */

  l_xml := get_object_acl(p_bucket_name, p_key);

  -- Each grantee will either be a Canonical User or a Group.
  -- A Canonical User has an ID and a DisplayName.
  -- A Group has a URI.
  -- Permission will be FULL_CONTROL, WRITE, or READ_ACP.

  for l_rec in (
    select extractValue(value(t), '*/Grantee/@xsi:type', g_aws_namespace_s3_full||' '||g_xml_namespace_s3_full) as grantee_type,
      extractValue(value(t), '*/Grantee/ID', g_aws_namespace_s3_full) as user_id,
      extractValue(value(t), '*/Grantee/DisplayName', g_aws_namespace_s3_full) as user_name,
      extractValue(value(t), '*/Grantee/URI', g_aws_namespace_s3_full) as group_uri,
      extractValue(value(t), '*/Permission', g_aws_namespace_s3_full) as permission
    from table(xmlsequence(l_xml.extract('//AccessControlPolicy/AccessControlList/Grant', g_aws_namespace_s3_full))) t
    ) loop
    l_count := l_count + 1;
    l_returnvalue(l_count).grantee_type := l_rec.grantee_type;
    l_returnvalue(l_count).user_id := l_rec.user_id;
    l_returnvalue(l_count).user_name := l_rec.user_name;
    l_returnvalue(l_count).group_uri := l_rec.group_uri;
    l_returnvalue(l_count).permission := l_rec.permission;
  end loop;

  return l_returnvalue;

end get_object_grantee_list;

function get_object_grantee_tab (p_bucket_name in varchar2,
                                 p_key in varchar2)
                                 return t_grantee_tab pipelined is
  l_grantee_list  t_grantee_list;
begin
  /*

  Purpose:   get grantees for an object

  Remarks:

  Who     Date        Description
  ------  ----------  -------------------------------------
  JKEMP   14.08.2012  Created

  */

  l_grantee_list := get_object_grantee_list(p_bucket_name, p_key);

  for i in 1 .. l_grantee_list.count loop
    pipe row (l_grantee_list(i));
  end loop;

  return;

end get_object_grantee_tab;

Original issue reported on code.google.com by jeffrey....@jk64.com on 16 Aug 2012 at 12:30

GoogleCodeExporter commented 8 years ago 
Also required for this: at the top of the body:

  g_xml_namespace_s3_full  constant varchar2(255) := 'xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"';

Original comment by jeffrey....@jk64.com on 16 Aug 2012 at 12:31

GoogleCodeExporter commented 8 years ago

Original comment by thehunge...@gmail.com on 16 Aug 2012 at 2:19

GoogleCodeExporter commented 8 years ago 
Feature implemented in latest version of library.

Original comment by thehunge...@gmail.com on 17 Feb 2013 at 9:20