| 101 | } |
| 102 | |
| 103 | func getCannedACL(aCPolicy *accessControlPolicy) string { |
| 104 | grants := aCPolicy.AccessControlList.Grant |
| 105 | |
| 106 | switch { |
| 107 | case len(grants) == 1: |
| 108 | if grants[0].Grantee.URI == "" && grants[0].Permission == "FULL_CONTROL" { |
| 109 | return "private" |
| 110 | } |
| 111 | case len(grants) == 2: |
| 112 | for _, g := range grants { |
| 113 | if g.Grantee.URI == "http://acs.amazonaws.com/groups/global/AuthenticatedUsers" && g.Permission == "READ" { |
| 114 | return "authenticated-read" |
| 115 | } |
| 116 | if g.Grantee.URI == "http://acs.amazonaws.com/groups/global/AllUsers" && g.Permission == "READ" { |
| 117 | return "public-read" |
| 118 | } |
| 119 | if g.Permission == "READ" && g.Grantee.ID == aCPolicy.Owner.ID { |
| 120 | return "bucket-owner-read" |
| 121 | } |
| 122 | } |
| 123 | case len(grants) == 3: |
| 124 | for _, g := range grants { |
| 125 | if g.Grantee.URI == "http://acs.amazonaws.com/groups/global/AllUsers" && g.Permission == "WRITE" { |
| 126 | return "public-read-write" |
| 127 | } |
| 128 | } |
| 129 | } |
| 130 | return "" |
| 131 | } |
| 132 | |
| 133 | func getAmzGrantACL(aCPolicy *accessControlPolicy) map[string][]string { |
| 134 | grants := aCPolicy.AccessControlList.Grant |