LDEV-4735 - make reading the ACL optional when doing a set

lucee · Oct 26, 2023 · 9585229 · 9585229
1 parent 6b5020e
commit 9585229
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 9 deletions.
diff --git a/build.number b/build.number
@@ -1,3 +1,3 @@
 #Build Number for ANT. Do not edit!
-#Tue Oct 10 13:44:11 CEST 2023
-build.number=2
+#Thu Oct 26 10:22:47 CEST 2023
+build.number=3
diff --git a/source/java/src/org/lucee/extension/resource/s3/S3.java b/source/java/src/org/lucee/extension/resource/s3/S3.java
@@ -1413,7 +1413,15 @@ else if (se.getErrorCode().equals("NoSuchBucket") && !srcClient.doesBucketExistV
  boolean customACL = true;
 
  if (acl == null) {
- acl = srcClient.getBucketAcl(srcBucketName);
+ try {
+ acl = srcClient.getBucketAcl(srcBucketName);
+ }
+ catch (AmazonServiceException ase) {
+ if ("AccessDenied".equals(ase.getErrorCode())) {
+ // do nothing
+ }
+ else throw ase;
+ }
  customACL = acl == null;
  }
  CreateBucketRequest cbr = new CreateBucketRequest(trgBucketName);
@@ -2038,11 +2046,11 @@ private String toMetaDataKey(String key) {
 
  public void addAccessControlList(String bucketName, String objectName, Object objACL) throws S3Exception, PageException {
  AmazonS3Client client = getAmazonS3(bucketName, null);
-
  bucketName = improveBucketName(bucketName);
  objectName = improveObjectName(objectName);
- AccessControlList acl = getACL(client, bucketName, objectName);
+ AccessControlList acl = getACL(client, bucketName, objectName, false);
  acl.grantAllPermissions(AccessControlListUtil.toGrantAndPermissions(objACL));
+
  try {
  client.setObjectAcl(bucketName, objectName, acl);
  // is it necessary to set it for bucket as well?
@@ -2080,7 +2088,7 @@ public void setAccessControlList(AmazonS3Client client, String bucketName, Strin
  }
 
  Object newACL = AccessControlListUtil.toAccessControlList(objACL);
- AccessControlList oldACL = getACL(client, bucketName, objectName);
+ AccessControlList oldACL = getACL(client, bucketName, objectName, true);
  Owner aclOwner = oldACL != null ? oldACL.getOwner() : client.getS3AccountOwner();
  if (newACL instanceof AccessControlList) ((AccessControlList) newACL).setOwner(aclOwner);
 
@@ -2120,11 +2128,11 @@ public void setAccessControlList(AmazonS3Client client, String bucketName, Strin
  }
 
  public Array getAccessControlList(String bucketName, String objectName) throws S3Exception {
- AccessControlList acl = getACL(null, bucketName, objectName);
+ AccessControlList acl = getACL(null, bucketName, objectName, false);
  return AccessControlListUtil.toArray(acl.getGrantsAsList());
  }
 
- private AccessControlList getACL(AmazonS3Client client, String bucketName, String objectName) throws S3Exception {
+ private AccessControlList getACL(AmazonS3Client client, String bucketName, String objectName, boolean returnNullWhenAccessDenied) throws S3Exception {
  bucketName = improveBucketName(bucketName);
  objectName = improveObjectName(objectName);
  String key = toKey(bucketName, objectName);
@@ -2141,11 +2149,17 @@ private AccessControlList getACL(AmazonS3Client client, String bucketName, Strin
  return client.getObjectAcl(bucketName, objectName);
  }
  catch (AmazonServiceException se) {
- if (se.getErrorCode().equals("NoSuchKey")) { // we know at this point objectname is not empty, so we do not have to check that
+ if (returnNullWhenAccessDenied && "AccessDenied".equals(se.getErrorCode())) {
+ return null;
+ }
+ else if ("NoSuchKey".equals(se.getErrorCode())) { // we know at this point objectname is not empty, so we do not have to check that
  try {
  return client.getObjectAcl(bucketName, oppositeObjectName(objectName));
  }
  catch (AmazonServiceException ise) {
+ if (returnNullWhenAccessDenied && "AccessDenied".equals(ise.getErrorCode())) {
+ return null;
+ }
  throw toS3Exception(ise);
  }
  }