@aws-sdk/client-s3
Version:
AWS SDK for JavaScript S3 Client for Node.js, Browser and React Native
227 lines • 11.5 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.PutObjectAclCommand = void 0;
const models_0_1 = require("../models/models_0");
const Aws_restXml_1 = require("../protocols/Aws_restXml");
const middleware_bucket_endpoint_1 = require("@aws-sdk/middleware-bucket-endpoint");
const middleware_serde_1 = require("@aws-sdk/middleware-serde");
const smithy_client_1 = require("@aws-sdk/smithy-client");
/**
* <p>Uses the <code>acl</code> subresource to set the access control list (ACL) permissions
* for a new or existing object in an S3 bucket. You must have <code>WRITE_ACP</code>
* permission to set the ACL of an object. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions">What
* permissions can I grant?</a> in the <i>Amazon Simple Storage Service Developer Guide</i>.</p>
* <p>This action is not supported by Amazon S3 on Outposts.</p>
* <p>Depending on your application needs, you can choose to set
* the ACL on an object using either the request body or the headers. For example, if you have
* an existing application that updates a bucket ACL using the request body, you can continue
* to use that approach. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html">Access Control List (ACL) Overview</a> in the <i>Amazon S3 Developer
* Guide</i>.</p>
*
*
*
* <p>
* <b>Access Permissions</b>
* </p>
* <p>You can set access permissions using one of the following methods:</p>
* <ul>
* <li>
* <p>Specify a canned ACL with the <code>x-amz-acl</code> request header. Amazon S3 supports
* a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set
* of grantees and permissions. Specify the canned ACL name as the value of
* <code>x-amz-ac</code>l. If you use this header, you cannot use other access
* control-specific headers in your request. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL">Canned ACL</a>.</p>
* </li>
* <li>
* <p>Specify access permissions explicitly with the <code>x-amz-grant-read</code>,
* <code>x-amz-grant-read-acp</code>, <code>x-amz-grant-write-acp</code>, and
* <code>x-amz-grant-full-control</code> headers. When using these headers, you
* specify explicit access permissions and grantees (AWS accounts or Amazon S3 groups) who
* will receive the permission. If you use these ACL-specific headers, you cannot use
* <code>x-amz-acl</code> header to set a canned ACL. These parameters map to the set
* of permissions that Amazon S3 supports in an ACL. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html">Access Control List (ACL)
* Overview</a>.</p>
*
* <p>You specify each grantee as a type=value pair, where the type is one of the
* following:</p>
* <ul>
* <li>
* <p>
* <code>id</code> – if the value specified is the canonical user ID of an AWS
* account</p>
* </li>
* <li>
* <p>
* <code>uri</code> – if you are granting permissions to a predefined
* group</p>
* </li>
* <li>
* <p>
* <code>emailAddress</code> – if the value specified is the email address of
* an AWS account</p>
* <note>
* <p>Using email addresses to specify a grantee is only supported in the following AWS Regions: </p>
* <ul>
* <li>
* <p>US East (N. Virginia)</p>
* </li>
* <li>
* <p>US West (N. California)</p>
* </li>
* <li>
* <p> US West (Oregon)</p>
* </li>
* <li>
* <p> Asia Pacific (Singapore)</p>
* </li>
* <li>
* <p>Asia Pacific (Sydney)</p>
* </li>
* <li>
* <p>Asia Pacific (Tokyo)</p>
* </li>
* <li>
* <p>Europe (Ireland)</p>
* </li>
* <li>
* <p>South America (São Paulo)</p>
* </li>
* </ul>
* <p>For a list of all the Amazon S3 supported Regions and endpoints, see <a href="https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region">Regions and Endpoints</a> in the AWS General Reference.</p>
* </note>
* </li>
* </ul>
* <p>For example, the following <code>x-amz-grant-read</code> header grants list
* objects permission to the two AWS accounts identified by their email
* addresses.</p>
* <p>
* <code>x-amz-grant-read: emailAddress="xyz@amazon.com",
* emailAddress="abc@amazon.com" </code>
* </p>
*
* </li>
* </ul>
* <p>You can use either a canned ACL or specify access permissions explicitly. You cannot do
* both.</p>
* <p>
* <b>Grantee Values</b>
* </p>
* <p>You can specify the person (grantee) to whom you're assigning access rights (using
* request elements) in the following ways:</p>
* <ul>
* <li>
* <p>By the person's ID:</p>
* <p>
* <code><Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
* xsi:type="CanonicalUser"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName>
* </Grantee></code>
* </p>
* <p>DisplayName is optional and ignored in the request.</p>
* </li>
* <li>
* <p>By URI:</p>
* <p>
* <code><Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
* xsi:type="Group"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee></code>
* </p>
* </li>
* <li>
* <p>By Email address:</p>
* <p>
* <code><Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
* xsi:type="AmazonCustomerByEmail"><EmailAddress><>Grantees@email.com<></EmailAddress>lt;/Grantee></code>
* </p>
* <p>The grantee is resolved to the CanonicalUser and, in a response to a GET Object
* acl request, appears as the CanonicalUser.</p>
* <note>
* <p>Using email addresses to specify a grantee is only supported in the following AWS Regions: </p>
* <ul>
* <li>
* <p>US East (N. Virginia)</p>
* </li>
* <li>
* <p>US West (N. California)</p>
* </li>
* <li>
* <p> US West (Oregon)</p>
* </li>
* <li>
* <p> Asia Pacific (Singapore)</p>
* </li>
* <li>
* <p>Asia Pacific (Sydney)</p>
* </li>
* <li>
* <p>Asia Pacific (Tokyo)</p>
* </li>
* <li>
* <p>Europe (Ireland)</p>
* </li>
* <li>
* <p>South America (São Paulo)</p>
* </li>
* </ul>
* <p>For a list of all the Amazon S3 supported Regions and endpoints, see <a href="https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region">Regions and Endpoints</a> in the AWS General Reference.</p>
* </note>
* </li>
* </ul>
* <p>
* <b>Versioning</b>
* </p>
* <p>The ACL of an object is set at the object version level. By default, PUT sets the ACL of
* the current version of an object. To set the ACL of a different version, use the
* <code>versionId</code> subresource.</p>
* <p class="title">
* <b>Related Resources</b>
* </p>
* <ul>
* <li>
* <p>
* <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html">CopyObject</a>
* </p>
* </li>
* <li>
* <p>
* <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html">GetObject</a>
* </p>
* </li>
* </ul>
*/
class PutObjectAclCommand extends smithy_client_1.Command {
// Start section: command_properties
// End section: command_properties
constructor(input) {
// Start section: command_constructor
super();
this.input = input;
// End section: command_constructor
}
/**
* @internal
*/
resolveMiddleware(clientStack, configuration, options) {
this.middlewareStack.use(middleware_serde_1.getSerdePlugin(configuration, this.serialize, this.deserialize));
this.middlewareStack.use(middleware_bucket_endpoint_1.getBucketEndpointPlugin(configuration));
const stack = clientStack.concat(this.middlewareStack);
const { logger } = configuration;
const clientName = "S3Client";
const commandName = "PutObjectAclCommand";
const handlerExecutionContext = {
logger,
clientName,
commandName,
inputFilterSensitiveLog: models_0_1.PutObjectAclRequest.filterSensitiveLog,
outputFilterSensitiveLog: models_0_1.PutObjectAclOutput.filterSensitiveLog,
};
const { requestHandler } = configuration;
return stack.resolve((request) => requestHandler.handle(request.request, options || {}), handlerExecutionContext);
}
serialize(input, context) {
return Aws_restXml_1.serializeAws_restXmlPutObjectAclCommand(input, context);
}
deserialize(output, context) {
return Aws_restXml_1.deserializeAws_restXmlPutObjectAclCommand(output, context);
}
}
exports.PutObjectAclCommand = PutObjectAclCommand;
//# sourceMappingURL=PutObjectAclCommand.js.map