获取按用户过滤的存储分区的 ACL

查看由用户过滤的 Cloud Storage 存储分区访问控制列表 (ACL)。

代码示例

C#

如需了解详情,请参阅 Cloud Storage C# API 参考文档


using Google.Apis.Storage.v1.Data;
using Google.Cloud.Storage.V1;
using System;
using System.Collections.Generic;
using System.Linq;

public class PrintBucketAclForUserSample
{
    public IEnumerable<BucketAccessControl> PrintBucketAclForUser(
        string bucketName = "your-unique-bucket-name",
        string userEmail = "dev@iam.gserviceaccount.com")
    {
        var storage = StorageClient.Create();
        var bucket = storage.GetBucket(bucketName, new GetBucketOptions { Projection = Projection.Full });

        var bucketAclForUser = bucket.Acl.Where((acl) => acl.Entity == $"user-{userEmail}");
        foreach (var acl in bucketAclForUser)
        {
            Console.WriteLine($"{acl.Role}:{acl.Entity}");
        }

        return bucketAclForUser;
    }
}

C++

如需了解详情,请参阅 Cloud Storage C++ API 参考文档

namespace gcs = ::google::cloud::storage;
using ::google::cloud::StatusOr;
[](gcs::Client client, std::string const& bucket_name,
   std::string const& entity) {
  StatusOr<gcs::BucketAccessControl> acl =
      client.GetBucketAcl(bucket_name, entity);

  if (!acl) throw std::runtime_error(acl.status().message());
  std::cout << "ACL entry for " << acl->entity() << " in bucket "
            << acl->bucket() << " is " << *acl << "\n";
}

Go

如需了解详情,请参阅 Cloud Storage Go API 参考文档

import (
	"context"
	"fmt"
	"io"

	"cloud.google.com/go/storage"
)

// printBucketACLForUser lists bucket ACL using a filter.
func printBucketACLForUser(w io.Writer, bucket string, entity storage.ACLEntity) error {
	// bucket := "bucket-name"
	// entity := storage.AllUsers
	ctx := context.Background()
	client, err := storage.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("storage.NewClient: %v", err)
	}
	defer client.Close()

	rules, err := client.Bucket(bucket).ACL().List(ctx)
	if err != nil {
		return fmt.Errorf("ACLHandle.List: %v", err)
	}
	for _, r := range rules {
		if r.Entity == entity {
			fmt.Fprintf(w, "ACL rule role: %v\n", r.Role)
		}
	}
	return nil
}

Java

如需了解详情,请参阅 Cloud Storage Java API 参考文档


import com.google.cloud.storage.Acl;
import com.google.cloud.storage.Acl.User;
import com.google.cloud.storage.Bucket;
import com.google.cloud.storage.Storage;
import com.google.cloud.storage.StorageOptions;

public class PrintBucketAclFilterByUser {

  public static void printBucketAclFilterByUser(String bucketName, String userEmail) {

    // The ID to give your GCS bucket
    // String bucketName = "your-unique-bucket-name";

    // The email of the user whose acl is being retrieved.
    // String userEmail = "someuser@domain.com"

    Storage storage = StorageOptions.newBuilder().build().getService();
    Bucket bucket = storage.get(bucketName);

    Acl userAcl = bucket.getAcl(new User(userEmail));
    String userRole = userAcl.getRole().name();
    System.out.println("User " + userEmail + " has role " + userRole);
  }
}

Node.js

如需了解详情,请参阅 Cloud Storage Node.js API 参考文档

/**
 * TODO(developer): Uncomment the following lines before running the sample.
 */
// The ID of your GCS bucket
// const bucketName = 'your-unique-bucket-name';

// The email address of the user to check
// const userEmail = 'user-email-to-check';

// Imports the Google Cloud client library
const {Storage} = require('@google-cloud/storage');

// Creates a client
const storage = new Storage();

async function printBucketAclForUser() {
  const options = {
    // Specify the user
    entity: `user-${userEmail}`,
  };

  // Gets the user's ACL for the bucket
  const [aclObject] = await storage.bucket(bucketName).acl.get(options);

  console.log(`${aclObject.role}: ${aclObject.entity}`);
}

printBucketAclForUser().catch(console.error);

PHP

如需了解详情,请参阅 Cloud Storage PHP API 参考文档

use Google\Cloud\Storage\StorageClient;

/**
 * Print an entity role for a bucket ACL.
 *
 * @param string $bucketName The name of your Cloud Storage bucket.
 * @param string $entity The entity for which to query access controls.
 */
function print_bucket_acl_for_user(
    string $bucketName,
    string $entity
): void {
    // $bucketName = 'my-bucket';
    // $entity = 'user-example@domain.com';

    $storage = new StorageClient();
    $bucket = $storage->bucket($bucketName);
    $acl = $bucket->acl();

    $item = $acl->get(['entity' => $entity]);
    printf('%s: %s' . PHP_EOL, $item['entity'], $item['role']);
}

Python

如需了解详情,请参阅 Cloud Storage Python API 参考文档

from google.cloud import storage

def print_bucket_acl_for_user(bucket_name, user_email):
    """Prints out a bucket's access control list for a given user."""
    storage_client = storage.Client()
    bucket = storage_client.bucket(bucket_name)

    # Reload fetches the current ACL from Cloud Storage.
    bucket.acl.reload()

    # You can also use `group`, `domain`, `all_authenticated` and `all` to
    # get the roles for different types of entities.
    roles = bucket.acl.user(user_email).get_roles()

    print(roles)

Ruby

如需了解详情,请参阅 Cloud Storage Ruby API 参考文档

# The ID of your GCS bucket
# bucket_name = "your-unique-bucket-name"
# email       = "Google Cloud Storage ACL Entity email"

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket  = storage.bucket bucket_name

puts "Permissions for #{email}:"
puts "OWNER"  if bucket.acl.owners.include?  email
puts "WRITER" if bucket.acl.writers.include? email
puts "READER" if bucket.acl.readers.include? email

后续步骤

如需搜索和过滤其他 Google Cloud 产品的代码示例,请参阅 Google Cloud 示例浏览器