本文介绍如何获取和设置对象的访问权限。对象的访问权限优先级高于桶的访问权限,如果对象未设置访问权限,则遵循桶的访问权限。
访问权限值 | 描述 |
---|---|
private | 私有。对象的所有者拥有所有权限,其他用户没有权限操作该对象。 |
public-read | 公共读。对象的所有者拥有所有权限,其他用户只有该对象的读权限。 |
public-read-write | 公共读写。所有用户都有该对象文件的读写权限。 |
authenticated-read | 对象的所有者拥有所有权限,认证用户拥有该对象的读权限。 |
bucket-owner-read | 对象所有者拥有所有权限,桶所有者拥有该对象的读权限。 |
bucket-owner-full-control | 桶所有者和对象所有者都拥有对象的所有操作权限。 |
如下代码展示如何设置对象的访问权限。
// 从STS服务获取的临时访问密钥和安全令牌(AccessKey、SecretKey、SecurityToken) TOSCredential *credential = [[TOSCredential alloc] initWithAccessKey:@"accesskey" secretKey:@"secretkey" securityToken:@"securityToken"]; TOSEndpoint *tosEndpoint = [[TOSEndpoint alloc] initWithURLString:@"endpoint" withRegion:@"region"]; TOSClientConfiguration *config = [[TOSClientConfiguration alloc] initWithEndpoint:tosEndpoint credential:credential]; TOSClient *client = [[TOSClient alloc] initWithConfiguration:config]; TOSPutObjectACLInput *putAcl = [TOSPutObjectACLInput new]; putAcl.tosBucket = @"bucket-name"; putAcl.tosKey = @"object-name"; TOSGrantee *grantee = [TOSGrantee new]; grantee.tosType = TOSGranteeType; grantee.tosID = @"id"; TOSGrant *grant = [TOSGrant new]; grant.tosGrantee = grantee; grant.tosPermission = TOSPermissionType; NSMutableArray *grants = [NSMutableArray array]; [grants addObject:grant]; putAcl.tosGrants = grants; TOSOwner *owner = [[TOSOwner alloc] init]; owner.tosID = @"test-cid"; putAcl.tosOwner = owner; TOSTask *task = [client putObjectAcl:putAcl]; [task continueWithBlock:^id(TOSTask *task) { if (!task.error) { NSLog(@"Put object acl success."); TOSPutObjectACLOutput *output = task.result; } else { NSLog(@"Put object acl failed, error: %@" ,task.error); } return nil; }];
如下代码展示如何获取对象的访问权限。
// 从STS服务获取的临时访问密钥和安全令牌(AccessKey、SecretKey、SecurityToken) TOSCredential *credential = [[TOSCredential alloc] initWithAccessKey:@"accesskey" secretKey:@"secretkey" securityToken:@"securityToken"]; TOSEndpoint *tosEndpoint = [[TOSEndpoint alloc] initWithURLString:@"endpoint" withRegion:@"region"]; TOSClientConfiguration *config = [[TOSClientConfiguration alloc] initWithEndpoint:tosEndpoint credential:credential]; TOSClient *client = [[TOSClient alloc] initWithConfiguration:config]; TOSGetObjectACLInput *getAcl = [TOSGetObjectACLInput new]; getAcl.tosBucket = @"bucket-name"; getAcl.tosKey = @"object-name"; TOSTask *task = [client getObjectAcl:getAcl]; [task continueWithBlock:^id(TOSTask *task) { if (!task.error) { NSLog(@"Get object acl success."); TOSGetObjectACLOutput *output = task.result; } else { NSLog(@"Get object acl failed, error: %@" , task.error); } return nil; }];