Skip to content

Commit

Permalink
Add a ACL option to set access permission in S3 bucket #614
Browse files Browse the repository at this point in the history
  • Loading branch information
Phuc.Nguyen-Ngoc-Hoang committed Jun 5, 2024
1 parent 0155a96 commit deb51c8
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 1 deletion.
1 change: 1 addition & 0 deletions classes/local/manager.php
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ public static function get_objectfs_config() {
$config->s3_key = '';
$config->s3_secret = '';
$config->s3_bucket = '';
$config->s3_bucket_acl = 'private';
$config->s3_region = 'us-east-1';
$config->s3_base_url = '';
$config->key_prefix = '';
Expand Down
17 changes: 16 additions & 1 deletion classes/local/store/s3/client.php
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ public function __construct($config) {
// See https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/s3-multipart-upload.html.
$this->maxupload = OBJECTFS_BYTES_IN_TERABYTE * 5;
$this->bucket = $config->s3_bucket;
$this->bucketacl = $config->s3_bucket_acl;
$this->expirationtime = $config->expirationtime;
$this->presignedminfilesize = $config->presignedminfilesize;
$this->enablepresignedurls = $config->enablepresignedurls;
Expand Down Expand Up @@ -373,6 +374,16 @@ protected function get_exception_details($exception) {
*/
public function define_client_section($settings, $config) {
global $OUTPUT;
$acloptions = [
'private' => 'private',
'public-read' => 'public-read',
'public-read-write' => 'public-read-write',
'authenticated-read' => 'authenticated-read',
'aws-exec-read' => 'aws-exec-read',
'bucket-owner-read' => 'bucket-owner-read',
'bucket-owner-full-control' => 'bucket-owner-full-control',
];

$plugins = \core_component::get_plugin_list('local');

if (!array_key_exists('aws', $plugins)) {
Expand Down Expand Up @@ -414,6 +425,10 @@ public function define_client_section($settings, $config) {
new \lang_string('settings:aws:bucket', 'tool_objectfs'),
new \lang_string('settings:aws:bucket_help', 'tool_objectfs'), ''));

$settings->add(new \admin_setting_configselect('tool_objectfs/s3_bucket_acl',
new \lang_string('settings:aws:bucket_acl', 'tool_objectfs'),
new \lang_string('settings:aws:bucket_acl_help', 'tool_objectfs'), 'private', $acloptions));

$settings->add(new admin_settings_aws_region('tool_objectfs/s3_region',
new \lang_string('settings:aws:region', 'tool_objectfs'),
new \lang_string('settings:aws:region_help', 'tool_objectfs'), ''));
Expand Down Expand Up @@ -446,7 +461,7 @@ public function upload_to_s3($localpath, $contenthash) {

try {
$externalpath = $this->get_filepath_from_hash($contenthash);
$uploader = new \Aws\S3\ObjectUploader($this->client, $this->bucket, $this->bucketkeyprefix . $externalpath, $filehandle);
$uploader = new \Aws\S3\ObjectUploader($this->client, $this->bucket, $this->bucketkeyprefix . $externalpath, $filehandle, $this->bucketacl;
$uploader->upload();
fclose($filehandle);
} catch (\Aws\Exception\MultipartUploadException $e) {
Expand Down
2 changes: 2 additions & 0 deletions lang/en/tool_objectfs.php
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,8 @@
$string['settings:aws:secret_help'] = 'Amazon S3 secret credential.';
$string['settings:aws:bucket'] = 'Bucket';
$string['settings:aws:bucket_help'] = 'Amazon S3 bucket to store files in.';
$string['settings:aws:bucket_acl'] = 'Bucket ACL';
$string['settings:aws:bucket_acl_help'] = 'Access permission for files created inside the S3 bucket.';
$string['settings:aws:region'] = 'region';
$string['settings:aws:region_help'] = 'Amazon S3 API gateway region.';
$string['settings:aws:base_url'] = 'Base URL';
Expand Down

0 comments on commit deb51c8

Please sign in to comment.