From fcdb4fcd2a3cb45a8b5f640b5cefe4f3be076c85 Mon Sep 17 00:00:00 2001 From: "Phuc.Nguyen-Ngoc-Hoang" Date: Wed, 5 Jun 2024 08:54:12 +0100 Subject: [PATCH] Add a ACL option to set access permission in S3 bucket --- classes/local/manager.php | 1 + classes/local/store/s3/client.php | 17 ++++++++++++++++- lang/en/tool_objectfs.php | 2 ++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/classes/local/manager.php b/classes/local/manager.php index c746b9c2..a2cc9cb6 100644 --- a/classes/local/manager.php +++ b/classes/local/manager.php @@ -72,6 +72,7 @@ public static function get_objectfs_config() { $config->s3_key = ''; $config->s3_secret = ''; $config->s3_bucket = ''; + $config->s3_bucket_acl = 'private'; $config->s3_region = 'us-east-1'; $config->s3_base_url = ''; $config->key_prefix = ''; diff --git a/classes/local/store/s3/client.php b/classes/local/store/s3/client.php index 31288859..1e68514e 100644 --- a/classes/local/store/s3/client.php +++ b/classes/local/store/s3/client.php @@ -59,6 +59,7 @@ public function __construct($config) { // See https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/s3-multipart-upload.html. $this->maxupload = OBJECTFS_BYTES_IN_TERABYTE * 5; $this->bucket = $config->s3_bucket; + $this->bucketacl = $config->s3_bucket_acl; $this->expirationtime = $config->expirationtime; $this->presignedminfilesize = $config->presignedminfilesize; $this->enablepresignedurls = $config->enablepresignedurls; @@ -373,6 +374,16 @@ protected function get_exception_details($exception) { */ public function define_client_section($settings, $config) { global $OUTPUT; + $acloptions = [ + 'private' => 'private', + 'public-read' => 'public-read', + 'public-read-write' => 'public-read-write', + 'authenticated-read' => 'authenticated-read', + 'aws-exec-read' => 'aws-exec-read', + 'bucket-owner-read' => 'bucket-owner-read', + 'bucket-owner-full-control' => 'bucket-owner-full-control', + ]; + $plugins = \core_component::get_plugin_list('local'); if (!array_key_exists('aws', $plugins)) { @@ -414,6 +425,10 @@ public function define_client_section($settings, $config) { new \lang_string('settings:aws:bucket', 'tool_objectfs'), new \lang_string('settings:aws:bucket_help', 'tool_objectfs'), '')); + $settings->add(new \admin_setting_configselect('tool_objectfs/s3_bucket_acl', + new \lang_string('settings:aws:bucket_acl', 'tool_objectfs'), + new \lang_string('settings:aws:bucket_acl_help', 'tool_objectfs'), 'private', $acloptions)); + $settings->add(new admin_settings_aws_region('tool_objectfs/s3_region', new \lang_string('settings:aws:region', 'tool_objectfs'), new \lang_string('settings:aws:region_help', 'tool_objectfs'), '')); @@ -446,7 +461,7 @@ public function upload_to_s3($localpath, $contenthash) { try { $externalpath = $this->get_filepath_from_hash($contenthash); - $uploader = new \Aws\S3\ObjectUploader($this->client, $this->bucket, $this->bucketkeyprefix . $externalpath, $filehandle); + $uploader = new \Aws\S3\ObjectUploader($this->client, $this->bucket, $this->bucketkeyprefix . $externalpath, $filehandle, $this->bucketacl; $uploader->upload(); fclose($filehandle); } catch (\Aws\Exception\MultipartUploadException $e) { diff --git a/lang/en/tool_objectfs.php b/lang/en/tool_objectfs.php index e8f48876..b3167b17 100644 --- a/lang/en/tool_objectfs.php +++ b/lang/en/tool_objectfs.php @@ -116,6 +116,8 @@ $string['settings:aws:secret_help'] = 'Amazon S3 secret credential.'; $string['settings:aws:bucket'] = 'Bucket'; $string['settings:aws:bucket_help'] = 'Amazon S3 bucket to store files in.'; +$string['settings:aws:bucket_acl'] = 'Bucket ACL'; +$string['settings:aws:bucket_acl_help'] = 'Access permission for files created inside the S3 bucket.'; $string['settings:aws:region'] = 'region'; $string['settings:aws:region_help'] = 'Amazon S3 API gateway region.'; $string['settings:aws:base_url'] = 'Base URL';