From 1f8e649178fde2e5175f444aa8375b9951dc16d2 Mon Sep 17 00:00:00 2001 From: batabana Date: Wed, 4 Aug 2021 14:32:11 +0200 Subject: [PATCH 1/2] BUGFIX: clear mixed up acl target settings --- Classes/S3Target.php | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/Classes/S3Target.php b/Classes/S3Target.php index bfb2192..e5bbf88 100644 --- a/Classes/S3Target.php +++ b/Classes/S3Target.php @@ -72,13 +72,6 @@ class S3Target implements TargetInterface */ protected $unpublishResources = true; - /** - * If `true` (default) the S3 ACL is set to `public-read`. If `false` no ACL option will be set. - * - * @var boolean - */ - protected $accessPolicyEnabled = true; - /** * Internal cache for known storages, indexed by storage name * @@ -147,9 +140,6 @@ public function __construct($name, array $options = array()) case 'unpublishResources': $this->unpublishResources = (bool)$value; break; - case 'accessPolicyEnabled': - $this->accessPolicyEnabled = (bool)$value; - break; case 'acl': $this->acl = (string)$value; break; @@ -240,13 +230,15 @@ public function publishCollection(CollectionInterface $collection, callable $cal $potentiallyObsoleteObjects[$objectName] = false; } else { $options = [ - 'ACL' => $this->acl, 'Bucket' => $this->bucketName, 'CopySource' => urlencode($storageBucketName . '/' . $storage->getKeyPrefix() . $object->getSha1()), 'ContentType' => $object->getMediaType(), 'MetadataDirective' => 'REPLACE', 'Key' => $objectName ]; + if ($this->acl !== '') { + $options['ACL'] = $this->acl; + } try { $this->s3Client->copyObject($options); $this->systemLogger->debug(sprintf('Successfully copied resource as object "%s" (SHA1: %s) from bucket "%s" to bucket "%s"', $objectName, $object->getSha1() ?: 'unknown', $storageBucketName, $this->bucketName)); @@ -317,13 +309,15 @@ public function publishResource(PersistentResource $resource, CollectionInterfac $sourceObjectArn = $storage->getBucketName() . '/' . $storage->getKeyPrefix() . $resource->getSha1(); $objectName = $this->keyPrefix . $this->getRelativePublicationPathAndFilename($resource); $options = [ - 'ACL' => $this->acl, 'Bucket' => $this->bucketName, 'CopySource' => urlencode($sourceObjectArn), 'ContentType'=> $resource->getMediaType(), 'MetadataDirective' => 'REPLACE', 'Key' => $objectName ]; + if ($this->acl !== '') { + $options['ACL'] = $this->acl; + } $this->s3Client->copyObject($options); $this->systemLogger->debug(sprintf('Successfully published resource as object "%s" (SHA1: %s) by copying from bucket "%s" to bucket "%s"', $objectName, $resource->getSha1() ?: 'unknown', $storage->getBucketName(), $this->bucketName)); } catch (S3Exception $e) { @@ -412,7 +406,7 @@ protected function publishFile($sourceStream, $relativeTargetPathAndFilename, Re ); try { - $this->s3Client->upload($this->bucketName, $objectName, $sourceStream, $this->accessPolicyEnabled !== false ? 'public-read' : null, $options); + $this->s3Client->upload($this->bucketName, $objectName, $sourceStream, $this->acl !== '' ? $this->acl : null, $options); $this->systemLogger->debug(sprintf('Successfully published resource as object "%s" in bucket "%s" with SHA1 hash "%s"', $objectName, $this->bucketName, $metaData->getSha1() ?: 'unknown')); } catch (\Exception $e) { $this->systemLogger->debug(sprintf('Failed publishing resource as object "%s" in bucket "%s" with SHA1 hash "%s": %s', $objectName, $this->bucketName, $metaData->getSha1() ?: 'unknown', $e->getMessage())); From 87a866d30a4e5b3cc607d13b208aa12fab6719a1 Mon Sep 17 00:00:00 2001 From: batabana Date: Wed, 4 Aug 2021 15:10:13 +0200 Subject: [PATCH 2/2] BUGFIX: prevent overwrite of acl setting with default --- Classes/S3Target.php | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/Classes/S3Target.php b/Classes/S3Target.php index e5bbf88..ea74e29 100644 --- a/Classes/S3Target.php +++ b/Classes/S3Target.php @@ -26,11 +26,17 @@ class S3Target implements TargetInterface { /** * The ACL when uploading a file - * @Flow\InjectConfiguration(package="Flownative.Aws.S3", path="profiles.default.acl") * @var string */ protected $acl; + /** + * The default ACL + * @Flow\InjectConfiguration(package="Flownative.Aws.S3", path="profiles.default.acl") + * @var string + */ + protected $defaultAcl; + /** * Name which identifies this resource target * @@ -184,6 +190,16 @@ public function getKeyPrefix() return $this->keyPrefix; } + /** + * Returns the ACL when uploading a file + * + * @return string + */ + public function getAcl() + { + return isset($this->acl) ? $this->acl : $this->defaultAcl; + } + /** * Publishes the whole collection to this target * @@ -236,8 +252,8 @@ public function publishCollection(CollectionInterface $collection, callable $cal 'MetadataDirective' => 'REPLACE', 'Key' => $objectName ]; - if ($this->acl !== '') { - $options['ACL'] = $this->acl; + if ($this->getAcl()) { + $options['ACL'] = $this->getAcl(); } try { $this->s3Client->copyObject($options); @@ -315,8 +331,8 @@ public function publishResource(PersistentResource $resource, CollectionInterfac 'MetadataDirective' => 'REPLACE', 'Key' => $objectName ]; - if ($this->acl !== '') { - $options['ACL'] = $this->acl; + if ($this->getAcl()) { + $options['ACL'] = $this->getAcl(); } $this->s3Client->copyObject($options); $this->systemLogger->debug(sprintf('Successfully published resource as object "%s" (SHA1: %s) by copying from bucket "%s" to bucket "%s"', $objectName, $resource->getSha1() ?: 'unknown', $storage->getBucketName(), $this->bucketName)); @@ -406,7 +422,7 @@ protected function publishFile($sourceStream, $relativeTargetPathAndFilename, Re ); try { - $this->s3Client->upload($this->bucketName, $objectName, $sourceStream, $this->acl !== '' ? $this->acl : null, $options); + $this->s3Client->upload($this->bucketName, $objectName, $sourceStream, $this->getAcl() ? $this->getAcl() : null, $options); $this->systemLogger->debug(sprintf('Successfully published resource as object "%s" in bucket "%s" with SHA1 hash "%s"', $objectName, $this->bucketName, $metaData->getSha1() ?: 'unknown')); } catch (\Exception $e) { $this->systemLogger->debug(sprintf('Failed publishing resource as object "%s" in bucket "%s" with SHA1 hash "%s": %s', $objectName, $this->bucketName, $metaData->getSha1() ?: 'unknown', $e->getMessage()));