• Home
  • S3
  • setAccessControlPolicy

S3::setAccessControlPolicy PHP Method

S3 Class Documentation Usage Examples Of S3::setAccessControlPolicy Show file Open project: tpyo/amazon-s3-php-class

setAccessControlPolicy() public static method

Set object or bucket Access Control Policy
public static setAccessControlPolicy ( string $bucket, string $uri = '', array $acp = [] ) : boolean
$bucket string Bucket name
$uri string Object URI
$acp array Access Control Policy Data (same as the data returned from getAccessControlPolicy)
return boolean 
    public static function setAccessControlPolicy($bucket, $uri = '', $acp = array())
    {
        $dom = new DOMDocument();
        $dom->formatOutput = true;
        $accessControlPolicy = $dom->createElement('AccessControlPolicy');
        $accessControlList = $dom->createElement('AccessControlList');
        // It seems the owner has to be passed along too
        $owner = $dom->createElement('Owner');
        $owner->appendChild($dom->createElement('ID', $acp['owner']['id']));
        $owner->appendChild($dom->createElement('DisplayName', $acp['owner']['name']));
        $accessControlPolicy->appendChild($owner);
        foreach ($acp['acl'] as $g) {
            $grant = $dom->createElement('Grant');
            $grantee = $dom->createElement('Grantee');
            $grantee->setAttribute('xmlns:xsi', 'http://www.w3.org/2001/XMLSchema-instance');
            if (isset($g['id'])) {
                // CanonicalUser (DisplayName is omitted)
                $grantee->setAttribute('xsi:type', 'CanonicalUser');
                $grantee->appendChild($dom->createElement('ID', $g['id']));
            } elseif (isset($g['email'])) {
                // AmazonCustomerByEmail
                $grantee->setAttribute('xsi:type', 'AmazonCustomerByEmail');
                $grantee->appendChild($dom->createElement('EmailAddress', $g['email']));
            } elseif ($g['type'] == 'Group') {
                // Group
                $grantee->setAttribute('xsi:type', 'Group');
                $grantee->appendChild($dom->createElement('URI', $g['uri']));
            }
            $grant->appendChild($grantee);
            $grant->appendChild($dom->createElement('Permission', $g['permission']));
            $accessControlList->appendChild($grant);
        }
        $accessControlPolicy->appendChild($accessControlList);
        $dom->appendChild($accessControlPolicy);
        $rest = new S3Request('PUT', $bucket, $uri, self::$endpoint);
        $rest->setParameter('acl', null);
        $rest->data = $dom->saveXML();
        $rest->size = strlen($rest->data);
        $rest->setHeader('Content-Type', 'application/xml');
        $rest = $rest->getResponse();
        if ($rest->error === false && $rest->code !== 200) {
            $rest->error = array('code' => $rest->code, 'message' => 'Unexpected HTTP status');
        }
        if ($rest->error !== false) {
            self::__triggerError(sprintf("S3::setAccessControlPolicy({$bucket}, {$uri}): [%s] %s", $rest->error['code'], $rest->error['message']), __FILE__, __LINE__);
            return false;
        }
        return true;
    }

Usage Example

Example #1
0
function yss_s3_distribution($type, $id)
{
    global $ym_formgen, $yss_cloudfront, $yss_db, $wpdb;
    // file details
    $s3file = yss_get($id);
    if ($_POST) {
        // here we go
        $distro = $_POST['distro'];
        list($can, $oai, $bucket, $file, $domain, $type) = explode('|', $distro);
        $packet = array('type' => 'CanonicalUser', 'id' => $can, 'name' => 'CloudFront Origin Access Identity ' . $oai, 'permission' => 'READ');
        $acp = array();
        require_once YSS_CLASSES_DIR . 'S3.php';
        $s3 = new S3();
        $s3->setAuth(get_option('yss_user_key'), get_option('yss_secret_key'));
        //get existing and merge
        $acp = $s3->getAccessControlPolicy($bucket, $file);
        $acp['acl'][] = $packet;
        if ($s3->setAccessControlPolicy($bucket, $file, $acp)) {
            $acp = $s3->getAccessControlPolicy($bucket, $file);
            // store
            $distribution = json_decode($s3file->distribution);
            if ($type == 'stream') {
                $distribution->streaming = $domain;
            } else {
                $distribution->download = $domain;
            }
            $distribution = json_encode($distribution);
            $sql = 'UPDATE ' . $yss_db . ' SET
						distribution = \'' . $distribution . '\'
					WHERE id = ' . $id;
            $wpdb->query($sql);
            echo '<div id="message" class="updated"><p>Permissions updated</p></div>';
            yss_s3_list();
            return;
        } else {
            echo '<div id="message" class="error"><p>Permissions update failed</p></div>';
        }
    }
    if ($type == 'stream') {
        $data = $yss_cloudfront->get_streaming();
    } else {
        $data = $yss_cloudfront->get_distribution();
    }
    if (is_array($data)) {
        $test = array_keys($data);
        if ($test[0] != '0') {
            $data = array($data);
        }
    }
    if (is_array($data)) {
        echo ym_box_top('Deploy');
        echo '
<form action="" method="post">
	<fieldset>
		<p>You can select a distribution to expose the file, ' . $s3file->bucket . '/' . $s3file->resource_path . ' onto</p>
		<table class="form-table">
			';
        $items = array('blank' => 'Select');
        foreach ($data as $item) {
            $bucket = $item['S3Origin']['DNSName']['value'];
            list($bucket, $null) = explode('.', $bucket, 2);
            $enabled = $item['Enabled']['value'];
            if ($enabled == 'true' && $s3file->bucket == $bucket) {
                // Distribution is enabled and is for this bucket matches
                $status = $item['Status']['value'];
                $domain = $item['DomainName']['value'];
                $oai = $item['S3Origin']['OriginAccessIdentity']['value'];
                list($null, $nulm, $oai) = explode('/', $oai);
                // oai needs canonical
                $canonical = $yss_cloudfront->get_oai_canonical($oai);
                $value = $canonical . '|' . $oai . '|' . $bucket . '|' . $s3file->resource_path . '|' . $domain . '|' . $type;
                //echo '<option value="' . $value . '">' . $domain . '</option>';
                $items[$value] = $domain;
            }
        }
        $ym_formgen->render_combo_from_array_row('Distribution', 'distro', $items, '', 'Which Distribution to expose this file on');
        echo '
		</table>
		<p class="submit">
			<input type="submit" value="Deploy!" />
		</p>
	</fieldset>
</form>
';
        echo ym_box_bottom();
    } else {
        echo '<div id="message" class="error"><p>Failed to load Distributions or none available</p></div>';
    }
}
All Usage Examples Of S3::setAccessControlPolicy
S3
__construct
__getCloudFrontDistributionConfigXML
__getCloudFrontInvalidationBatchXML
__getCloudFrontResponse
__getHash
__getMIMEType
__getSignature
__getTime
__parseCloudFrontDistributionConfig
__triggerError
copyObject
createDistribution
deleteBucket
deleteDistribution
deleteObject
disableBucketLogging
freeSigningKey
getAccessControlPolicy
getAuthenticatedURL
getBucket
getBucketLocation
getBucketLogging
getDistribution
getDistributionInvalidationList
getHttpUploadPostParams
getObject
getObjectInfo
getSignedCannedURL
getSignedPolicyURL
hasAuth
inputFile
inputResource
invalidateDistribution
listBuckets
listDistributions
listOriginAccessIdentities
putBucket
putObject
putObjectFile
putObjectString
setAccessControlPolicy
setAuth
setBucketLogging
setBucketRedirect
setEndpoint
setExceptions
setProxy
setSSL
setSSLAuth
setSigningKey
setTimeCorrectionOffset
updateDistribution