-
Notifications
You must be signed in to change notification settings - Fork 595
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
File Acl permissions #804
Comments
There is, though it's a little more wordy than our API is usually: file.createWriteStream({
metadata: {
acl: [
{
entity: 'allUsers',
role: gcloud.storage.acl.READER_ROLE
}
]
}
}); I'm struggling to think of a clean way to make that easier, but if you have any ideas, we will gladly try to accommodate! |
I have tried that, but the file gets uploaded and no permissions are set. Here is my modified code
am i missing something |
I don't think so, that looks right to me. Can you paste what Also, what version of gcloud are you running? |
|
Am using version 0.18.0 |
It looks like the right permissions were added: metadata.acl[0] = {
// ...
entity: 'allUsers',
role: 'READER'
} How are you verifying the file is not being given the right permissions? |
I was accessing it using the console.developers.google.com UI, and i cant set any permissions using it
However i have tested the actual url and its accessible to the public. |
@jgeewax I think you're the resident expert at ACLs. Is there any reason a file would say it uploaded would have this metadata, but then list nothing (see above screenshot)? |
Anyone with leads on this issue? |
Hmm weird. Is it possible that somehow we're overriding the owner (which should be the service account that uploaded the object) which leads to a weird situation in the UI? |
How can I test this case |
// @jgeewax We're passing this metadata with the upload: metadata.acl = [
{
entity: 'allUsers',
role: 'READER'
}
] |
/cc @Capstan : Any idea what's going on here? Apparently the metadata response says it has an owner, but the UI disagrees.... ? |
You cannot change the owner of an object. You can only overwrite an object and become the new owner. The UI is being a little simplistic in that being the owner implies having OWNER permission. You can grant other ACL entities OWNER permission, but you cannot remove the owner from the ACL list. If you provide an ACL list on creation, we will naturally add the current user or service account creating the object to the ACLs. FTR, use of predefined ACLs works as well. |
If you had, for instance, added another entity owner permission, the dialog would have happily allowed you to save. However, GCS would then quietly re-add the original owner back into the ACL. I've filed a bug against the UI for this behavior. |
OK, so there's nothing we need to do differently then? We're not
accidentally stripping an OWNER permission away when we shouldn't?
|
No, I think you are set. If the user tries to remove the OWNER permission, the service will correct them; no need for fancy validation client-side. |
@lafama please re-open if this is still an issue. |
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [@types/mocha](https://togithub.com/DefinitelyTyped/DefinitelyTyped) | devDependencies | major | [`^7.0.1` -> `^8.0.0`](https://renovatebot.com/diffs/npm/@types%2fmocha/7.0.2/8.0.0) | --- ### Renovate configuration :date: **Schedule**: "after 9am and before 3pm" (UTC). :vertical_traffic_light: **Automerge**: Disabled by config. Please merge this manually once you are satisfied. :recycle: **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. :no_bell: **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#googleapis/nodejs-vision).
Is it possible to add permissions (allUsers:readers) to a file during uploading
The text was updated successfully, but these errors were encountered: