Presign every link to a resource in case the bucket is private

Author: tomas-sexenian

dotnet/src/dotnetframework/GxClasses/Services/Storage/ExternalProviderBase.cs

@@ -18,7 +18,7 @@ public abstract class ExternalProviderBase
 		protected static String DEFAULT_ACL = "DEFAULT_ACL";
 		protected static String DEFAULT_EXPIRATION = "DEFAULT_EXPIRATION";
 		protected static String FOLDER = "FOLDER_NAME";
-		protected static String DEFAULT_ACL_DEPRECATED = "STORAGE_PROVIDER_PRIVACY";
+		protected static String DEFAULT_STORAGE_PRIVACY = "STORAGE_PROVIDER_PRIVACY";
 		protected static String DEFAULT_EXPIRATION_DEPRECATED = "STORAGE_PROVIDER_DEFAULT_EXPIRATION";
 		protected TimeSpan defaultExpiration = new TimeSpan(24, 0, 0);
 		protected static string DEFAULT_TMP_CONTENT_TYPE = "image/jpeg";
@@ -52,7 +52,7 @@ public ExternalProviderBase(GXService s)
 
 		private void Initialize()
 		{
-			String aclS = GetPropertyValue(DEFAULT_ACL, DEFAULT_ACL_DEPRECATED, "");
+			String aclS = GetPropertyValue(DEFAULT_ACL, DEFAULT_STORAGE_PRIVACY, "");
 			if (!String.IsNullOrEmpty(aclS))
 			{
 				this.defaultAcl = aclS.Equals("Private") ? GxFileType.Private : GxFileType.PublicRead;

dotnet/src/dotnetframework/Providers/Storage/GXAmazonS3/ExternalProviderS3.cs

@@ -51,6 +51,8 @@ public class ExternalProviderS3 : ExternalProviderBase, ExternalProvider
 		bool customEndpoint = false;
 
 		bool objectOwnershipEnabled;
+		private enum BucketPrivacy { PRIVATE, PUBLIC };
+		private BucketPrivacy ownerEnforcedBucketPrivacy;
 
 		public string StorageUri
 		{
@@ -106,7 +108,11 @@ private void Initialize() {
 				}
 			}
 
-			objectOwnershipEnabled = !GetPropertyValue(DEFAULT_ACL, DEFAULT_ACL_DEPRECATED, "").Equals("Bucket owner enforced");
+			string default_storage_privacy = GetPropertyValue(DEFAULT_ACL, DEFAULT_STORAGE_PRIVACY, "");
+			objectOwnershipEnabled = !default_storage_privacy.Contains("Bucket owner enforced");
+			ownerEnforcedBucketPrivacy = (BucketPrivacy) (!objectOwnershipEnabled ?
+				(default_storage_privacy.Contains("private") ? BucketPrivacy.PRIVATE : BucketPrivacy.PUBLIC)
+				: (BucketPrivacy?) null);
 
 #if NETCORE
 			if (credentials != null)
@@ -243,7 +249,10 @@ public string Upload(string localFile, string objectName, GxFileType fileType)
 
 		private bool IsPrivateUpload(GxFileType fileType)
 		{
-			return (GetCannedACL(fileType) != S3CannedACL.PublicRead) && objectOwnershipEnabled;
+			if (objectOwnershipEnabled && GetCannedACL(fileType) != S3CannedACL.PublicRead)
+				return true;
+			else 
+				return ownerEnforcedBucketPrivacy == BucketPrivacy.PRIVATE;
 		}
 
 		public string Get(string objectName, GxFileType fileType, int urlMinutes = 0)
@@ -264,7 +273,7 @@ public string GetUrl(string objectName, GxFileType fileType, int urlMinutes = 0)
 		private string GetUrlImpl(string objectName, GxFileType fileType, int urlMinutes = 0)
 		{
 			bool isPrivate = IsPrivateUpload(fileType);
-			return (isPrivate)? GetPreSignedUrl(objectName, ResolveExpiration(urlMinutes).TotalMinutes): StorageUri + StorageUtils.EncodeUrlPath(objectName);
+			return (isPrivate) ? GetPreSignedUrl(objectName, ResolveExpiration(urlMinutes).TotalMinutes): IsPrivateUpload(fileType) ? GetPreSignedUrl(objectName, ResolveExpiration(urlMinutes).TotalMinutes): StorageUri + StorageUtils.EncodeUrlPath(objectName);
 
 		}
 
@@ -323,7 +332,9 @@ public string Rename(string objectName, string newName, GxFileType fileType)
 		{
 			Copy(objectName, fileType, newName, fileType);
 			Delete(objectName, fileType);
-			return StorageUri + StorageUtils.EncodeUrlPath(newName);
+			if (objectOwnershipEnabled)
+				return StorageUri + StorageUtils.EncodeUrlPath(newName);
+			return IsPrivateUpload(fileType) ? GetPreSignedUrl(objectName, defaultExpiration.Minutes) : StorageUri + StorageUtils.EncodeUrlPath(newName);
 		}
 
 		public string Copy(string objectName, GxFileType sourceFileType, string newName, GxFileType destFileType)
@@ -348,7 +359,9 @@ public string Copy(string objectName, GxFileType sourceFileType, string newName,
 			}
 
 			CopyObject(request);
-			return StorageUri + StorageUtils.EncodeUrlPath(newName);
+			if (objectOwnershipEnabled)
+				return StorageUri + StorageUtils.EncodeUrlPath(newName);
+			return IsPrivateUpload(sourceFileType) ? GetPreSignedUrl(objectName, defaultExpiration.Minutes) : StorageUri + StorageUtils.EncodeUrlPath(newName);
 		}
 
 		private S3CannedACL GetCannedACL(GxFileType acl)
@@ -466,7 +479,9 @@ public string Copy(string url, string newName, string tableName, string fieldNam
 			AddObjectMetadata(request.Metadata, tableName, fieldName, resourceKey);
 			CopyObject(request);
 
-			return StorageUri + StorageUtils.EncodeUrlPath(resourceKey);
+			if (objectOwnershipEnabled)
+				return StorageUri + StorageUtils.EncodeUrlPath(resourceKey);
+			return IsPrivateUpload(destFileType) ? GetPreSignedUrl(resourceKey, defaultExpiration.Minutes) : StorageUri + StorageUtils.EncodeUrlPath(resourceKey);
 		}
 
 		public string Save(Stream fileStream, string fileName, string tableName, string fieldName, GxFileType destFileType)
@@ -493,7 +508,9 @@ public string Save(Stream fileStream, string fileName, string tableName, string
 				AddObjectMetadata(objectRequest.Metadata, tableName, fieldName, resourceKey);
 				PutObjectResponse result = PutObject(objectRequest);
 
-				return StorageUri + resourceKey;
+				if (objectOwnershipEnabled) 
+					return StorageUri + resourceKey;
+				return IsPrivateUpload(destFileType) ? GetPreSignedUrl(resourceKey, defaultExpiration.Minutes) : StorageUri + StorageUtils.EncodeUrlPath(resourceKey);
 			}
 			catch (Exception ex)
 			{