Setting ACL Google Cloud Storage via the PHP library - php

I am using the PHP library for Google API Storage. How do I set the acl parameter (to 'public-read' for example) when inserting a storage object, in order to make an object public via its URI?
I have tried this:
$gso = new \Google_Service_Storage_StorageObject();
$gso->setName($folderAndFileName);
$gso->setAcl('public-read');
but the use of setAcl doesn't seem to have any effect.

I'm not sure if there's an easier way, but this should work:
$acl = new Google_Service_Storage_ObjectAccessControl();
$acl->setEntity('allUsers');
$acl->setRole('READER');
$acl->setBucket('<BUCKET-NAME>');
$acl->setObject('<OBJECT-NAME>');
// $storage being a valid Google_Service_Storage instance
$response = $storage->objectAccessControls->insert('<BUCKET-NAME>', '<OBJECT-NAME>', $acl);
You can see all the possible values here.
Also, this requires the https://www.googleapis.com/auth/devstorage.full_control scope when authenticating.

In order to set the access control for an individual request, you must do the following:
In order to make the file public, the role must be set as "OWNER" and entity as "allUsers"
Documentation can be found here:
https://cloud.google.com/storage/docs/access-control#predefined-project-private
$acl = new Google_Service_Storage_ObjectAccessControl();
$acl->setEntity('allUsers');
$acl->setRole('OWNER');
and then you must apply the ACL to storage object as follows:
$storObj = new Google_Service_Storage_StorageObject();
$storObj ->setAcl(array($acl));
The setAcl function requires an array as it parameter, therefore you add your access control object as the only element in an anonymous array

Related

How to create a folder using PHP and google Drive API, and immediately change sharing permissions?

I've successfully been able to create a folder, but I want to figure out how to share it. To use the permission.create function I need the File ID but I have no idea where to find that.
So basically can I create the folder and immediately set sharing permissions, or do I need the file ID? If so, how do I get that? (this probably applies to any sort of file not just a folder)
This is the code I have to create the folder. I have omitted the code to create the google client object and do the authentication as I thought it was irrelevant.
$drive = new Google_Service_Drive($client);
$fileA = new Google_Service_Drive_DriveFile();
$fileA->setName($Title);
$fileA->setMimeType('application/vnd.google-apps.folder');
$folder = $drive->files->create($fileA);
https://developers.google.com/drive/api/v3/reference/files/create says the "create" method returns a Files resource (i.e. an object representing the new file).
If you look at the definition of the Files resource (https://developers.google.com/drive/api/v3/reference/files#resource) you'll see it has a property called "id".
So I'd expect that the variable named as $folder will have an id property which you can use.
in PHP, you get a property like this normally: $folder->id. So you could maybe write echo $folder->id; on the next line, just to test it. Or you could write var_dump($folder); if you wanted to see all the properties of the object, and check what's there.
You will need to make two calls. When you create the file / folder the owner is set to the currently authenticated user once you have done that you get back a file id of the new file / directory you created you can then use that in the call to create additional permissions on the file.
// Option paramaters can be set as needed.
$optParams = array(
'emailMessage' => '[YourValue]', // A custom message to include in the notification email.
'sendNotificationEmail' => '[YourValue]', // Whether to send a notification email when sharing to users or groups. This defaults to true for users and groups, and is not allowed for other requests. It must not be disabled for ownership transfers.
'supportsTeamDrives' => '[YourValue]', // Whether the requesting application supports Team Drives.
'transferOwnership' => '[YourValue]', // Whether to transfer ownership to the specified user and downgrade the current owner to a writer. This parameter is required as an acknowledgement of the side effect.
'fields' => '*'
);
// Single Request.
$results = permissionsCreateExample($service, $fileId, $optParams);
/**
* Creates a permission for a file or Team Drive.
* #service Authenticated Drive service.
* #optParams Optional paramaters are not required by a request.
* #fileId The ID of the file or Team Drive.
* #return Permission
*/
function permissionsCreateExample($service, $body, $fileId, $optParams)
{
try
{
// Make the request and return the results.
return $service->permissions->CreatePermissions($body, $fileId, $optParams);
}
catch (Exception $e)
{
print "An error occurred: " . $e->getMessage();
}
}

Programmatically set metadata for simplesamlphp

I'm using SimpleSAMLphp for single sign on purposes. The default set up has an authsources.php file that holds the $config data and then a bunch of files in the metadata directory that set the $metadata for each of the IdP's. I don't want this information to be kept in static files. I'd prefer to set the $config and $metadata programmatically.
I've figured out how to do the $config. That's fairly simple. Just create the $config array that you want to use and then pass it to SimpleSAML_Configuration in the constructor. Bada-bing. Bada-boom. Done.
I can't find anything that allows you to manually set the $metadata though. Does SimpleSAMLphp have such a utility that I'm missing? Basically, I want something that would work like this...
$metadata = array(/* some data here */);
$util = new SomeMetaDataObject();
$util->setMetaData($metadata);
// Then do the whole Auth thing after this.
When I was looking at it, it wasn't possible, since all config was statically loaded from files, and impossible to override programmatically. Not sure if that changed by some newer version. But that was the reason why I started writing light saml php library and saml sp symfony bundle - a more configurable and reusable SAML library in PHP. Please try it, would appreciate some feedback and means to improve it.

Custom OAuth2 user database

I'm currently implementing OAuth2 in my website to keep an user logged in inside an Android app. I want to change the default OAuth2 user database to my own user database. Unfortunately I can't find out how to do that. It should be possible with overriding classes and without changing the code in the core library, but how to do it?
This is what I have in my server.php file:
// Autoloading (composer is preferred, but for this example let's just do this)
require_once('/src/OAuth2/Autoloader.php');
OAuth2\Autoloader::register();
$storage = new OAuth2\Storage\Pdo(array('dsn' => 'mysql:host=xxxx;dbname=xxxx', 'username' => 'xxxx', 'password' => 'xxxx'));
// Pass a storage object or array of storage objects to the OAuth2 server class
$server = new OAuth2\Server($storage);
// Add the "Password / User Credentials" grant type
$server->addGrantType(new OAuth2\GrantType\UserCredentials($storage));
So here I want to use to my own user table instead of the default oauth_users table. And because the passwords are salted I need to have a different password check too. I am using the BShaffer OAuth2 Library: https://github.com/bshaffer/oauth2-server-php
With this library it's easy to write custom code so you don't have to touch the core of this library.
For this problem you'll have to create a custom storage class that implements the UserCredentialsInterface. There are two methods in here which you need to implement yourself
public function checkUserCredentials()
public function getUserDetails()
Here you can implement your logic for checking user details and fetching user details.
After this you'll need to add this storage to the oAuth server like this:
$server = new OAuth2\Server($storage);
$userStorage = new YourCustomUserStorage();
$server->addStorage($userStorage, 'user_credentials');
You'll also need to pass this storage to any Grant type you're adding to the server, in your case it looks like this:
$server->addGrantType(new OAuth2\GrantType\UserCredentials($userStorage));

Azure Blob setcontainer ACL using PHP

I'm trying to update container ACL using latest Azure-PHP sdk.
setContainerAcl($container, $acl, $options = null)
In $container i gave my container name, but in $acl i don't know what to provide?
But I can able to GET the container acl data using getContainerAcl method.
Looking at the source code here for setContainerAcl: https://github.com/Azure/azure-sdk-for-php/blob/master/WindowsAzure/Blob/BlobRestProxy.php#L946, $acl should be an object of type ContainerAcl which you will need to request first using the container name. The source code for ContainerACL can be found here: https://github.com/Azure/azure-sdk-for-php/blob/master/WindowsAzure/Blob/Models/ContainerACL.php.

delete with Zend_Rest_Client

I'm trying to delete a resource using ZF1 rest client
$this->restClient = new Zend_Rest_Client('https://myurl.com');
$response = $this->restClient->delete('/service/'.$this->uuid.'.json?api_key='.$this->apikey);
but I get an error:
Path "/service/v-2149d050-c64b-0131-33b0-1231390c0c78.json?api_key=a-9a136a00-b340-0131-2662-1231390c0c78" is not a valid HTTP path
the web service documentation simply says to use
DELETE https://myurl.com/service/YOUR_UUID.json?api_key=YOUR_API_KEY
any idea on how to use this class?
thanks
DELETE https://myurl.com/service/YOUR_UUID.json?api_key=YOUR_API_KEY
That is not the path only, but a full URI. It breaks down to:
Path: service/YOUR_UUID.json
Query-Info: api_key=YOUR_API_KEY
For Zend rest client, you need to call one function per each parameter, and a parameter can not be named as a standard HTTP verb:
$client = new Zend_Rest_Client('https://exeample.com');
$client->api_key(YOUR_API_KEY);
$response = $client->restClient->delete('/service/'.$this->uuid.'.json);
For more information please see the Request Arguments section in the vendor documentation on how to pass arguments with your request.

Categories