File method to check whether an Object is Public #683
Comments
stephenplusplus
added
the
type: feature request
|
(Following this from the GCP Slack Channel for Storage) The XML API version: A library isn't necessary in this case and requires accessing the object payload which may be large. A workaround for large objects is to not download all the data if the object is public. An alternative it to review ACL and IAM permissions, but it's rather complex given permissions can be set at the Project, Bucket and Object level. I'd recommend not adding support that determines if an object is public by reviewing permissions. |
|
There is an example of or more generic implementation async function isFilePublic(file: File) {
try {
const [aclObject] = await file.acl.get({entity: 'allUsers'});
if ((aclObject as AccessControlObject).entity === 'allUsers' &&
(aclObject as AccessControlObject).role === 'READER') {
return true;
} else {
return false;
}
} catch (error) {
if (error.code === 404) {
return false;
} else {
throw error;
}
}
}@frankyn would you consider a wrapper method for above? |
|
Thanks @AVaksman! The issue with the helper function is a user not having the necessary permissions to verify the object and bucket level ACL or IAM policy at a bucket level. This helper method only verifies the object ACL if they're set. Example Case: If a user only has permission to perform a ACL GET request on an object and the Object ACL does not have This can lead to user confusion that the object is not public when it really is public. |
Is it possible to just send a |
|
Thanks for chiming in with that option @stephenplusplus. I didn't know about that HTTP HEAD request. I recommend using the format |
google-cloud-label-sync
bot
added
the
api: storage
Right now there exist no method on
Fileobject to explicitly check whether a given a file is Public or Not.There should be a way to check this.
The text was updated successfully, but these errors were encountered: