Setting ACL Google Cloud Storage via the PHP library

Question

I am using the PHP library for Google API Storage. How do I set the acl parameter (to 'public-read' for example) when inserting a storage object, in order to make an object public via its URI?

I have tried this:

$gso = new \Google_Service_Storage_StorageObject();
$gso->setName($folderAndFileName);
$gso->setAcl('public-read');

but the use of setAcl doesn't seem to have any effect.

Answer 1

In order to set the access control for an individual request, you must do the following:

In order to make the file public, the role must be set as "OWNER" and entity as "allUsers"

Documentation can be found here: https://cloud.google.com/storage/docs/access-control#predefined-project-private

$acl = new Google_Service_Storage_ObjectAccessControl();
$acl->setEntity('allUsers');
$acl->setRole('OWNER');

and then you must apply the ACL to storage object as follows:

$storObj = new Google_Service_Storage_StorageObject();
$storObj ->setAcl(array($acl));

The setAcl function requires an array as it parameter, therefore you add your access control object as the only element in an anonymous array

Answer 2

I'm not sure if there's an easier way, but this should work:

$acl = new Google_Service_Storage_ObjectAccessControl();
$acl->setEntity('allUsers');
$acl->setRole('READER');
$acl->setBucket('<BUCKET-NAME>');
$acl->setObject('<OBJECT-NAME>');

// $storage being a valid Google_Service_Storage instance
$response = $storage->objectAccessControls->insert('<BUCKET-NAME>', '<OBJECT-NAME>', $acl);

You can see all the possible values here.

Also, this requires the https://www.googleapis.com/auth/devstorage.full_control scope when authenticating.