From 05a3e3670fd6da3f0390a106605bf71ddf2f3667 Mon Sep 17 00:00:00 2001 From: Sam Date: Fri, 4 Jan 2019 08:13:06 +1100 Subject: [PATCH] FEATURE: add rake task that resets ACL on every object in S3 Some previous migrations to S3 may have bad ACLs set on objects. This introduces a new rake task (`rake s3:correct_acl`) that will reset ACL on every S3 object. Vast majority of users will never have to run it, but if you have ACL issues this is the atomic solution. --- lib/tasks/s3.rake | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/lib/tasks/s3.rake b/lib/tasks/s3.rake index 356ca55cc28..58d12e10003 100644 --- a/lib/tasks/s3.rake +++ b/lib/tasks/s3.rake @@ -101,6 +101,36 @@ def ensure_s3_configured! end end +task 's3:correct_acl' => :environment do + ensure_s3_configured! + + puts "ensuring public-read is set on every upload and optimized image" + + i = 0 + + base_url = Discourse.store.absolute_base_url + + objects = Upload.pluck(:id, :url).map { |array| array << :upload } + objects.concat(OptimizedImage.pluck(:id, :url).map { |array| array << :optimized_image }) + + puts "#{objects.length} objects found" + + objects.each do |id, url, type| + i += 1 + if !url.start_with?(base_url) + puts "Skipping #{type} #{id} since it is not stored on s3, url is #{url}" + else + key = url[(base_url.length + 1)..-1] + object = Discourse.store.s3_helper.object(key) + object.acl.put(acl: "public-read") + end + if i % 100 == 0 + puts "#{i} done" + end + end + +end + task 's3:upload_assets' => :environment do ensure_s3_configured!