search

jschneier / django-storages

https://django-storages.readthedocs.io/
BSD 3-Clause "New" or "Revised" License
2.77k stars 866 forks source link

Trouble with GS_DEFAULT_ACL setting #978

Open harisonmg opened 3 years ago

harisonmg commented 3 years ago

I get this error on my staging website when I try to access media copied from the production bucket "Anonymous caller does not have storage.objects.get access to the Google Cloud Storage object" when I set GS_DEFAULT_ACL = 'publicRead' . When I comment out the setting, everything seems to work fine, although the media URLs are signed - which I have no problem with.

On ,multiple occasions, I found that the application can't access media uploaded by another entity (user/service account), which shouldn't be the case where that entity has the correct permissions. I suppose the trouble originates from this setting.

sww314 commented 3 years ago

@harisonmg The GS_DEFAULT_ACL is only used in the code to decide if the file needs a signed url or not. You have to set the bucket/blob permissions separately. Be sure and check the permissions of the files you copy.

harisonmg commented 3 years ago

Thanks @sww314 for the clarification. I had set the permissions in Google Cloud, only that I wasn't able to access the media via a non-signed URL.