mirror of
https://gh.wpcy.net/https://github.com/discourse/discourse.git
synced 2026-05-21 21:17:27 +08:00
b02bc707de
This commit introduces a `s3_enable_access_control_tags` site setting which, when enabled, adds a `discourse:acl` tag with values `public` or `private` to S3 objects created by the application. The presence of the tags on S3 objects enables bucket administrators to implement tag-based access control policies, providing an alternative to object ACLs which AWS now discourages. The `discourse:acl` tag can be customized via the `s3_access_control_tag_key ` site setting. Values for `public` and `private` can also be customized via the `s3_access_control_tag_public_value` and `s3_access_control_tag_private_value ` site settings respectively. ### Reviewer Notes To test it locally, run the following commands in your working discourse directory: 1. `script/install_minio_binaries.rb` 2. Start a local minio server by running: `bundle exec rails runner script/local_minio_s3.rb` 3. bundle exec rails runner "SiteSetting.enable_s3_uploads = true" 5. Start your development rails server with the following environment variables: `DISCOURSE_ENABLE_S3_UPLOADS=true DISCOURSE_S3_ENABLE_ACCESS_CONTROL_TAGS=true DISCOURSE_BACKUP_LOCATION=s3` |
||
|---|---|---|
| .. | ||
| backup_file_handler_multisite_spec.rb | ||
| backup_file_handler_spec.rb | ||
| backuper_spec.rb | ||
| database_restorer_multisite_spec.rb | ||
| database_restorer_spec.rb | ||
| local_backup_store_spec.rb | ||
| meta_data_handler_spec.rb | ||
| s3_backup_store_spec.rb | ||
| shared_context_for_backup_restore.rb | ||
| shared_examples_for_backup_store.rb | ||
| system_interface_multisite_spec.rb | ||
| system_interface_spec.rb | ||
| uploads_restorer_spec.rb | ||
