mirror of
https://github.com/discourse/discourse.git
synced 2025-06-20 16:14:06 +08:00
b02bc707de
This commit introduces a `s3_enable_access_control_tags` site setting which, when enabled, adds a `discourse:acl` tag with values `public` or `private` to S3 objects created by the application. The presence of the tags on S3 objects enables bucket administrators to implement tag-based access control policies, providing an alternative to object ACLs which AWS now discourages. The `discourse:acl` tag can be customized via the `s3_access_control_tag_key ` site setting. Values for `public` and `private` can also be customized via the `s3_access_control_tag_public_value` and `s3_access_control_tag_private_value ` site settings respectively. ### Reviewer Notes To test it locally, run the following commands in your working discourse directory: 1. `script/install_minio_binaries.rb` 2. Start a local minio server by running: `bundle exec rails runner script/local_minio_s3.rb` 3. bundle exec rails runner "SiteSetting.enable_s3_uploads = true" 5. Start your development rails server with the following environment variables: `DISCOURSE_ENABLE_S3_UPLOADS=true DISCOURSE_S3_ENABLE_ACCESS_CONTROL_TAGS=true DISCOURSE_BACKUP_LOCATION=s3`