Configure and query object ACLs using PHP SDK V2 - Object Storage Service

This topic describes how to set and query the access control lists (ACLs) of objects by using OSS PHP SDK V2.

Prerequisites

PHP 7.4 or later is installed.
OSS PHP SDK V2 is installed via Composer:
```
  composer require alibabacloud/oss-v2
```

AccessKey ID and AccessKey secret are configured as environment variables:

  export OSS_ACCESS_KEY_ID=<your-access-key-id>
  export OSS_ACCESS_KEY_SECRET=<your-access-key-secret>

Usage notes

The sample code in this topic uses the public endpoint of the China (Hangzhou) region (cn-hangzhou). If you access OSS from other Alibaba Cloud products in the same region, use an internal endpoint. For more information about the mappings between OSS-supported regions and endpoints, see Regions and endpoints.
To set the ACL of an object, you must have the oss:PutObjectAcl permission. To query the ACL of an object, you must have the oss:GetObjectAcl permission. For more information, see Attach a custom policy to a RAM user.

Types of ACLs

The ACL of an object can be one of the following four types:

ACL	Description	Access permission value
Inherit from bucket	Objects inherit access permissions from the bucket. This is the default setting.	oss.ObjectACLDefault
Private	Only the object owner and authorized users have read and write permissions on the object. Other users cannot access the object.	oss.ObjectACLPrivate
Public-read	Only the object owner and authorized users have read and write permissions on the object. Other users have only read permissions on the object. Exercise caution when you grant this permission.	oss.ObjectACLPublicRead
Public-read-write	All users have read and write permissions on the object. Exercise caution when you grant this permission.	oss.ObjectACLPublicReadWrite

The ACL of an object takes precedence over the ACL of the bucket in which the object is stored. For example, if the ACL of a bucket is private but the ACL of an object in the bucket is public-read-write, all users have read and write permissions on the object. If no ACL is configured for an object, the object inherits the ACL of the bucket.

Sample code

Set the ACL of an object

The following code sets the ACL of an object to public-read:

<?php

require_once __DIR__ . '/../vendor/autoload.php';

use AlibabaCloud\Oss\V2 as Oss;

// Specify the region in which the bucket is located. Example: cn-hangzhou.
$region = 'cn-hangzhou';
// Specify the name of the bucket. Example: examplebucket.
$bucket = 'examplebucket';
// Specify the full path of the object. Example: exampleobject.txt.
$key = 'exampleobject.txt';

// Load credentials from environment variables.
$credentialsProvider = new Oss\Credentials\EnvironmentVariableCredentialsProvider();

// Load the default configurations and set the credential provider and region.
$cfg = Oss\Config::loadDefault();
$cfg->setCredentialsProvider($credentialsProvider);
$cfg->setRegion($region);

// To use a custom endpoint, uncomment the following line:
// $cfg->setEndpoint('https://oss-cn-hangzhou.aliyuncs.com');

// Initialize the OSS client.
$client = new Oss\Client($cfg);

try {
    // Create a request to set the ACL of the object to public-read.
    $request = new Oss\Models\PutObjectAclRequest($bucket, $key, Oss\Models\ObjectACLType::PUBLIC_READ);

    // Send the request.
    $result = $client->putObjectAcl($request);

    // Print the status code and request ID.
    printf(
        'status code:' . $result->statusCode . PHP_EOL .
        'request id:' . $result->requestId
    );
} catch (Oss\Exception\OperationException $e) {
    $se = $e->getPrevious();
    if ($se instanceof Oss\Exception\ServiceException) {
        printf(
            "Service Error: %s (Code: %s, RequestId: %s, StatusCode: %d)\n",
            $se->getErrorMessage(),
            $se->getErrorCode(),
            $se->getRequestId(),
            $se->getStatusCode()
        );
    } else {
        printf("Error: %s\n", $e->getMessage());
    }
}

Query the ACL of an object

The following code queries the ACL of an object:

<?php

require_once __DIR__ . '/../vendor/autoload.php';

use AlibabaCloud\Oss\V2 as Oss;

// Specify the region in which the bucket is located. Example: cn-hangzhou.
$region = 'cn-hangzhou';
// Specify the name of the bucket. Example: examplebucket.
$bucket = 'examplebucket';
// Specify the full path of the object. Example: exampleobject.txt.
$key = 'exampleobject.txt';

// Load credentials from environment variables.
$credentialsProvider = new Oss\Credentials\EnvironmentVariableCredentialsProvider();

// Load the default configurations and set the credential provider and region.
$cfg = Oss\Config::loadDefault();
$cfg->setCredentialsProvider($credentialsProvider);
$cfg->setRegion($region);

// To use a custom endpoint, uncomment the following line:
// $cfg->setEndpoint('https://oss-cn-hangzhou.aliyuncs.com');

// Initialize the OSS client.
$client = new Oss\Client($cfg);

try {
    // Create a request to query the ACL of the object.
    $request = new Oss\Models\GetObjectAclRequest($bucket, $key);

    // Send the request.
    $result = $client->getObjectAcl($request);

    // Print the status code, request ID, and ACL.
    printf(
        'status code:' . $result->statusCode . PHP_EOL .
        'request id:' . $result->requestId . PHP_EOL .
        'acl:' . $result->accessControlList->grant
    );
} catch (Oss\Exception\OperationException $e) {
    $se = $e->getPrevious();
    if ($se instanceof Oss\Exception\ServiceException) {
        printf(
            "Service Error: %s (Code: %s, RequestId: %s, StatusCode: %d)\n",
            $se->getErrorMessage(),
            $se->getErrorCode(),
            $se->getRequestId(),
            $se->getStatusCode()
        );
    } else {
        printf("Error: %s\n", $e->getMessage());
    }
}

References

Set ACL: Complete sample code (GitHub) | PutObjectACL (API reference)
Query ACL: Complete sample code (GitHub) | GetObjectACL (API reference)