Configure and query the ACL of a bucket using PHP SDK V2 - Object Storage Service

This topic shows how to set and get the access control list (ACL) of a bucket using the OSS PHP SDK V2:

Set the bucket ACL using PutBucketAcl
Get the bucket ACL using GetBucketAcl

Bucket ACL types

ACL	Description	SDK constant
private	Only the bucket owner and authorized users have read and write permissions. Other users cannot access objects in the bucket.	`BucketACLType::PRIVATE`
public-read	Only the bucket owner and authorized users have read and write permissions. Other users have read permissions only. Exercise caution when setting this ACL.	`BucketACLType::PUBLIC_READ`
public-read-write	All users have read and write permissions. Exercise caution when setting this ACL.	`BucketACLType::PUBLIC_READ_WRITE`

Prerequisites

Before you begin, ensure that you have:

The oss:PutBucketAcl permission to set the ACL of a bucket
The oss:GetBucketAcl permission to get the ACL of a bucket

For more information, see Attach a custom policy to a RAM user.

Usage notes

The sample code uses the region ID cn-hangzhou for the China (Hangzhou) region. By default, a public endpoint is used to access resources in a bucket. To use other Alibaba Cloud products in the same region to access resources in the bucket, use an internal endpoint. For more information, see Regions and endpoints.
Credentials are loaded from environment variables. Set the AccessKey ID and AccessKey secret in your environment before running the examples.

Set and get the bucket ACL

Both examples share the same client setup. Initialize the client once in your application and reuse it for all operations.

Set the bucket ACL

The following example sets the bucket ACL to private using PutBucketAcl.

<?php

require_once __DIR__ . '/../vendor/autoload.php';

use AlibabaCloud\Oss\V2 as Oss;

// Parse command-line arguments.
$optsdesc = [
    "region"   => ['help' => 'The region where the bucket is located.', 'required' => true],
    "endpoint" => ['help' => 'The endpoint for other services to access OSS.', 'required' => false],
    "bucket"   => ['help' => 'The name of the bucket.', 'required' => true],
];

$longopts = array_map(fn($key) => "$key:", array_keys($optsdesc));
$options  = getopt("", $longopts);

foreach ($optsdesc as $key => $value) {
    if ($value['required'] === true && empty($options[$key])) {
        echo "Error: --$key is required. " . $value['help'] . PHP_EOL;
        exit(1);
    }
}

$region = $options["region"];
$bucket = $options["bucket"];

// Load credentials from environment variables.
$credentialsProvider = new Oss\Credentials\EnvironmentVariableCredentialsProvider();

// Initialize the client.
$cfg = Oss\Config::loadDefault();
$cfg->setCredentialsProvider($credentialsProvider);
$cfg->setRegion($region);

if (isset($options["endpoint"])) {
    $cfg->setEndpoint($options["endpoint"]);
}

$client = new Oss\Client($cfg);

// Set the bucket ACL to private.
$request = new Oss\Models\PutBucketAclRequest(
    bucket: $bucket,
    acl: Oss\Models\BucketACLType::PRIVATE
);

try {
    $result = $client->putBucketAcl($request);
    printf(
        'status code: %s' . PHP_EOL .
        'request ID: %s' . PHP_EOL,
        $result->statusCode,
        $result->requestId
    );
} catch (Oss\Exception\OssException $e) {
    echo 'Error: ' . $e->getMessage() . PHP_EOL;
    exit(1);
}

For the complete sample, see PutBucketAcl.php on GitHub.

Get the bucket ACL

The following example retrieves the current ACL of a bucket using GetBucketAcl.

<?php

require_once __DIR__ . '/../vendor/autoload.php';

use AlibabaCloud\Oss\V2 as Oss;

// Parse command-line arguments.
$optsdesc = [
    "region"   => ['help' => 'The region where the bucket is located.', 'required' => true],
    "endpoint" => ['help' => 'The endpoint for other services to access OSS.', 'required' => false],
    "bucket"   => ['help' => 'The name of the bucket.', 'required' => true],
];

$longopts = array_map(fn($key) => "$key:", array_keys($optsdesc));
$options  = getopt("", $longopts);

foreach ($optsdesc as $key => $value) {
    if ($value['required'] === true && empty($options[$key])) {
        echo "Error: --$key is required. " . $value['help'] . PHP_EOL;
        exit(1);
    }
}

$region = $options["region"];
$bucket = $options["bucket"];

// Load credentials from environment variables.
$credentialsProvider = new Oss\Credentials\EnvironmentVariableCredentialsProvider();

// Initialize the client.
$cfg = Oss\Config::loadDefault();
$cfg->setCredentialsProvider($credentialsProvider);
$cfg->setRegion($region);

if (isset($options["endpoint"])) {
    $cfg->setEndpoint($options["endpoint"]);
}

$client = new Oss\Client($cfg);

// Get the bucket ACL.
$request = new Oss\Models\GetBucketAclRequest(bucket: $bucket);

try {
    $result = $client->getBucketAcl($request);
    printf(
        'status code: %s' . PHP_EOL .
        'request ID: %s' . PHP_EOL .
        'bucket ACL: %s' . PHP_EOL,
        $result->statusCode,
        $result->requestId,
        $result->accessControlList->grant
    );
} catch (Oss\Exception\OssException $e) {
    echo 'Error: ' . $e->getMessage() . PHP_EOL;
    exit(1);
}

For the complete sample, see GetBucketAcl.php on GitHub.

Object Storage Service:Manage the ACL of a bucket using OSS SDK for PHP 2.0