Set the bucket policy for the controlled-access bucket upon its initi…

…al creation.
MIT-LCP · Nov 22, 2024 · 1dc66d5 · 1dc66d5
1 parent 7afbaaf
commit 1dc66d5
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/physionet-django/project/cloud/s3.py b/physionet-django/project/cloud/s3.py
@@ -1190,12 +1190,21 @@ def upload_project_to_S3(project):
     if s3 is None or bucket_name is None:
         return
 
+    bucket_created = False
+
     try:
         create_s3_bucket(s3, bucket_name)
+        bucket_created = True
     except s3.exceptions.BucketAlreadyExists:
         raise Exception(f"A bucket named {bucket_name} already exists.")
     except s3.exceptions.BucketAlreadyOwnedByYou:
-        pass
+        bucket_created = False
+
+    # Set the bucket policy only if the bucket was newly created and has controlled access
+    if bucket_created and project.access_policy == AccessPolicy.CONTROLLED:
+        controlled_policy = create_controlled_bucket_policy(bucket_name)
+        s3.put_bucket_policy(Bucket=bucket_name, Policy=controlled_policy)
+
     put_bucket_logging(
         s3, bucket_name, settings.S3_SERVER_ACCESS_LOG_BUCKET, bucket_name + "/logs/"
     )