From 1dc66d56882fb27cbeb5b4207dd6d05598296719 Mon Sep 17 00:00:00 2001
From: chrystinne <chrystinne@gmail.com>
Date: Fri, 22 Nov 2024 13:48:59 -0500
Subject: [PATCH] Set the bucket policy for the controlled-access bucket upon
 its initial creation.

---
 physionet-django/project/cloud/s3.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/physionet-django/project/cloud/s3.py b/physionet-django/project/cloud/s3.py
index 648371926..215461ce2 100644
--- a/physionet-django/project/cloud/s3.py
+++ b/physionet-django/project/cloud/s3.py
@@ -1190,12 +1190,21 @@ def upload_project_to_S3(project):
     if s3 is None or bucket_name is None:
         return
 
+    bucket_created = False
+
     try:
         create_s3_bucket(s3, bucket_name)
+        bucket_created = True
     except s3.exceptions.BucketAlreadyExists:
         raise Exception(f"A bucket named {bucket_name} already exists.")
     except s3.exceptions.BucketAlreadyOwnedByYou:
-        pass
+        bucket_created = False
+    
+    # Set the bucket policy only if the bucket was newly created and has controlled access
+    if bucket_created and project.access_policy == AccessPolicy.CONTROLLED:
+        controlled_policy = create_controlled_bucket_policy(bucket_name)
+        s3.put_bucket_policy(Bucket=bucket_name, Policy=controlled_policy)
+
     put_bucket_logging(
         s3, bucket_name, settings.S3_SERVER_ACCESS_LOG_BUCKET, bucket_name + "/logs/"
     )