From 7aa850824c63add4b91d57722224099fbb87c6aa Mon Sep 17 00:00:00 2001
From: Kailash Nadh <kailash@nadh.in>
Date: Sat, 2 Oct 2021 17:12:31 +0530
Subject: [PATCH] Add explicit `public-read` ACL to public S3 uploads. Closes
 #496.

---
 internal/media/providers/s3/s3.go | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/internal/media/providers/s3/s3.go b/internal/media/providers/s3/s3.go
index 43a0018e..fc38d483 100644
--- a/internal/media/providers/s3/s3.go
+++ b/internal/media/providers/s3/s3.go
@@ -61,7 +61,7 @@ func NewS3Store(opt Opt) (media.Store, error) {
 // Put takes in the filename, the content type and file object itself and uploads to S3.
 func (c *Client) Put(name string, cType string, file io.ReadSeeker) (string, error) {
 	// Upload input parameters
-	upParams := simples3.UploadInput{
+	p := simples3.UploadInput{
 		Bucket:      c.opts.Bucket,
 		ContentType: cType,
 		FileName:    name,
@@ -70,8 +70,13 @@ func (c *Client) Put(name string, cType string, file io.ReadSeeker) (string, err
 		// Paths inside the bucket should not start with /.
 		ObjectKey: c.makeBucketPath(name),
 	}
-	// Perform an upload.
-	if _, err := c.s3.FileUpload(upParams); err != nil {
+
+	if c.opts.BucketType == "public" {
+		p.ACL = "public-read"
+	}
+
+	// Upload.
+	if _, err := c.s3.FileUpload(p); err != nil {
 		return "", err
 	}
 	return name, nil