This support forum is no longer in use. Please use the Cloudinary Community at https://community.cloudinary.com/ to receive assistance from other members of the community and from Cloudinary's support team. For account-specific questions or if you believe that you've encountered a bug, please contact the Cloudinary team directly via the "submit a request" option on this support site.

Unable to Update Image Access w/AdminAPI

Follow
Avatar
Scotch Wichmann

Hi!

I'm trying to change the settings of an uploaded image so it is no longer publicly visible.  I'm following the AdminAPI instructions for ->update(access_control) (see https://cloudinary.com/documentation/admin_api) but after making the call, I can still download the image from a fresh browser (no cookies or cache). 

My call looks like this in PHP:

$resp = $cloudinary->adminApi()->update("foofoo" , '{ "access_control": ["anonymous", "start":"2017-12-15T12:00Z", "end":"2018-01-20T12:00Z" ] }' );

...where "foofoo" is the public_id of the uploaded image (foofoo is not inside of a subfolder).  

My $cloudinary->adminAPI object seems fine, since I can call $resp = $cloudinary->adminApi()->assetsByIds(['foofoo']); and get back a valid response filled with data.

I expect since I'm setting the anonymous dates to 2017-2018, foofoo should no longer be visible since the date range is in the past, but I can still see the image.

I am getting a couple of warnings back from the update() call, but I don't know if they're causing the issue:

Warning: array_merge(): Expected parameter 1 to be an array, string given in /Library/WebServer/website_psi/vendor/cloudinary/cloudinary_php/src/Api/Admin/AssetsTrait.php on line 327

Warning: http_build_query(): Parameter 1 expected to be Array or Object. Incorrect value given in /Library/WebServer/website_psi/vendor/cloudinary/cloudinary_php/src/Utils/Utils.php on line 251

Is my JSON incorrect, do you think? Or am I misunderstanding what access_control is supposed to do?

Thanks for any help!

0

Comments

5 comments

Sort by Date Votes
  • Avatar
    Loic Verger Del Bove

    Hi Scotch,

    Thanks for reaching out.

    As mentioned here, it needs to be an array of objects so you should use something like this:

    $resp = $cloudinary->adminApi()->update("foofoo" , '{ "access_control": [{access_type: 'anonymous', start: '2017-12-15T12:00Z', end: '2018-01-20T12:00Z'}] }' );

    I have tested it in NodeJS and it does work properly.

    Hope that helps.

    Best,

    Loic

    0
    Comment actions Permalink
  • Avatar
    Scotch Wichmann

    Hi Loic,

    Thank you so much for the help.

    When I make this call:

    $resp = $cloudinary->adminApi()->update("foofoo" , '{ "access_control": [{access_type: "anonymous", start: "2017-12-15T12:00Z", end: "2018-01-20T12:00Z"}] }' );

    ...it looks like 'anonymous' is being set in the output:

    object(Cloudinary\Api\ApiResponse)#60 (5) { ["rateLimitResetAt"]=> int(1648227600) ["rateLimitAllowed"]=> int(500) ["rateLimitRemaining"]=> int(496) ["headers"]=> array(15) { ["Date"]=> array(1) { [0]=> string(29) "Fri, 25 Mar 2022 16:45:52 GMT" } ["Content-Type"]=> array(1) { [0]=> string(31) "application/json; charset=utf-8" } ["Transfer-Encoding"]=> array(1) { [0]=> string(7) "chunked" } ["Connection"]=> array(1) { [0]=> string(10) "keep-alive" } ["Vary"]=> array(1) { [0]=> string(15) "Accept-Encoding" } ["Status"]=> array(1) { [0]=> string(6) "200 OK" } ["X-FeatureRateLimit-Reset"]=> array(1) { [0]=> string(29) "Fri, 25 Mar 2022 17:00:00 GMT" } ["X-FeatureRateLimit-Remaining"]=> array(1) { [0]=> string(3) "496" } ["Cache-Control"]=> array(1) { [0]=> string(35) "max-age=0, private, must-revalidate" } ["X-XSS-Protection"]=> array(1) { [0]=> string(13) "1; mode=block" } ["X-FeatureRateLimit-Limit"]=> array(1) { [0]=> string(3) "500" } ["X-Request-Id"]=> array(1) { [0]=> string(32) "3dc9322f62dab979a2303cb21623ef50" } ["X-UA-Compatible"]=> array(1) { [0]=> string(16) "IE=Edge,chrome=1" } ["ETag"]=> array(1) { [0]=> string(34) ""901038aad3c693e538e9d4422c2f6cc4"" } ["Server"]=> array(1) { [0]=> string(10) "cloudinary" } } ["storage":"ArrayObject":private]=> array(14) { ["asset_id"]=> string(32) "a03549ef691fd3201650e1c973e4576a" ["public_id"]=> string(6) "foofoo" ["format"]=> string(3) "png" ["version"]=> int(1648187404) ["resource_type"]=> string(5) "image" ["type"]=> string(6) "upload" ["created_at"]=> string(20) "2022-03-24T23:25:38Z" ["bytes"]=> int(20911) ["width"]=> int(170) ["height"]=> int(192) ["access_mode"]=> string(6) "public" ["access_control"]=> array(1) { [0]=> array(1) { ["access_type"]=> string(9) "anonymous" } } ["url"]=> string(71) "http://res.cloudinary.com/falconpsi/image/upload/v1648187404/foofoo.png" ["secure_url"]=> string(72) "https://res.cloudinary.com/falconpsi/image/upload/v1648187404/foofoo.png" } }

    .

    However, when I open a brand new browser (cache empty), I can still access "foofoo" object even though the access_control end date is in the past.

    Is this expected behavior?  (My goal is to revoke access to the object at a certain point so that it is no longer publicly accessible).

    What else should I be trying, do you think?

    Thanks again!!!

     

     

     

    0
    Comment actions Permalink
  • Avatar
    Loic Verger Del Bove

    Hi Scotch,

    Could you clear the cache of your browser? You should get a 401.

    Thanks in advance.

    Best,

    Loic

    0
    Comment actions Permalink
  • Avatar
    Scotch Wichmann

    Hi Loic,  

    It worked -- maybe it was still cached locally or on CDN, but looks like I'm successfully blocked.

    Thanks again for your expertise!!!

     

    0
    Comment actions Permalink
  • Avatar
    Loic Verger Del Bove

    Hi Scotch,

    Glad it works!

    Feel free to reach out to us either here or via support@cloudinary.com if you have any further questions.

    Best,

    Loic

    0
    Comment actions Permalink

Post is closed for comments.