nklatt/concrete5_adjust_file_permissions.php

## concrete5_adjust_file_permissions.php
use Concrete\Core\Entity\File\File;
use Concrete\Core\File\Set\Set as FileSet;
use Concrete\Core\File\StorageLocation\StorageLocationFactory as FileStorageLocationFactory;
use Concrete\Core\Permission\Access\Entity\GroupEntity as GroupPermissionAccessEntity;
use Concrete\Core\Permission\Access\Entity\UserEntity as UserPermissionAccessEntity;
use Concrete\Core\Support\Facade\Application;
use Concrete\Core\User\Group\Group as UserGroup;

use PermissionKey;
use UserInfo;

// assumes Advanced Permissions have been enabled

function adjustPermissions(
    File   $f,
    string $fileSetName,
    string $fileStorageLocationName, // for security, this should reside outside of webroot
    string $groupName,
    int    $uID)
{
    // add file to file set
    $fs = FileSet::createAndGetSet($fileSetName, FileSet::TYPE_PUBLIC, 1);
    $fs->addFileToSet($f);

    // assign storage location
    $app = Application::getFacadeApplication();
    $location = $app[FileStorageLocationFactory::class]->fetchByName($fileStorageLocationName)[0];
    $f->setFileStorageLocation($location);

    // override parent folder permissions
    $f->resetPermissions(1);

    // remove Guest access
    $pk = PermissionKey::getByHandle('view_file');
    $pk->setPermissionObject($f);
    $pa = $pk->getPermissionAccessObject();
    $pe = GroupPermissionAccessEntity::getOrCreate(UserGroup::getByID(GUEST_GROUP_ID));
    $pa->removeListItem($pe);

    // enable access by passed-in group
    $g = UserGroup::getByName($groupName);
    if (is_object($g)) {
        $pae = GroupPermissionAccessEntity::getOrCreate($g);
        $pa->addListItem($pae, false, PermissionKey::ACCESS_TYPE_INCLUDE);
    }

    // enable access by passed-in user
    $ui = UserInfo::getByID($uID);
    if (is_object($ui)) {
        $pae = UserPermissionAccessEntity::getOrCreate($ui);
        $pa->addListItem($pae, false, PermissionKey::ACCESS_TYPE_INCLUDE);
    }

    // apply the above access settings
    $pa->markAsInUse();
}
	use Concrete\Core\Entity\File\File;
	use Concrete\Core\File\Set\Set as FileSet;
	use Concrete\Core\File\StorageLocation\StorageLocationFactory as FileStorageLocationFactory;
	use Concrete\Core\Permission\Access\Entity\GroupEntity as GroupPermissionAccessEntity;
	use Concrete\Core\Permission\Access\Entity\UserEntity as UserPermissionAccessEntity;
	use Concrete\Core\Support\Facade\Application;
	use Concrete\Core\User\Group\Group as UserGroup;

	use PermissionKey;
	use UserInfo;

	// assumes Advanced Permissions have been enabled

	function adjustPermissions(
	File $f,
	string $fileSetName,
	string $fileStorageLocationName, // for security, this should reside outside of webroot
	string $groupName,
	int $uID)
	{
	// add file to file set
	$fs = FileSet::createAndGetSet($fileSetName, FileSet::TYPE_PUBLIC, 1);
	$fs->addFileToSet($f);

	// assign storage location
	$app = Application::getFacadeApplication();
	$location = $app[FileStorageLocationFactory::class]->fetchByName($fileStorageLocationName)[0];
	$f->setFileStorageLocation($location);

	// override parent folder permissions
	$f->resetPermissions(1);

	// remove Guest access
	$pk = PermissionKey::getByHandle('view_file');
	$pk->setPermissionObject($f);
	$pa = $pk->getPermissionAccessObject();
	$pe = GroupPermissionAccessEntity::getOrCreate(UserGroup::getByID(GUEST_GROUP_ID));
	$pa->removeListItem($pe);

	// enable access by passed-in group
	$g = UserGroup::getByName($groupName);
	if (is_object($g)) {
	$pae = GroupPermissionAccessEntity::getOrCreate($g);
	$pa->addListItem($pae, false, PermissionKey::ACCESS_TYPE_INCLUDE);
	}

	// enable access by passed-in user
	$ui = UserInfo::getByID($uID);
	if (is_object($ui)) {
	$pae = UserPermissionAccessEntity::getOrCreate($ui);
	$pa->addListItem($pae, false, PermissionKey::ACCESS_TYPE_INCLUDE);
	}

	// apply the above access settings
	$pa->markAsInUse();
	}