Make all files in S3 directory private or public

Once I’ve got a task to make a lot of files stored on S3 private. In my project I used carrierwave and fog.
All files were public by default.

In order not to make many requests to AWS, I’ve decided to change bucket policy instead of ACL of each file.

require 'fog'

class Storage
  def make_directory_private!(dirname)
    policy    = s3.get_bucket_policy bucket
    statement = private_statement dirname

    return if policy['Statement'].include? statement

    policy['Statement'].push statement
    s3.put_bucket_policy bucket, policy
  end

  def make_directory_public!(dirname)
    policy    = s3.get_bucket_policy bucket
    statement = private_statement dirname

    return unless policy['Statement'].include? statement

    policy['Statement'].delete statement
    s3.put_bucket_policy bucket, policy
  end

  def private_statement(dirname)
    {
      "Sid"       => "Private#{dirname}",
      "Effect"    => "Deny",
      "Principal" => {"AWS" => "*"},
      "Action"    => "s3:GetObject",
      "Resource"  => "arn:aws:s3:::#{bucket}/#{dirname}/*"
    }
  end

  def bucket
    "*************"
  end

  def s3
    @s3 ||= Fog::Storage.new({
      provider: 'AWS',
      aws_access_key_id: '**************',
      aws_secret_access_key: '***************'
    })
  end
end

Storage.new.make_directory_private!('user_42')
Storage.new.make_directory_public!('user_42')