I don't think it's even possible to use such method in the 1st place, since Cloud Storage doesn't actually have directories, file objects just appear to be residing in directories due to the '/'
characters in their names, but they really are in the single flat namespace corresponding to the entire bucket. From Object name considerations:
Object names reside in a flat namespace within a bucket, which means
that different buckets can have objects with the same name. It also
means that objects do not reside within subdirectories in a bucket.
For example, you can name an object /europe/france/paris.jpg
to make
it appear that paris.jpg
resides in the subdirectory
/europe/france
, but to Cloud Storage, the object simply exists in
the bucket and has the name /europe/france/paris.jpg
.
The proper ways to implement access control in Cloud Storage are described in Access Control Options.
To me the most appealing one for uploading the cover photo appears to be using Signed URLs, which allows access restricted to just a single file/object and only for a limited time, thus preventing upload of multiple files (which appears to be your concern) as well as overwriting the uploaded image after that limited time expires:
This page provides an overview of Signed URLs, which is a mechanism
for query string authentication for buckets and objects. Signed URLs
provide a way to give time-limited read or write access to anyone in
possession of the URL, regardless of whether they have a Google
account. To learn how to create a Signed URL, read Creating Signed
URLs with gsutil and Creating Signed URLs with a Program.
Since you plan to do it from your code, the 2nd approach from the above quote is what you need - essentially boiling down to sending a particular POST request to a specially crafted URL.