From 1938495a894de9d52dbbda9d0b986b7ce6752c7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Sw=C3=A4rd?= Date: Mon, 17 Apr 2023 10:38:51 +0200 Subject: [PATCH] Change to single env variable and list of strings as suggested in review. --- services/frontend/README.md | 12 ++-------- services/frontend/pkg/config/config.go | 23 +++++-------------- .../pkg/config/defaults/defaultconfig.go | 10 -------- services/frontend/pkg/revaconfig/config.go | 23 ++++--------------- 4 files changed, 12 insertions(+), 56 deletions(-) diff --git a/services/frontend/README.md b/services/frontend/README.md index fd2f1cf3d3..2c606acf14 100644 --- a/services/frontend/README.md +++ b/services/frontend/README.md @@ -29,13 +29,5 @@ While the frontend service does not persist any data it does cache `Stat()` resp ## Libregraph Service Interactions A lot of user management is done via a standardized libregraph API. Depending on how the system is configured, there might be some attributes for users that an ocis instance admin user can't change because of properties -coming from an external LDAP server, or similar. This can be the case when the ocis admin is not the LDAP admin. To make life easier for admin users, there are hints as capabilites telling the frontend which attributes are read-only or not, so they can be shown in the frontend differently. To configure these hints the following environment variables are available: - -- FRONTEND_READONLY_ATTRIBUTES_ACCOUNT_ENABLED: Defaults to false -- FRONTEND_READONLY_ATTRIBUTES_DISPLAY_NAME: Defaults to true -- FRONTEND_READONLY_ATTRIBUTES_GIVEN_NAME: Defaults to true -- FRONTEND_READONLY_ATTRIBUTES_ID: Defaults to true -- FRONTEND_READONLY_ATTRIBUTES_MAIL: Defaults to true -- FRONTEND_READONLY_ATTRIBUTES_ON_PREMISES_SAM_ACCOUNT_NAME: Defaults to true -- FRONTEND_READONLY_ATTRIBUTES_SURNAME: Defaults to true -- FRONTEND_READONLY_ATTRIBUTES_QUOTA: Defaults to false +coming from an external LDAP server, or similar. This can be the case when the ocis admin is not the LDAP admin. To make life easier for admin users, there are hints as capabilites telling the frontend which attributes are read-only or not, so they can be shown in the frontend differently. To configure these hints we have the environment variable FRONTEND_READONLY_USER_ATTRIBUTES, +which takes a comma separated list of attributes. diff --git a/services/frontend/pkg/config/config.go b/services/frontend/pkg/config/config.go index 0dc0dfd204..07adb2289b 100644 --- a/services/frontend/pkg/config/config.go +++ b/services/frontend/pkg/config/config.go @@ -39,12 +39,12 @@ type Config struct { PublicURL string `yaml:"public_url" env:"OCIS_URL;FRONTEND_PUBLIC_URL" desc:"The public facing URL of the oCIS frontend."` - AppHandler AppHandler `yaml:"app_handler"` - Archiver Archiver `yaml:"archiver"` - DataGateway DataGateway `yaml:"data_gateway"` - OCS OCS `yaml:"ocs"` - Checksums Checksums `yaml:"checksums"` - ReadyOnlyAttributes ReadyOnlyAttributes `yaml:"read_only_attributes"` + AppHandler AppHandler `yaml:"app_handler"` + Archiver Archiver `yaml:"archiver"` + DataGateway DataGateway `yaml:"data_gateway"` + OCS OCS `yaml:"ocs"` + Checksums Checksums `yaml:"checksums"` + ReadOnlyUserAttributes string `yaml:"read_only_user_attributes" env:"FRONTEND_READONLY_USER_ATTRIBUTES" desc:"Comma separated list of user attributes to indicate as read-only."` Middleware Middleware `yaml:"middleware"` @@ -161,14 +161,3 @@ type Checksums struct { SupportedTypes []string `yaml:"supported_types" env:"FRONTEND_CHECKSUMS_SUPPORTED_TYPES" desc:"Define the checksum types that indicate to clients which hashes the server can use to verify upload integrity. You can provide multiple types separated by blank or comma. Supported types are 'sha1', 'md5' and 'adler32'."` PreferredUploadType string `yaml:"preferred_upload_type" env:"FRONTEND_CHECKSUMS_PREFERRED_UPLOAD_TYPE" desc:"The supported checksum type for uploads that indicates to clients supporting multiple hash algorithms which one is preferred by the server. Must be one out of the defined list of SUPPORTED_TYPES."` } - -type ReadyOnlyAttributes struct { - AccountEnabled bool `yaml:"account_enabled" env:"FRONTEND_READONLY_ATTRIBUTES_ACCOUNT_ENABLED" desc:"Flag to indicate if account_enabled attribute is read-only. Defaults to false."` - DisplayName bool `yaml:"display_name" env:"FRONTEND_READONLY_ATTRIBUTES_DISPLAY_NAME" desc:"Flag to indicate if display_name attribute is read-only. Defaults to true."` - GivenName bool `yaml:"given_name" env:"FRONTEND_READONLY_ATTRIBUTES_GIVEN_NAME" desc:"Flag to indicate if given_name attribute is read-only. Defaults to true."` - ID bool `yaml:"id" env:"FRONTEND_READONLY_ATTRIBUTES_ID" desc:"Flag to indicate if id attribute is read-only. Defaults to true."` - Mail bool `yaml:"mail" env:"FRONTEND_READONLY_ATTRIBUTES_MAIL" desc:"Flag to indicate if mail attribute is read-only. Defaults to true."` - OnPremisesSamAccountName bool `yaml:"on_premises_sam_account_name" env:"FRONTEND_READONLY_ATTRIBUTES_ON_PREMISES_SAM_ACCOUNT_NAME" desc:"Flag to indicate if on_premises_sam_account_name attribute is read-only. Defaults to true."` - Surname bool `yaml:"surname" env:"FRONTEND_READONLY_ATTRIBUTES_SURNAME" desc:"Flag to indicate if surname attribute is read-only. Defaults to true."` - Quota bool `yaml:"quota" env:"FRONTEND_READONLY_ATTRIBUTES_QUOTA" desc:"Flag to indicate if quota attribute read-only. Defaults to false."` -} diff --git a/services/frontend/pkg/config/defaults/defaultconfig.go b/services/frontend/pkg/config/defaults/defaultconfig.go index 589e2f8345..ed03512773 100644 --- a/services/frontend/pkg/config/defaults/defaultconfig.go +++ b/services/frontend/pkg/config/defaults/defaultconfig.go @@ -89,16 +89,6 @@ func DefaultConfig() *config.Config { SupportedTypes: []string{"sha1", "md5", "adler32"}, PreferredUploadType: "sha1", }, - ReadyOnlyAttributes: config.ReadyOnlyAttributes{ - AccountEnabled: false, - DisplayName: true, - GivenName: true, - ID: true, - Mail: true, - OnPremisesSamAccountName: true, - Surname: true, - Quota: false, - }, AppHandler: config.AppHandler{ Prefix: "app", }, diff --git a/services/frontend/pkg/revaconfig/config.go b/services/frontend/pkg/revaconfig/config.go index 2c0f22c83b..8eeca607d4 100644 --- a/services/frontend/pkg/revaconfig/config.go +++ b/services/frontend/pkg/revaconfig/config.go @@ -4,6 +4,7 @@ import ( "net/url" "path" "strconv" + "strings" "github.com/owncloud/ocis/v2/ocis-pkg/version" "github.com/owncloud/ocis/v2/services/frontend/pkg/config" @@ -63,23 +64,7 @@ func FrontendConfigFromStruct(cfg *config.Config) (map[string]interface{}, error } } - read_only_attributes_map := map[string]bool{ - "account_enabled": cfg.ReadyOnlyAttributes.AccountEnabled, - "display_name": cfg.ReadyOnlyAttributes.DisplayName, - "given_name": cfg.ReadyOnlyAttributes.GivenName, - "id": cfg.ReadyOnlyAttributes.ID, - "mail": cfg.ReadyOnlyAttributes.Mail, - "on_premises_sam_account_name": cfg.ReadyOnlyAttributes.OnPremisesSamAccountName, - "surname": cfg.ReadyOnlyAttributes.Surname, - "quota": cfg.ReadyOnlyAttributes.Quota, - } - - var read_only_attributes []string - for k, v := range read_only_attributes_map { - if v { - read_only_attributes = append(read_only_attributes, k) - } - } + ReadOnlyUserAttributes := strings.Split(cfg.ReadOnlyUserAttributes, ",") return map[string]interface{}{ "core": map[string]interface{}{ @@ -216,8 +201,8 @@ func FrontendConfigFromStruct(cfg *config.Config) (map[string]interface{}, error "support_url_signing": true, }, "graph": map[string]interface{}{ - "personal_data_export": true, - "read_only_attributes": read_only_attributes, + "personal_data_export": true, + "read_only_user_attributes": ReadOnlyUserAttributes, }, "checksums": map[string]interface{}{ "supported_types": cfg.Checksums.SupportedTypes,