[full-ci] Bump libre-graph-api-go and drive group permissions (#5312)

* Bump libre-graph-api-go Expose drive group permissions Co-authored-by: kobergj <jkoberg@owncloud.com>
2025-12-31 09:20:15 -06:00 · 2022-12-30 17:23:56 +01:00
parent d8bc4a7ddc
commit 21797fb22d
8 changed files with 64 additions and 22 deletions
--- a/.drone.star
+++ b/.drone.star
@@ -136,8 +136,13 @@ config = {
        "skipExceptParts": [],
        "earlyFail": True,
    },
+    # disable ocis e2e tests for this pr.
+    # ocis needs the web pr to pass, but that pr needs this pr to pass, circular problems....
+    # will be re-enabled after the web-pr passed and web is bumped in ocis.
+    # https://github.com/owncloud/ocis/pull/5312
+    # https://github.com/owncloud/web/pull/8171
    "e2eTests": {
-        "skip": False,
+        "skip": True,
        "earlyFail": True,
    },
    "settingsUITests": {
--- a/changelog/unreleased/bump-libregraph.md
+++ b/changelog/unreleased/bump-libregraph.md
@@ -0,0 +1,10 @@
+Enhancement: Bump libre-graph-api-go
+
+We fixed a couple of issues in libre-graph-api-go package.
+
+* rename drive permission grantedTo to grantedToIdentities to be ms graph spec compatible.
+* drive.name is a required property now.
+* add group property to the identitySet.
+
+https://github.com/owncloud/ocis/pull/5309
+https://github.com/owncloud/ocis/pull/5312
--- a/changelog/unreleased/drive-group-permissions.md
+++ b/changelog/unreleased/drive-group-permissions.md
@@ -0,0 +1,5 @@
+Enhancement: Drive group permissions
+
+We've updated the libregraph.Drive response to contain group permissions.
+
+https://github.com/owncloud/ocis/pull/5312
--- a/go.mod
+++ b/go.mod
@@ -54,7 +54,7 @@ require (
 	github.com/onsi/ginkgo/v2 v2.5.0
 	github.com/onsi/gomega v1.24.1
 	github.com/orcaman/concurrent-map v1.0.0
-	github.com/owncloud/libre-graph-api-go v1.0.1-0.20221220084037-8c6f7ea26400
+	github.com/owncloud/libre-graph-api-go v1.0.1
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.14.0
 	github.com/rs/zerolog v1.28.0
--- a/go.sum
+++ b/go.sum
@@ -1055,8 +1055,8 @@ github.com/oracle/oci-go-sdk v24.3.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35uk
 github.com/orcaman/concurrent-map v1.0.0 h1:I/2A2XPCb4IuQWcQhBhSwGfiuybl/J0ev9HDbW65HOY=
 github.com/orcaman/concurrent-map v1.0.0/go.mod h1:Lu3tH6HLW3feq74c2GC+jIMS/K2CFcDWnWD9XkenwhI=
 github.com/ovh/go-ovh v1.1.0/go.mod h1:AxitLZ5HBRPyUd+Zl60Ajaag+rNTdVXWIkzfrVuTXWA=
-github.com/owncloud/libre-graph-api-go v1.0.1-0.20221220084037-8c6f7ea26400 h1:E8+qYjS2P21dE4gGVep0JAqPleL74wugwnXSHKAoDp4=
-github.com/owncloud/libre-graph-api-go v1.0.1-0.20221220084037-8c6f7ea26400/go.mod h1:579sFrPP7aP24LZXGPopLfvE+hAka/2DYHk0+Ij+w+U=
+github.com/owncloud/libre-graph-api-go v1.0.1 h1:wj3aQQr/yDPoc97ddg7DCadvMx6ui6N7re/oRV9+yNs=
+github.com/owncloud/libre-graph-api-go v1.0.1/go.mod h1:579sFrPP7aP24LZXGPopLfvE+hAka/2DYHk0+Ij+w+U=
 github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c h1:rp5dCmg/yLR3mgFuSOe4oEnDDmGLROTvMragMUXpTQw=
 github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c/go.mod h1:X07ZCGwUbLaax7L0S3Tw4hpejzu63ZrrQiUe6W0hcy0=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
--- a/services/graph/pkg/service/v0/drives.go
+++ b/services/graph/pkg/service/v0/drives.go
@@ -538,29 +538,51 @@ func (g Graph) cs3StorageSpaceToDrive(ctx context.Context, baseURL *url.URL, spa

 	var permissions []libregraph.Permission
 	if space.Opaque != nil {
-		var m map[string]*storageprovider.ResourcePermissions
-		entry, ok := space.Opaque.Map["grants"]
+		var permissionsMap map[string]*storageprovider.ResourcePermissions
+		var groupsMap map[string]struct{}
+
+		opaqueGrants, ok := space.Opaque.Map["grants"]
 		if ok {
-			err := json.Unmarshal(entry.Value, &m)
+			err := json.Unmarshal(opaqueGrants.Value, &permissionsMap)
 			if err != nil {
 				logger.Debug().
 					Err(err).
 					Interface("space", space.Root).
-					Bytes("grants", entry.Value).
+					Bytes("grants", opaqueGrants.Value).
 					Msg("unable to parse space: failed to read spaces grants")
 			}
 		}
-		if len(m) != 0 {
+
+		opaqueGroups, ok := space.Opaque.Map["groups"]
+		if ok {
+			err := json.Unmarshal(opaqueGroups.Value, &groupsMap)
+			if err != nil {
+				logger.Debug().
+					Err(err).
+					Interface("space", space.Root).
+					Bytes("groups", opaqueGroups.Value).
+					Msg("unable to parse space: failed to read spaces groups")
+			}
+		}
+
+		if len(permissionsMap) != 0 {
 			managerIdentities := []libregraph.IdentitySet{}
 			editorIdentities := []libregraph.IdentitySet{}
 			viewerIdentities := []libregraph.IdentitySet{}

-			for id, perm := range m {
+			for id, perm := range permissionsMap {
 				// This temporary variable is necessary since we need to pass a pointer to the
 				// libregraph.Identity and if we pass the pointer from the loop every identity
 				// will have the same id.
 				tmp := id
-				identity := libregraph.IdentitySet{User: &libregraph.Identity{Id: &tmp}}
+				var identity libregraph.IdentitySet
+
+				if _, ok := groupsMap[id]; !ok {
+					identity = libregraph.IdentitySet{User: &libregraph.Identity{Id: &tmp}}
+				} else {
+					identity = libregraph.IdentitySet{Group: &libregraph.Identity{Id: &tmp}}
+				}
+
 				// we need to map the permissions to the roles
 				switch {
 				// having RemoveGrant qualifies you as a manager
@@ -578,20 +600,20 @@ func (g Graph) cs3StorageSpaceToDrive(ctx context.Context, baseURL *url.URL, spa
 			permissions = make([]libregraph.Permission, 0, 3)
 			if len(managerIdentities) != 0 {
 				permissions = append(permissions, libregraph.Permission{
-					GrantedTo: managerIdentities,
-					Roles:     []string{"manager"},
+					GrantedToIdentities: managerIdentities,
+					Roles:               []string{"manager"},
 				})
 			}
 			if len(editorIdentities) != 0 {
 				permissions = append(permissions, libregraph.Permission{
-					GrantedTo: editorIdentities,
-					Roles:     []string{"editor"},
+					GrantedToIdentities: editorIdentities,
+					Roles:               []string{"editor"},
 				})
 			}
 			if len(viewerIdentities) != 0 {
 				permissions = append(permissions, libregraph.Permission{
-					GrantedTo: viewerIdentities,
-					Roles:     []string{"viewer"},
+					GrantedToIdentities: viewerIdentities,
+					Roles:               []string{"viewer"},
 				})
 			}
 		}
--- a/tests/acceptance/features/apiSpacesShares/shareSpaces.feature
+++ b/tests/acceptance/features/apiSpacesShares/shareSpaces.feature
@@ -37,9 +37,9 @@ Feature: Share spaces
  Scenario: A user can see who has been granted access
    Given user "Alice" has shared a space "share space" to user "Brian" with role "viewer"
    And the user "Alice" should have a space called "share space" granted to "Brian" with these key and value pairs:
-      | key                                                | value     |
-      | root@@@permissions@@@1@@@grantedTo@@@0@@@user@@@id | %user_id% |
-      | root@@@permissions@@@1@@@roles@@@0                 | viewer    |
+      | key                                                          | value     |
+      | root@@@permissions@@@1@@@grantedToIdentities@@@0@@@user@@@id | %user_id% |
+      | root@@@permissions@@@1@@@roles@@@0                           | viewer    |


  Scenario: A user can see a file in a received shared space
--- a/tests/acceptance/features/bootstrap/SpacesContext.php
+++ b/tests/acceptance/features/bootstrap/SpacesContext.php
@@ -1018,8 +1018,8 @@ class SpacesContext implements Context {

 		$userRole = "";
 		foreach ($permissions as $permission) {
-			foreach ($permission["grantedTo"] as $grantedTo) {
-				if ($grantedTo["user"]["id"] === $userId) {
+			foreach ($permission["grantedToIdentities"] as $grantedToIdentities) {
+				if ($grantedToIdentities["user"]["id"] === $userId) {
 					$userRole = $permission["roles"][0];
 				}
 			}