Merge pull request #5690 from owncloud/create-public-link-permission

add new permission 'publiclink.create' and assign it to the 'Admin', …

changelog/unreleased/public-link-permission.md

@@ -0,0 +1,5 @@
+Enhancement: Add new permission for public links
+
+Added a new permission 'PublicLink.Write' to check if a user can create or update public links.
+
+https://github.com/owncloud/ocis/pull/5690

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/blevesearch/bleve/v2 v2.3.5
 	github.com/coreos/go-oidc/v3 v3.4.0
 	github.com/cs3org/go-cs3apis v0.0.0-20221012090518-ef2996678965
-	github.com/cs3org/reva/v2 v2.12.1-0.20230222151731-83c7b4d26b2b
+	github.com/cs3org/reva/v2 v2.12.1-0.20230301100432-f65cdbafbe3e
 	github.com/disintegration/imaging v1.6.2
 	github.com/ggwhite/go-masker v1.0.9
 	github.com/go-chi/chi/v5 v5.0.7

go.sum

@@ -346,6 +346,8 @@ github.com/crewjam/saml v0.4.9 h1:X2jDv4dv3IvfT9t+RhADavzNFAcq3fVxzTCIH3G605U=
 github.com/crewjam/saml v0.4.9/go.mod h1:9Zh6dWPtB3MSzTRt8fIFH60Z351QQ+s7hCU3J/tTlA4=
 github.com/cs3org/reva/v2 v2.12.1-0.20230222151731-83c7b4d26b2b h1:wIwnuSyH8tM4dbr16UYEoYF7ESlfxah2q99oz/FscU0=
 github.com/cs3org/reva/v2 v2.12.1-0.20230222151731-83c7b4d26b2b/go.mod h1:dbaNP2U3nGQA5BHLc5w/hqviq7b0F4eygNwC38jeaiU=
+github.com/cs3org/reva/v2 v2.12.1-0.20230301100432-f65cdbafbe3e h1:FMxx/Mr+3HVY9CuTPRI55AGExCRamjMTZlum1ckBBm4=
+github.com/cs3org/reva/v2 v2.12.1-0.20230301100432-f65cdbafbe3e/go.mod h1:dbaNP2U3nGQA5BHLc5w/hqviq7b0F4eygNwC38jeaiU=
 github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8 h1:Z9lwXumT5ACSmJ7WGnFl+OMLLjpz5uR2fyz7dC255FI=
 github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8/go.mod h1:4abs/jPXcmJzYoYGF91JF9Uq9s/KL5n1jvFDix8KcqY=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=

services/settings/pkg/store/defaults/defaults.go

@@ -87,6 +87,11 @@ const (
 	ChangeLogoPermissionID string = "ed83fc10-1f54-4a9e-b5a7-fb517f5f3e01"
 	// ChangeLogoPermissionName is the hardcoded setting name for the change-logo permission
 	ChangeLogoPermissionName string = "change-logo"
+
+	// WritePublicLinkPermissionID is the hardcoded setting UUID for the PublicLink.Write permission
+	WritePublicLinkPermissionID string = "11516bbd-7157-49e1-b6ac-d00c820f980b"
+	// WritePublicLinkPermissionName is the hardcoded setting name for the PublicLink.Write permission
+	WritePublicLinkPermissionName string = "PublicLink.Write"
 )
 
 // GenerateBundlesDefaultRoles bootstraps the default roles.
@@ -280,6 +285,21 @@ func generateBundleAdminRole() *settingsmsg.Bundle {
 					},
 				},
 			},
+			{
+				Id:          WritePublicLinkPermissionID,
+				Name:        WritePublicLinkPermissionName,
+				DisplayName: "Write publiclink",
+				Description: "This permission permits to write a public link.",
+				Resource: &settingsmsg.Resource{
+					Type: settingsmsg.Resource_TYPE_SHARE,
+				},
+				Value: &settingsmsg.Setting_PermissionValue{
+					PermissionValue: &settingsmsg.Permission{
+						Operation:  settingsmsg.Permission_OPERATION_WRITE,
+						Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
+					},
+				},
+			},
 		},
 	}
 }
@@ -416,6 +436,21 @@ func generateBundleSpaceAdminRole() *settingsmsg.Bundle {
 					},
 				},
 			},
+			{
+				Id:          WritePublicLinkPermissionID,
+				Name:        WritePublicLinkPermissionName,
+				DisplayName: "Write publiclink",
+				Description: "This permission permits to write a public link.",
+				Resource: &settingsmsg.Resource{
+					Type: settingsmsg.Resource_TYPE_SHARE,
+				},
+				Value: &settingsmsg.Setting_PermissionValue{
+					PermissionValue: &settingsmsg.Permission{
+						Operation:  settingsmsg.Permission_OPERATION_WRITE,
+						Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
+					},
+				},
+			},
 		},
 	}
 }
@@ -477,6 +512,21 @@ func generateBundleUserRole() *settingsmsg.Bundle {
 					},
 				},
 			},
+			{
+				Id:          WritePublicLinkPermissionID,
+				Name:        WritePublicLinkPermissionName,
+				DisplayName: "Write publiclink",
+				Description: "This permission permits to write a public link.",
+				Resource: &settingsmsg.Resource{
+					Type: settingsmsg.Resource_TYPE_SHARE,
+				},
+				Value: &settingsmsg.Setting_PermissionValue{
+					PermissionValue: &settingsmsg.Permission{
+						Operation:  settingsmsg.Permission_OPERATION_WRITE,
+						Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
+					},
+				},
+			},
 		},
 	}
 }

tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md

@@ -94,11 +94,6 @@ The expected failures in this file are from features in the owncloud/ocis repo.
 - [apiGraph/getUser.feature:23](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L23)
 - [apiGraph/getUser.feature:92](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L92)
 
-#### [GET a file while it's in processing doesn't return 425 code (async uploads)](https://github.com/owncloud/ocis/issues/5326)
-- [apiAsyncUpload/delayPostprocessing.feature:14](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAsyncUpload/delayPostprocessing.feature#L14)
-- [apiAsyncUpload/delayPostprocessing.feature:15](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAsyncUpload/delayPostprocessing.feature#L15)
-- [apiAsyncUpload/delayPostprocessing.feature:16](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAsyncUpload/delayPostprocessing.feature#L16)
-
 #### [Sharing to a group with an expiration date does not work #5442](https://github.com/owncloud/ocis/issues/5442)
 - [apiSpacesShares/shareSubItemOfSpace.feature:105](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpacesShares/shareSubItemOfSpace.feature#L105)