diff --git a/services/collaboration/pkg/connector/fileconnector.go b/services/collaboration/pkg/connector/fileconnector.go index dc1afb29c..20f516f36 100644 --- a/services/collaboration/pkg/connector/fileconnector.go +++ b/services/collaboration/pkg/connector/fileconnector.go @@ -1198,6 +1198,7 @@ func (f *FileConnector) CheckFileInfo(ctx context.Context) (*ConnectorResponse, isAnonymousUser := true isPublicShare := false + isAdminUser := false user := ctxpkg.ContextMustGetUser(ctx) if user.String() != "" { // if we have a wopiContext.User @@ -1207,6 +1208,12 @@ func (f *FileConnector) CheckFileInfo(ctx context.Context) (*ConnectorResponse, isAnonymousUser = false userFriendlyName = user.GetDisplayName() userId = hexEncodedWopiUserId + + isAdminUser, err = utils.CheckPermission(ctx, "WebOffice.Manage", gwc) + if err != nil { + logger.Error().Err(err).Msg("CheckPermission failed") + isAdminUser = false + } } } @@ -1268,6 +1275,7 @@ func (f *FileConnector) CheckFileInfo(ctx context.Context) (*ConnectorResponse, fileinfo.KeySupportsRename: true, fileinfo.KeyIsAnonymousUser: isAnonymousUser, + fileinfo.KeyIsAdminUser: isAdminUser, fileinfo.KeyUserFriendlyName: userFriendlyName, fileinfo.KeyUserID: userId, diff --git a/services/collaboration/pkg/connector/fileconnector_test.go b/services/collaboration/pkg/connector/fileconnector_test.go index 3fdeae3aa..4a326fe44 100644 --- a/services/collaboration/pkg/connector/fileconnector_test.go +++ b/services/collaboration/pkg/connector/fileconnector_test.go @@ -1671,6 +1671,13 @@ var _ = Describe("FileConnector", func() { } ctx = ctxpkg.ContextSetUser(ctx, u) + gatewayClient.On("CheckPermission", mock.Anything, mock.Anything).Return( + &permissions.CheckPermissionResponse{ + Status: status.NewOK(ctx), + }, + nil, + ) + gatewayClient.On("Stat", mock.Anything, mock.Anything).Times(1).Return(&providerv1beta1.StatResponse{ Status: status.NewOK(ctx), Info: &providerv1beta1.ResourceInfo{ diff --git a/services/collaboration/pkg/connector/fileinfo/collabora.go b/services/collaboration/pkg/connector/fileinfo/collabora.go index 82b157361..fc761395b 100644 --- a/services/collaboration/pkg/connector/fileinfo/collabora.go +++ b/services/collaboration/pkg/connector/fileinfo/collabora.go @@ -56,6 +56,8 @@ type Collabora struct { SaveAsPostmessage bool `json:"SaveAsPostmessage,omitempty"` // If set to true, it allows the document owner (the one with OwnerId =UserId) to send a closedocument message (see protocol.txt) EnableOwnerTermination bool `json:"EnableOwnerTermination,omitempty"` + // If set to true, the user has administrator rights in the integration. Some functionality of Collabora Online, such as update check and server audit are supposed to be shown to administrators only. + IsAdminUser bool `json:"IsAdminUser"` // JSON object that contains additional info about the user, namely the avatar image. //UserExtraInfo -> requires definition, currently not used @@ -131,6 +133,8 @@ func (cinfo *Collabora) SetProperties(props map[string]interface{}) { //UserPrivateInfo -> requires definition, currently not used case KeyWatermarkText: cinfo.WatermarkText = value.(string) + case KeyIsAdminUser: + cinfo.IsAdminUser = value.(bool) case KeyEnableShare: cinfo.EnableShare = value.(bool) diff --git a/services/collaboration/pkg/connector/fileinfo/fileinfo.go b/services/collaboration/pkg/connector/fileinfo/fileinfo.go index 72f8ae74d..8791449d3 100644 --- a/services/collaboration/pkg/connector/fileinfo/fileinfo.go +++ b/services/collaboration/pkg/connector/fileinfo/fileinfo.go @@ -50,6 +50,7 @@ const ( KeyIsAnonymousUser = "IsAnonymousUser" KeyIsEduUser = "IsEduUser" + KeyIsAdminUser = "IsAdminUser" KeyLicenseCheckForEditIsEnabled = "LicenseCheckForEditIsEnabled" KeyUserFriendlyName = "UserFriendlyName" KeyUserInfo = "UserInfo" diff --git a/services/settings/pkg/store/defaults/defaults.go b/services/settings/pkg/store/defaults/defaults.go index 998a45766..809757d59 100644 --- a/services/settings/pkg/store/defaults/defaults.go +++ b/services/settings/pkg/store/defaults/defaults.go @@ -140,6 +140,7 @@ func generateBundleAdminRole() *settingsmsg.Bundle { SetProjectSpaceQuotaPermission(All), SettingsManagementPermission(All), SpaceAbilityPermission(All), + WebOfficManagementPermssion(All), WriteFavoritesPermission(Own), }, } @@ -659,9 +660,9 @@ func DefaultRoleAssignments(cfg *config.Config) []*settingsmsg.UserRoleAssignmen RoleId: BundleUUIDRoleUser, }, { - AccountUuid: "60708dda-e897-11ef-919f-bbb7437d6ec2", - RoleId: BundleUUIDRoleUser, - }, + AccountUuid: "60708dda-e897-11ef-919f-bbb7437d6ec2", + RoleId: BundleUUIDRoleUser, + }, { // additional admin user AccountUuid: "cd88bf9a-dd7f-11ef-a609-7f78deb2345f", // demo user "dennis" diff --git a/services/settings/pkg/store/defaults/permissions.go b/services/settings/pkg/store/defaults/permissions.go index 526a92d71..e73d07eb4 100644 --- a/services/settings/pkg/store/defaults/permissions.go +++ b/services/settings/pkg/store/defaults/permissions.go @@ -621,3 +621,22 @@ func WriteFavoritesPermission(c settingsmsg.Permission_Constraint) *settingsmsg. }, } } + +// WebOfficManagementPermssion is the permission to mark/unmark files as favorites +func WebOfficManagementPermssion(c settingsmsg.Permission_Constraint) *settingsmsg.Setting { + return &settingsmsg.Setting{ + Id: "27a29046-a816-424f-bd71-2ffb9029162f", + Name: "WebOffice.Manage", + DisplayName: "Manage WebOffice", + Description: "This permission gives access to the admin featuer in the WebOffice suite.", + Resource: &settingsmsg.Resource{ + Type: settingsmsg.Resource_TYPE_SYSTEM, + }, + Value: &settingsmsg.Setting_PermissionValue{ + PermissionValue: &settingsmsg.Permission{ + Operation: settingsmsg.Permission_OPERATION_READWRITE, + Constraint: c, + }, + }, + } +}