mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-07 21:00:30 -06:00
Code Issues Packages Projects Releases Wiki Activity

forbid adding the federated users as members of the space via items invite

Browse Source
This commit is contained in:
Roman Perekhod
2024-10-11 14:36:41 +02:00
parent 3d45d84b2e
commit 3afc378ba9
2 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
changelog/unreleased/fix-ocm-space-sharing.md Normal file
View File

@@ -0,0 +1,6 @@
Bugfix: Forbid the ocm space sharing
We forbid adding the federated users as members of the space via items invite.
https://github.com/owncloud/ocis/pull/10287
https://github.com/owncloud/ocis/issues/10051

11
services/graph/pkg/service/v0/api_driveitem_permissions.go
View File

@@ -173,6 +173,9 @@ func (s DriveItemPermissionsService) Invite(ctx context.Context, resourceId *sto
if errors.Is(err, identity.ErrNotFound) && s.config.IncludeOCMSharees {
user, err = s.identityCache.GetAcceptedUser(ctx, objectID)
federated = true
if err == nil && IsSpaceRoot(statResponse.GetInfo().GetId()) {
return libregraph.Permission{}, errorcode.New(errorcode.InvalidRequest, "federated user can not become a space member")
}
}
if err != nil {
s.logger.Debug().Err(err).Interface("userId", objectID).Msg("failed user lookup")
@@ -325,14 +328,6 @@ func (s DriveItemPermissionsService) SpaceRootInvite(ctx context.Context, driveI
return libregraph.Permission{}, errorcode.New(errorcode.InvalidRequest, "unsupported space type")
}
if s.config.IncludeOCMSharees && len(invite.GetRecipients()) > 0 {
objectID := invite.GetRecipients()[0].GetObjectId()
_, err := s.identityCache.GetAcceptedUser(ctx, objectID)
if err == nil {
return libregraph.Permission{}, errorcode.New(errorcode.InvalidRequest, "federated user can not become a space member")
}
}
rootResourceID := space.GetRoot()
return s.Invite(ctx, rootResourceID, invite)
}