mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-04-29 23:39:35 -05:00
add permissions to the graph drives
This commit is contained in:
David Christofas
@@ -0,0 +1,6 @@
|
||||
Enhancement: Add permissions to graph drives
|
||||
|
||||
Added permissions to graph drives when listing drives.
|
||||
|
||||
https://github.com/owncloud/ocis/pull/3095
|
||||
|
||||
@@ -20,7 +20,7 @@ require (
|
||||
github.com/blevesearch/bleve/v2 v2.3.0
|
||||
github.com/coreos/go-oidc/v3 v3.1.0
|
||||
github.com/cs3org/go-cs3apis v0.0.0-20220126114148-64c025ccdd19
|
||||
github.com/cs3org/reva v1.16.1-0.20220128145007-1011a7b43e7e
|
||||
github.com/cs3org/reva v1.16.1-0.20220204115525-d6a8f9b802df
|
||||
github.com/disintegration/imaging v1.6.2
|
||||
github.com/glauth/glauth/v2 v2.0.0-20211021011345-ef3151c28733
|
||||
github.com/go-chi/chi/v5 v5.0.7
|
||||
@@ -49,7 +49,7 @@ require (
|
||||
github.com/olekukonko/tablewriter v0.0.5
|
||||
github.com/onsi/ginkgo v1.16.5
|
||||
github.com/onsi/gomega v1.18.1
|
||||
github.com/owncloud/libre-graph-api-go v0.9.0
|
||||
github.com/owncloud/libre-graph-api-go v0.10.0
|
||||
github.com/pkg/errors v0.9.1
|
||||
github.com/prometheus/client_golang v1.12.1
|
||||
github.com/rs/zerolog v1.26.1
|
||||
@@ -232,7 +232,7 @@ require (
|
||||
go.uber.org/multierr v1.7.0 // indirect
|
||||
go.uber.org/zap v1.19.1 // indirect
|
||||
golang.org/x/mod v0.5.1 // indirect
|
||||
golang.org/x/net v0.0.0-20211216030914-fe4d6282115f // indirect
|
||||
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
|
||||
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
|
||||
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 // indirect
|
||||
golang.org/x/text v0.3.7 // indirect
|
||||
|
||||
@@ -330,8 +330,8 @@ github.com/crewjam/saml v0.4.5/go.mod h1:qCJQpUtZte9R1ZjUBcW8qtCNlinbO363ooNl02S
|
||||
github.com/cs3org/cato v0.0.0-20200828125504-e418fc54dd5e/go.mod h1:XJEZ3/EQuI3BXTp/6DUzFr850vlxq11I6satRtz0YQ4=
|
||||
github.com/cs3org/go-cs3apis v0.0.0-20220126114148-64c025ccdd19 h1:1jqPH58jCxvbaJ9WLIJ7W2/m622bWS6ChptzljSG6IQ=
|
||||
github.com/cs3org/go-cs3apis v0.0.0-20220126114148-64c025ccdd19/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY=
|
||||
github.com/cs3org/reva v1.16.1-0.20220128145007-1011a7b43e7e h1:LJu/7L7+glzCSSm+1ipdm2HtcZpq3U+f4EMFrdZybOA=
|
||||
github.com/cs3org/reva v1.16.1-0.20220128145007-1011a7b43e7e/go.mod h1:EAKoGXYmyIKmUSq/fgmAsTGHgrgwSb1PffGiA/AmgSo=
|
||||
github.com/cs3org/reva v1.16.1-0.20220204115525-d6a8f9b802df h1:/O490cMDEtm6SyGBA102LYbDzKynQsSDfaypfqM7+S8=
|
||||
github.com/cs3org/reva v1.16.1-0.20220204115525-d6a8f9b802df/go.mod h1:EAKoGXYmyIKmUSq/fgmAsTGHgrgwSb1PffGiA/AmgSo=
|
||||
github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8 h1:Z9lwXumT5ACSmJ7WGnFl+OMLLjpz5uR2fyz7dC255FI=
|
||||
github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8/go.mod h1:4abs/jPXcmJzYoYGF91JF9Uq9s/KL5n1jvFDix8KcqY=
|
||||
github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
|
||||
@@ -1100,8 +1100,8 @@ github.com/orcaman/concurrent-map v0.0.0-20210501183033-44dafcb38ecc/go.mod h1:L
|
||||
github.com/orcaman/concurrent-map v1.0.0 h1:I/2A2XPCb4IuQWcQhBhSwGfiuybl/J0ev9HDbW65HOY=
|
||||
github.com/orcaman/concurrent-map v1.0.0/go.mod h1:Lu3tH6HLW3feq74c2GC+jIMS/K2CFcDWnWD9XkenwhI=
|
||||
github.com/ovh/go-ovh v1.1.0/go.mod h1:AxitLZ5HBRPyUd+Zl60Ajaag+rNTdVXWIkzfrVuTXWA=
|
||||
github.com/owncloud/libre-graph-api-go v0.9.0 h1:hMgjztJRCe1kRYqZ+w0paMFFzeUUpBX2o1TPNMNTmdU=
|
||||
github.com/owncloud/libre-graph-api-go v0.9.0/go.mod h1:579sFrPP7aP24LZXGPopLfvE+hAka/2DYHk0+Ij+w+U=
|
||||
github.com/owncloud/libre-graph-api-go v0.10.0 h1:4PPA7MBbf9du04WOty4jayyjLfs9C4Ei5rokhSoy1Bw=
|
||||
github.com/owncloud/libre-graph-api-go v0.10.0/go.mod h1:579sFrPP7aP24LZXGPopLfvE+hAka/2DYHk0+Ij+w+U=
|
||||
github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c h1:rp5dCmg/yLR3mgFuSOe4oEnDDmGLROTvMragMUXpTQw=
|
||||
github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c/go.mod h1:X07ZCGwUbLaax7L0S3Tw4hpejzu63ZrrQiUe6W0hcy0=
|
||||
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
|
||||
@@ -1609,8 +1609,9 @@ golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qx
|
||||
golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20211111083644-e5c967477495/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20211216030914-fe4d6282115f h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM=
|
||||
golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk=
|
||||
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
|
||||
@@ -215,7 +215,7 @@ func (g Graph) CreateDrive(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
newDrive, err := cs3StorageSpaceToDrive(wdu, resp.StorageSpace)
|
||||
newDrive, err := g.cs3StorageSpaceToDrive(wdu, resp.StorageSpace)
|
||||
if err != nil {
|
||||
g.logger.Error().Err(err).Msg("error parsing space")
|
||||
errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, err.Error())
|
||||
@@ -314,7 +314,7 @@ func (g Graph) UpdateDrive(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
updatedDrive, err := cs3StorageSpaceToDrive(wdu, resp.StorageSpace)
|
||||
updatedDrive, err := g.cs3StorageSpaceToDrive(wdu, resp.StorageSpace)
|
||||
if err != nil {
|
||||
g.logger.Error().Err(err).Msg("error parsing space")
|
||||
errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, err.Error())
|
||||
@@ -328,7 +328,7 @@ func (g Graph) UpdateDrive(w http.ResponseWriter, r *http.Request) {
|
||||
func (g Graph) formatDrives(ctx context.Context, baseURL *url.URL, mds []*storageprovider.StorageSpace) ([]*libregraph.Drive, error) {
|
||||
responses := make([]*libregraph.Drive, 0, len(mds))
|
||||
for _, space := range mds {
|
||||
res, err := cs3StorageSpaceToDrive(baseURL, space)
|
||||
res, err := g.cs3StorageSpaceToDrive(baseURL, space)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -406,13 +406,69 @@ func (g Graph) ListStorageSpacesWithFilters(ctx context.Context, filters []*stor
|
||||
return res, err
|
||||
}
|
||||
|
||||
func cs3StorageSpaceToDrive(baseURL *url.URL, space *storageprovider.StorageSpace) (*libregraph.Drive, error) {
|
||||
func (g Graph) cs3StorageSpaceToDrive(baseURL *url.URL, space *storageprovider.StorageSpace) (*libregraph.Drive, error) {
|
||||
rootID := space.Root.StorageId + "!" + space.Root.OpaqueId
|
||||
if space.Root.StorageId == space.Root.OpaqueId {
|
||||
// omit opaqueid
|
||||
rootID = space.Root.StorageId
|
||||
}
|
||||
|
||||
var permissions []libregraph.Permission
|
||||
if space.Opaque != nil {
|
||||
var m map[string]*storageprovider.ResourcePermissions
|
||||
entry, ok := space.Opaque.Map["grants"]
|
||||
if ok {
|
||||
err := json.Unmarshal(entry.Value, &m)
|
||||
if err != nil {
|
||||
g.logger.Error().
|
||||
Err(err).
|
||||
Str("space", space.Root.OpaqueId).
|
||||
Msg("failed to read spaces grants")
|
||||
}
|
||||
}
|
||||
if len(m) != 0 {
|
||||
managerIdentities := []libregraph.IdentitySet{}
|
||||
editorIdentities := []libregraph.IdentitySet{}
|
||||
viewerIdentities := []libregraph.IdentitySet{}
|
||||
|
||||
for id, perm := range m {
|
||||
// This temporary variable is necessary since we need to pass a pointer to the
|
||||
// libregraph.Identity and if we pass the pointer from the loop every identity
|
||||
// will have the same id.
|
||||
tmp := id
|
||||
identity := libregraph.IdentitySet{User: &libregraph.Identity{Id: &tmp}}
|
||||
switch {
|
||||
case perm.AddGrant:
|
||||
managerIdentities = append(managerIdentities, identity)
|
||||
case perm.InitiateFileUpload:
|
||||
editorIdentities = append(editorIdentities, identity)
|
||||
case perm.Stat:
|
||||
viewerIdentities = append(viewerIdentities, identity)
|
||||
}
|
||||
}
|
||||
|
||||
permissions = make([]libregraph.Permission, 0, 3)
|
||||
if len(managerIdentities) != 0 {
|
||||
permissions = append(permissions, libregraph.Permission{
|
||||
GrantedTo: managerIdentities,
|
||||
Roles: []string{"manager"},
|
||||
})
|
||||
}
|
||||
if len(editorIdentities) != 0 {
|
||||
permissions = append(permissions, libregraph.Permission{
|
||||
GrantedTo: editorIdentities,
|
||||
Roles: []string{"editor"},
|
||||
})
|
||||
}
|
||||
if len(viewerIdentities) != 0 {
|
||||
permissions = append(permissions, libregraph.Permission{
|
||||
GrantedTo: viewerIdentities,
|
||||
Roles: []string{"viewer"},
|
||||
})
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
drive := &libregraph.Drive{
|
||||
Id: &rootID,
|
||||
Name: &space.Name,
|
||||
@@ -420,7 +476,8 @@ func cs3StorageSpaceToDrive(baseURL *url.URL, space *storageprovider.StorageSpac
|
||||
//"description": "string", // TODO read from StorageSpace ... needs Opaque for now
|
||||
DriveType: &space.SpaceType,
|
||||
Root: &libregraph.DriveItem{
|
||||
Id: &rootID,
|
||||
Id: &rootID,
|
||||
Permissions: permissions,
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@@ -1046,7 +1046,6 @@ API, search, favorites, config, capabilities, not existing endpoints, CORS and o
|
||||
#### [Ability to return error messages in Webdav response bodies](https://github.com/owncloud/ocis/issues/1293)
|
||||
- [apiAuthOcs/ocsDELETEAuth.feature:10](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiAuthOcs/ocsDELETEAuth.feature#L10) Scenario: send DELETE requests to OCS endpoints as admin with wrong password
|
||||
- [apiAuthOcs/ocsGETAuth.feature:10](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiAuthOcs/ocsGETAuth.feature#L10) Scenario: using OCS anonymously
|
||||
- [apiAuthOcs/ocsGETAuth.feature:33](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiAuthOcs/ocsGETAuth.feature#L33) Scenario: ocs config end point accessible by unauthorized users
|
||||
- [apiAuthOcs/ocsGETAuth.feature:53](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiAuthOcs/ocsGETAuth.feature#L53) Scenario: using OCS with non-admin basic auth
|
||||
- [apiAuthOcs/ocsGETAuth.feature:88](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiAuthOcs/ocsGETAuth.feature#L88) Scenario: using OCS as normal user with wrong password
|
||||
- [apiAuthOcs/ocsGETAuth.feature:121](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiAuthOcs/ocsGETAuth.feature#L121) Scenario:using OCS with admin basic auth
|
||||
@@ -1587,14 +1586,6 @@ Not everything needs to be implemented for ocis. While the oc10 testsuite covers
|
||||
- [apiWebdavOperations/downloadFile.feature:170](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiWebdavOperations/downloadFile.feature#L170)
|
||||
|
||||
#### [Creating a new folder which is a substring of Shares leads to Unknown Error](https://github.com/owncloud/ocis/issues/3033)
|
||||
- [apiWebdavProperties1/createFileFolderWhenSharesExist.feature:27](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiWebdavProperties1/createFileFolderWhenSharesExist.feature#L27)
|
||||
- [apiWebdavProperties1/createFileFolderWhenSharesExist.feature:29](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiWebdavProperties1/createFileFolderWhenSharesExist.feature#L29)
|
||||
- [apiWebdavProperties1/createFileFolderWhenSharesExist.feature:30](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiWebdavProperties1/createFileFolderWhenSharesExist.feature#L30)
|
||||
- [apiWebdavProperties1/createFileFolderWhenSharesExist.feature:32](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiWebdavProperties1/createFileFolderWhenSharesExist.feature#L32)
|
||||
- [apiWebdavProperties1/createFileFolderWhenSharesExist.feature:52](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiWebdavProperties1/createFileFolderWhenSharesExist.feature#L52)
|
||||
- [apiWebdavProperties1/createFileFolderWhenSharesExist.feature:55](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiWebdavProperties1/createFileFolderWhenSharesExist.feature#L55)
|
||||
- [apiWebdavProperties1/createFileFolderWhenSharesExist.feature:73](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiWebdavProperties1/createFileFolderWhenSharesExist.feature#L73)
|
||||
- [apiWebdavProperties1/createFileFolderWhenSharesExist.feature:74](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiWebdavProperties1/createFileFolderWhenSharesExist.feature#L74)
|
||||
- [apiWebdavProperties1/createFileFolderWhenSharesExist.feature:79](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiWebdavProperties1/createFileFolderWhenSharesExist.feature#L79)
|
||||
- [apiWebdavProperties1/createFileFolderWhenSharesExist.feature:96](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiWebdavProperties1/createFileFolderWhenSharesExist.feature#L96)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user