mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-01-08 05:09:46 -06:00
jkoberg
@@ -125,6 +125,33 @@ func (h *Handler) addSpaceMember(w http.ResponseWriter, r *http.Request, info *p
|
||||
Nanos: uint32(expiration.UnixNano() % int64(time.Second)),
|
||||
}
|
||||
}
|
||||
|
||||
if role.Name != conversions.RoleManager {
|
||||
ref := provider.Reference{ResourceId: info.GetId()}
|
||||
p, err := h.findProvider(ctx, &ref)
|
||||
if err != nil {
|
||||
response.WriteOCSError(w, r, response.MetaNotFound.StatusCode, "error getting storage provider", err)
|
||||
return
|
||||
}
|
||||
|
||||
providerClient, err := h.getStorageProviderClient(p)
|
||||
if err != nil {
|
||||
response.WriteOCSError(w, r, response.MetaNotFound.StatusCode, "error getting storage provider client", err)
|
||||
return
|
||||
}
|
||||
|
||||
lgRes, err := providerClient.ListGrants(ctx, &provider.ListGrantsRequest{Ref: &ref})
|
||||
if err != nil || lgRes.Status.Code != rpc.Code_CODE_OK {
|
||||
response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error listing space grants", err)
|
||||
return
|
||||
}
|
||||
|
||||
if !isSpaceManagerRemaining(lgRes.Grants, grantee) {
|
||||
response.WriteOCSError(w, r, http.StatusForbidden, "the space must have at least one manager", nil)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
createShareRes, err := client.CreateShare(ctx, &collaborationv1beta1.CreateShareRequest{
|
||||
ResourceInfo: info,
|
||||
Grant: &collaborationv1beta1.ShareGrant{
|
||||
|
||||
4
vendor/github.com/cs3org/reva/v2/pkg/permission/permission.go
generated
vendored
4
vendor/github.com/cs3org/reva/v2/pkg/permission/permission.go
generated
vendored
@@ -24,9 +24,9 @@ import (
|
||||
|
||||
const (
|
||||
// ListAllSpaces is the hardcoded name for the list all spaces permission
|
||||
ListAllSpaces string = "list-all-spaces"
|
||||
ListAllSpaces string = "Drives.List"
|
||||
// CreateSpace is the hardcoded name for the create space permission
|
||||
CreateSpace string = "create-space"
|
||||
CreateSpace string = "Drives.Create"
|
||||
// WritePublicLink is the hardcoded name for the PublicLink.Write permission
|
||||
WritePublicLink string = "PublicLink.Write"
|
||||
)
|
||||
|
||||
16
vendor/github.com/cs3org/reva/v2/pkg/storage/utils/decomposedfs/spacepermissions.go
generated
vendored
16
vendor/github.com/cs3org/reva/v2/pkg/storage/utils/decomposedfs/spacepermissions.go
generated
vendored
@@ -41,7 +41,7 @@ func (p Permissions) AssemblePermissions(ctx context.Context, n *node.Node) (pro
|
||||
|
||||
// CreateSpace returns true when the user is allowed to create the space
|
||||
func (p Permissions) CreateSpace(ctx context.Context, spaceid string) bool {
|
||||
return p.checkPermission(ctx, "create-space", spaceRef(spaceid))
|
||||
return p.checkPermission(ctx, "Drives.Create", spaceRef(spaceid))
|
||||
}
|
||||
|
||||
// SetSpaceQuota returns true when the user is allowed to change the spaces quota
|
||||
@@ -50,25 +50,25 @@ func (p Permissions) SetSpaceQuota(ctx context.Context, spaceid string, spaceTyp
|
||||
default:
|
||||
return false // only quotas of personal and project space may be changed
|
||||
case _spaceTypePersonal:
|
||||
return p.checkPermission(ctx, "set-space-quota", spaceRef(spaceid))
|
||||
return p.checkPermission(ctx, "Drives.ReadWritePersonalQuota", spaceRef(spaceid))
|
||||
case _spaceTypeProject:
|
||||
return p.checkPermission(ctx, "Drive.ReadWriteQuota.Project", spaceRef(spaceid))
|
||||
return p.checkPermission(ctx, "Drives.ReadWriteProjectQuota", spaceRef(spaceid))
|
||||
}
|
||||
}
|
||||
|
||||
// ManageSpaceProperties returns true when the user is allowed to change space properties (name/subtitle)
|
||||
func (p Permissions) ManageSpaceProperties(ctx context.Context, spaceid string) bool {
|
||||
return p.checkPermission(ctx, "Drive.ReadWrite", spaceRef(spaceid))
|
||||
return p.checkPermission(ctx, "Drives.ReadWrite", spaceRef(spaceid))
|
||||
}
|
||||
|
||||
// SpaceAbility returns true when the user is allowed to enable/disable the space
|
||||
func (p Permissions) SpaceAbility(ctx context.Context, spaceid string) bool {
|
||||
return p.checkPermission(ctx, "Drive.ReadWriteEnabled", spaceRef(spaceid))
|
||||
return p.checkPermission(ctx, "Drives.ReadWriteEnabled", spaceRef(spaceid))
|
||||
}
|
||||
|
||||
// ListAllSpaces returns true when the user is allowed to list all spaces
|
||||
func (p Permissions) ListAllSpaces(ctx context.Context) bool {
|
||||
return p.checkPermission(ctx, "list-all-spaces", nil)
|
||||
return p.checkPermission(ctx, "Drives.List", nil)
|
||||
}
|
||||
|
||||
// ListSpacesOfUser returns true when the user is allowed to list the spaces of the given user
|
||||
@@ -86,12 +86,12 @@ func (p Permissions) ListSpacesOfUser(ctx context.Context, userid *userv1beta1.U
|
||||
|
||||
// DeleteAllSpaces returns true when the user is allowed to delete all spaces
|
||||
func (p Permissions) DeleteAllSpaces(ctx context.Context) bool {
|
||||
return p.checkPermission(ctx, "delete-all-spaces", nil)
|
||||
return p.checkPermission(ctx, "Drives.DeleteProject", nil)
|
||||
}
|
||||
|
||||
// DeleteAllHomeSpaces returns true when the user is allowed to delete all home spaces
|
||||
func (p Permissions) DeleteAllHomeSpaces(ctx context.Context) bool {
|
||||
return p.checkPermission(ctx, "delete-all-home-spaces", nil)
|
||||
return p.checkPermission(ctx, "Drives.DeletePersonal", nil)
|
||||
}
|
||||
|
||||
// checkPermission is used to check a users space permissions
|
||||
|
||||
Reference in New Issue
Block a user