From 66ff22835d21a7301ac260126181bae78c9dc336 Mon Sep 17 00:00:00 2001 From: jkoberg Date: Thu, 9 Nov 2023 13:53:29 +0100 Subject: [PATCH] add new permissions Signed-off-by: jkoberg --- changelog/unreleased/new-permissions.md | 8 +++ .../settings/pkg/store/defaults/defaults.go | 63 +++++++++------- .../pkg/store/defaults/permissions.go | 71 +++++++++++++++++-- 3 files changed, 108 insertions(+), 34 deletions(-) create mode 100644 changelog/unreleased/new-permissions.md diff --git a/changelog/unreleased/new-permissions.md b/changelog/unreleased/new-permissions.md new file mode 100644 index 0000000000..d8c5b4d6f4 --- /dev/null +++ b/changelog/unreleased/new-permissions.md @@ -0,0 +1,8 @@ +Enhancement: Add new permissions + +Adds new permissions to admin/spaceadmin/user roles + - Favorites.List allows / denies the Favorites Listing Request + - Favorites.Write is implemented to be enforced on marking/unmark files as favouritesShare + - Shares.Write permission denies / allows sharing completely for a user on all share CUD requests. (User, Group) + +https://github.com/owncloud/ocis/pull/7700 diff --git a/services/settings/pkg/store/defaults/defaults.go b/services/settings/pkg/store/defaults/defaults.go index 98d8e846b2..095a8df2fb 100644 --- a/services/settings/pkg/store/defaults/defaults.go +++ b/services/settings/pkg/store/defaults/defaults.go @@ -46,24 +46,27 @@ func generateBundleAdminRole() *settingsmsg.Bundle { Type: settingsmsg.Resource_TYPE_SYSTEM, }, Settings: []*settingsmsg.Setting{ - RoleManagementPermission(All), - SettingsManagementPermission(All), - LanguageManagementPermission(All), - DisableEmailNotificationsPermission(Own), - AutoAcceptSharesPermission(Own), AccountManagementPermission(All), - GroupManagementPermission(All), - SetPersonalSpaceQuotaPermission(All), - SetProjectSpaceQuotaPermission(All), + AutoAcceptSharesPermission(Own), + ChangeLogoPermission(All), + CreatePublicLinkPermission(All), + CreateSharePermission(All), CreateSpacesPermission(All), - ListSpacesPermission(All), DeletePersonalSpacesPermission(All), DeleteProjectSpacesPermission(All), - ChangeLogoPermission(All), - WritePublicLinkPermission(All), DeleteReadOnlyPublicLinkPasswordPermission(All), + DisableEmailNotificationsPermission(Own), + GroupManagementPermission(All), + LanguageManagementPermission(All), + ListFavoritesPermission(Own), + ListSpacesPermission(All), ManageSpacePropertiesPermission(All), + RoleManagementPermission(All), + SetPersonalSpaceQuotaPermission(All), + SetProjectSpaceQuotaPermission(All), + SettingsManagementPermission(All), SpaceAbilityPermission(All), + WriteFavoritesPermission(Own), }, } } @@ -79,19 +82,22 @@ func generateBundleSpaceAdminRole() *settingsmsg.Bundle { Type: settingsmsg.Resource_TYPE_SYSTEM, }, Settings: []*settingsmsg.Setting{ - ManageSpacePropertiesPermission(All), - SpaceAbilityPermission(All), - DeleteProjectSpacesPermission(All), - SetProjectSpaceQuotaPermission(All), - CreateSpacesPermission(All), - ListSpacesPermission(All), - LanguageManagementPermission(Own), - DisableEmailNotificationsPermission(Own), AutoAcceptSharesPermission(Own), - SelfManagementPermission(Own), + CreatePublicLinkPermission(All), + CreateSharePermission(All), + CreateSpacesPermission(All), CreateSpacesPermission(Own), - WritePublicLinkPermission(All), + DeleteProjectSpacesPermission(All), DeleteReadOnlyPublicLinkPasswordPermission(All), + DisableEmailNotificationsPermission(Own), + LanguageManagementPermission(Own), + ListFavoritesPermission(Own), + ListSpacesPermission(All), + ManageSpacePropertiesPermission(All), + SelfManagementPermission(Own), + SetProjectSpaceQuotaPermission(All), + SpaceAbilityPermission(All), + WriteFavoritesPermission(Own), }, } } @@ -107,12 +113,15 @@ func generateBundleUserRole() *settingsmsg.Bundle { Type: settingsmsg.Resource_TYPE_SYSTEM, }, Settings: []*settingsmsg.Setting{ - LanguageManagementPermission(Own), - DisableEmailNotificationsPermission(Own), AutoAcceptSharesPermission(Own), - SelfManagementPermission(Own), + CreatePublicLinkPermission(All), + CreateSharePermission(All), CreateSpacesPermission(Own), - WritePublicLinkPermission(All), + DisableEmailNotificationsPermission(Own), + LanguageManagementPermission(Own), + ListFavoritesPermission(Own), + SelfManagementPermission(Own), + WriteFavoritesPermission(Own), }, } } @@ -128,9 +137,9 @@ func generateBundleUserLightRole() *settingsmsg.Bundle { Type: settingsmsg.Resource_TYPE_SYSTEM, }, Settings: []*settingsmsg.Setting{ - LanguageManagementPermission(Own), - DisableEmailNotificationsPermission(Own), AutoAcceptSharesPermission(Own), + DisableEmailNotificationsPermission(Own), + LanguageManagementPermission(Own), }, } } diff --git a/services/settings/pkg/store/defaults/permissions.go b/services/settings/pkg/store/defaults/permissions.go index aea38bce96..432c6563e9 100644 --- a/services/settings/pkg/store/defaults/permissions.go +++ b/services/settings/pkg/store/defaults/permissions.go @@ -67,6 +67,44 @@ func ChangeLogoPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Sett } } +// CreatePublicLinkPermission is the permission to create public links +func CreatePublicLinkPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting { + return &settingsmsg.Setting{ + Id: "11516bbd-7157-49e1-b6ac-d00c820f980b", + Name: "PublicLink.Write", + DisplayName: "Write publiclink", + Description: "This permission allows creating public links.", + Resource: &settingsmsg.Resource{ + Type: settingsmsg.Resource_TYPE_SHARE, + }, + Value: &settingsmsg.Setting_PermissionValue{ + PermissionValue: &settingsmsg.Permission{ + Operation: settingsmsg.Permission_OPERATION_WRITE, + Constraint: c, + }, + }, + } +} + +// CreateSharePermission is the permission to create shares +func CreateSharePermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting { + return &settingsmsg.Setting{ + Id: "069c08b1-e31f-4799-9ed6-194b310e7244", + Name: "Shares.Write", + DisplayName: "Write share", + Description: "This permission allows creating shares.", + Resource: &settingsmsg.Resource{ + Type: settingsmsg.Resource_TYPE_SHARE, + }, + Value: &settingsmsg.Setting_PermissionValue{ + PermissionValue: &settingsmsg.Permission{ + Operation: settingsmsg.Permission_OPERATION_WRITE, + Constraint: c, + }, + }, + } +} + // CreateSpacesPermission is the permission to create spaces func CreateSpacesPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting { return &settingsmsg.Setting{ @@ -201,6 +239,25 @@ func LanguageManagementPermission(c settingsmsg.Permission_Constraint) *settings } } +// ListFavoritesPermission is the permission to list favorites +func ListFavoritesPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting { + return &settingsmsg.Setting{ + Id: "4ebaa725-bfaa-43c5-9817-78bc9994bde4", + Name: "Favorites.List", + DisplayName: "List Favorites", + Description: "This permission allows listing favorites.", + Resource: &settingsmsg.Resource{ + Type: settingsmsg.Resource_TYPE_SYSTEM, + }, + Value: &settingsmsg.Setting_PermissionValue{ + PermissionValue: &settingsmsg.Permission{ + Operation: settingsmsg.Permission_OPERATION_READ, + Constraint: c, + }, + }, + } +} + // ListSpacesPermission is the permission to list spaces func ListSpacesPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting { return &settingsmsg.Setting{ @@ -356,15 +413,15 @@ func SpaceAbilityPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Se } } -// WritePublicLinkPermission is the permission to write public links -func WritePublicLinkPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting { +// WriteFavoritesPermission is the permission to mark/unmark files as favorites +func WriteFavoritesPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting { return &settingsmsg.Setting{ - Id: "11516bbd-7157-49e1-b6ac-d00c820f980b", - Name: "PublicLink.Write", - DisplayName: "Write publiclink", - Description: "This permission allows creating public links.", + Id: "a54778fd-1c45-47f0-892d-655caf5236f2", + Name: "Favorites.Write", + DisplayName: "Write Favorites", + Description: "This permission allows marking files as favorites.", Resource: &settingsmsg.Resource{ - Type: settingsmsg.Resource_TYPE_SHARE, + Type: settingsmsg.Resource_TYPE_FILE, }, Value: &settingsmsg.Setting_PermissionValue{ PermissionValue: &settingsmsg.Permission{