mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-06 04:09:40 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix CreateHome for external users

Browse Source 
External users, when logging in for the first time, have no role
assigned and are unable to create their home because that requires the
create-space permission. This assigns users that don't have a role assigned
to the default user role and persists that assignment in the settings
service so that CreateHome can pick it up when checking permissions
later.

This also disables the auto creation of the user's home in the reva
auth provider (i.e. when using basic auth) as the role assignement has
not happenend at that point. So the home creation will now always happen
in the CreateHome middleware in the proxy.
This commit is contained in:
Ralf Haferkamp
2022-03-15 17:25:54 +01:00
parent b3a1a14740
commit 6abf38dd3a
2 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
proxy/pkg/user/backend/cs3.go
View File

@@ -61,11 +61,21 @@ func (c *cs3backend) GetUserByClaims(ctx context.Context, claim, value string, w
}
}
// if roles are empty, assume we haven't seen the user before and assign a
// default user role. At least until proper roles are provided. See
// https://github.com/owncloud/ocis/issues/1825 for more context.
if len(roleIDs) == 0 {
roleIDs = append(roleIDs, settingsService.BundleUUIDRoleUser, settingsService.SelfManagementPermissionID)
// if roles are empty, assume we haven't seen the user before and assign a default user role. At least until
// proper roles are provided. See https://github.com/owncloud/ocis/issues/1825 for more context.
//return user, nil
if user.Id.Type == cs3.UserType_USER_TYPE_PRIMARY {
c.logger.Info().Str("userid", user.Id.OpaqueId).Msg("user has no role assigned, assigning default user role")
_, err := c.settingsRoleService.AssignRoleToUser(ctx, &settingssvc.AssignRoleToUserRequest{
AccountUuid: user.Id.OpaqueId,
RoleId: settingsService.BundleUUIDRoleUser,
})
if err != nil {
c.logger.Error().Err(err).Msg("Could not add default role")
}
roleIDs = append(roleIDs, settingsService.BundleUUIDRoleUser)
}
}
enc, err := encodeRoleIDs(roleIDs)

2
storage/pkg/config/defaults/defaultconfig.go
View File

@@ -266,7 +266,7 @@ func DefaultConfig() *config.Config {
},
CommitShareToStorageGrant: true,
CommitShareToStorageRef: true,
DisableHomeCreationOnLogin: false,
DisableHomeCreationOnLogin: true,
ShareFolder: "Shares",
LinkGrants: "",
HomeMapping: "",