From 6da436238bd4b87f53d848ba9d04aac37755c887 Mon Sep 17 00:00:00 2001 From: Roman Perekhod Date: Mon, 26 Feb 2024 12:57:47 +0100 Subject: [PATCH] [full-ci] [bump reva] Fix remove/update share permissions --- .../unreleased/fix-remove-update-share.md | 9 +++ go.mod | 2 +- go.sum | 4 +- .../services/gateway/usershareprovider.go | 67 +++++++++++++++++++ .../handlers/apps/sharing/shares/shares.go | 6 +- .../ocs/handlers/apps/sharing/shares/user.go | 6 +- .../storage/utils/decomposedfs/node/locks.go | 1 + vendor/modules.txt | 2 +- 8 files changed, 91 insertions(+), 6 deletions(-) create mode 100644 changelog/unreleased/fix-remove-update-share.md diff --git a/changelog/unreleased/fix-remove-update-share.md b/changelog/unreleased/fix-remove-update-share.md new file mode 100644 index 000000000..1e8cbb5ec --- /dev/null +++ b/changelog/unreleased/fix-remove-update-share.md @@ -0,0 +1,9 @@ +Bugfix: Fix remove/update share permissions + +This is a workaround that should prevent removing or changing the share permissions when the file is locked. +These limitations have to be removed after the wopi server will be able to unlock the file properly. +These limitations are not spread on the files inside the shared folder. + +https://github.com/owncloud/ocis/pull/8529 +https://github.com/cs3org/reva/pull/4534 +https://github.com/owncloud/ocis/issues/8273 diff --git a/go.mod b/go.mod index 5555b9bcb..ace91f70e 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/cenkalti/backoff v2.2.1+incompatible github.com/coreos/go-oidc/v3 v3.9.0 github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781 - github.com/cs3org/reva/v2 v2.19.0 + github.com/cs3org/reva/v2 v2.19.1-0.20240226101835-9f433ca9eb3d github.com/dhowden/tag v0.0.0-20230630033851-978a0926ee25 github.com/disintegration/imaging v1.6.2 github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e diff --git a/go.sum b/go.sum index b0c18dfe3..7a78a3f3b 100644 --- a/go.sum +++ b/go.sum @@ -1019,8 +1019,8 @@ github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c= github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME= github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781 h1:BUdwkIlf8IS2FasrrPg8gGPHQPOrQ18MS1Oew2tmGtY= github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY= -github.com/cs3org/reva/v2 v2.19.0 h1:um4gDUlXmq/lq2u38LbfIAts+ixnSTa65bp6yv3IQrI= -github.com/cs3org/reva/v2 v2.19.0/go.mod h1:GRUrOp5HbFVwZTgR9bVrMZ/MvVy+Jhxw1PdMmhhKP9E= +github.com/cs3org/reva/v2 v2.19.1-0.20240226101835-9f433ca9eb3d h1:4sD6K2AkKgcoHz4rg2RYx34X8TyA/DyBeb7KwgHpXGk= +github.com/cs3org/reva/v2 v2.19.1-0.20240226101835-9f433ca9eb3d/go.mod h1:GRUrOp5HbFVwZTgR9bVrMZ/MvVy+Jhxw1PdMmhhKP9E= github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= diff --git a/vendor/github.com/cs3org/reva/v2/internal/grpc/services/gateway/usershareprovider.go b/vendor/github.com/cs3org/reva/v2/internal/grpc/services/gateway/usershareprovider.go index d9677866f..553f2bdb0 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/grpc/services/gateway/usershareprovider.go +++ b/vendor/github.com/cs3org/reva/v2/internal/grpc/services/gateway/usershareprovider.go @@ -106,6 +106,15 @@ func (s *svc) ListShares(ctx context.Context, req *collaboration.ListSharesReque } func (s *svc) updateShare(ctx context.Context, req *collaboration.UpdateShareRequest) (*collaboration.UpdateShareResponse, error) { + // TODO: update wopi server + // FIXME This is a workaround that should prevent removing or changing the share permissions when the file is locked. + // https://github.com/owncloud/ocis/issues/8474 + if status, err := s.checkLock(ctx, req.GetShare().GetId()); err != nil { + return &collaboration.UpdateShareResponse{ + Status: status, + }, nil + } + c, err := pool.GetUserShareProviderClient(s.c.UserShareProviderEndpoint) if err != nil { appctx.GetLogger(ctx). @@ -657,6 +666,15 @@ func (s *svc) removeShare(ctx context.Context, req *collaboration.RemoveShareReq share = getShareRes.Share } + // TODO: update wopi server + // FIXME This is a workaround that should prevent removing or changing the share permissions when the file is locked. + // https://github.com/owncloud/ocis/issues/8474 + if status, err := s.checkShareLock(ctx, share); err != nil { + return &collaboration.RemoveShareResponse{ + Status: status, + }, nil + } + res, err := c.RemoveShare(ctx, req) if err != nil { return nil, errors.Wrap(err, "gateway: error calling RemoveShare") @@ -712,6 +730,55 @@ func (s *svc) removeSpaceShare(ctx context.Context, ref *provider.ResourceId, gr return &collaboration.RemoveShareResponse{Status: status.NewOK(ctx)}, nil } +func (s *svc) checkLock(ctx context.Context, shareId *collaboration.ShareId) (*rpc.Status, error) { + logger := appctx.GetLogger(ctx) + getShareRes, err := s.GetShare(ctx, &collaboration.GetShareRequest{ + Ref: &collaboration.ShareReference{ + Spec: &collaboration.ShareReference_Id{Id: shareId}, + }, + }) + if err != nil { + msg := "gateway: error calling GetShare" + logger.Err(err).Interface("share_id", shareId).Msg(msg) + return status.NewInternal(ctx, msg), errors.Wrap(err, msg) + } + if getShareRes.GetStatus().GetCode() != rpc.Code_CODE_OK { + msg := "can not get share stat " + getShareRes.GetStatus().GetMessage() + logger.Debug().Interface("share", shareId).Msg(msg) + if getShareRes.GetStatus().GetCode() != rpc.Code_CODE_NOT_FOUND { + return status.NewNotFound(ctx, msg), errors.New(msg) + } + return status.NewInternal(ctx, msg), errors.New(msg) + } + return s.checkShareLock(ctx, getShareRes.Share) +} + +func (s *svc) checkShareLock(ctx context.Context, share *collaboration.Share) (*rpc.Status, error) { + logger := appctx.GetLogger(ctx) + sRes, err := s.Stat(ctx, &provider.StatRequest{Ref: &provider.Reference{ResourceId: share.GetResourceId()}, + ArbitraryMetadataKeys: []string{"lockdiscovery"}}) + if err != nil { + msg := "failed to stat shared resource" + logger.Err(err).Interface("resource_id", share.GetResourceId()).Msg(msg) + return status.NewInternal(ctx, msg), errors.Wrap(err, msg) + } + if sRes.GetStatus().GetCode() != rpc.Code_CODE_OK { + msg := "can not get share stat " + sRes.GetStatus().GetMessage() + logger.Debug().Interface("lock", sRes.GetInfo().GetLock()).Msg(msg) + if sRes.GetStatus().GetCode() != rpc.Code_CODE_NOT_FOUND { + return status.NewNotFound(ctx, msg), errors.New(msg) + } + return status.NewInternal(ctx, msg), errors.New(msg) + } + + if sRes.GetInfo().GetLock() != nil { + msg := "can not chane grants, the shared resource is locked" + logger.Debug().Interface("lock", sRes.GetInfo().GetLock()).Msg(msg) + return status.NewLocked(ctx, msg), errors.New(msg) + } + return nil, nil +} + func refIsSpaceRoot(ref *provider.ResourceId) bool { if ref == nil { return false diff --git a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go index 6ebcaf37f..694273866 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go +++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go @@ -850,9 +850,13 @@ func (h *Handler) updateShare(w http.ResponseWriter, r *http.Request, share *col } if uRes.Status.Code != rpc.Code_CODE_OK { - if uRes.Status.Code == rpc.Code_CODE_NOT_FOUND { + switch uRes.Status.Code { + case rpc.Code_CODE_NOT_FOUND: response.WriteOCSError(w, r, response.MetaNotFound.StatusCode, "not found", nil) return + case rpc.Code_CODE_LOCKED: + response.WriteOCSError(w, r, response.MetaLocked.StatusCode, uRes.GetStatus().GetMessage(), nil) + return } response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "grpc update share request failed", err) return diff --git a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/user.go b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/user.go index dd940741b..65247a944 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/user.go +++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/user.go @@ -293,9 +293,13 @@ func (h *Handler) removeUserShare(w http.ResponseWriter, r *http.Request, share } if uRes.Status.Code != rpc.Code_CODE_OK { - if uRes.Status.Code == rpc.Code_CODE_NOT_FOUND { + switch uRes.Status.Code { + case rpc.Code_CODE_NOT_FOUND: response.WriteOCSError(w, r, response.MetaNotFound.StatusCode, "not found", nil) return + case rpc.Code_CODE_LOCKED: + response.WriteOCSError(w, r, response.MetaLocked.StatusCode, uRes.GetStatus().GetMessage(), nil) + return } response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "grpc delete share request failed", err) return diff --git a/vendor/github.com/cs3org/reva/v2/pkg/storage/utils/decomposedfs/node/locks.go b/vendor/github.com/cs3org/reva/v2/pkg/storage/utils/decomposedfs/node/locks.go index b968ef3aa..3e0d3656d 100644 --- a/vendor/github.com/cs3org/reva/v2/pkg/storage/utils/decomposedfs/node/locks.go +++ b/vendor/github.com/cs3org/reva/v2/pkg/storage/utils/decomposedfs/node/locks.go @@ -296,6 +296,7 @@ func readLocksIntoOpaque(ctx context.Context, n *Node, ri *provider.ResourceInfo Decoder: "json", Value: b, } + ri.Lock = lock return err } diff --git a/vendor/modules.txt b/vendor/modules.txt index f25c82527..7b3bc3789 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -359,7 +359,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1 github.com/cs3org/go-cs3apis/cs3/types/v1beta1 -# github.com/cs3org/reva/v2 v2.19.0 +# github.com/cs3org/reva/v2 v2.19.1-0.20240226101835-9f433ca9eb3d ## explicit; go 1.21 github.com/cs3org/reva/v2/cmd/revad/internal/grace github.com/cs3org/reva/v2/cmd/revad/runtime