bump reva

Signed-off-by: jkoberg <jkoberg@owncloud.com>

go.mod

@@ -14,7 +14,7 @@ require (
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/coreos/go-oidc/v3 v3.10.0
 	github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781
-	github.com/cs3org/reva/v2 v2.19.2-0.20240328104440-9c04f2d8ab7e
+	github.com/cs3org/reva/v2 v2.19.2-0.20240404085416-251ba8d12f6f
 	github.com/dhowden/tag v0.0.0-20230630033851-978a0926ee25
 	github.com/disintegration/imaging v1.6.2
 	github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e

go.sum

@@ -1022,8 +1022,8 @@ github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c=
 github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME=
 github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781 h1:BUdwkIlf8IS2FasrrPg8gGPHQPOrQ18MS1Oew2tmGtY=
 github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY=
-github.com/cs3org/reva/v2 v2.19.2-0.20240328104440-9c04f2d8ab7e h1:WkmwnjiTC9FBDQqJhv4IUBBXDEvqKhlgfaJ1sZ3T3N8=
-github.com/cs3org/reva/v2 v2.19.2-0.20240328104440-9c04f2d8ab7e/go.mod h1:GRUrOp5HbFVwZTgR9bVrMZ/MvVy+Jhxw1PdMmhhKP9E=
+github.com/cs3org/reva/v2 v2.19.2-0.20240404085416-251ba8d12f6f h1:t4jFaaEmPX8J/jvybuvI7aC1TbU2zSGZabUDQvA5Mr8=
+github.com/cs3org/reva/v2 v2.19.2-0.20240404085416-251ba8d12f6f/go.mod h1:GRUrOp5HbFVwZTgR9bVrMZ/MvVy+Jhxw1PdMmhhKP9E=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
 github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
 github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=

vendor/github.com/cs3org/reva/v2/internal/grpc/services/ocmshareprovider/ocmshareprovider.go

@@ -327,7 +327,7 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
 		ProviderID: ocmshare.Id.OpaqueId,
 		Owner: formatOCMUser(&userpb.UserId{
 			OpaqueId: info.Owner.OpaqueId,
-			Idp:      s.conf.ProviderDomain, // FIXME: this is not generally true in case of resharing
+			Idp:      s.conf.ProviderDomain,
 		}),
 		Sender: formatOCMUser(&userpb.UserId{
 			OpaqueId: user.Id.OpaqueId,

vendor/github.com/cs3org/reva/v2/internal/grpc/services/publicshareprovider/publicshareprovider.go

@@ -593,7 +593,7 @@ func isInternalLink(req *link.UpdatePublicShareRequest, ps *link.PublicShare) bo
 }
 
 func enforcePassword(canOptOut bool, permissions *provider.ResourcePermissions, conf *config) bool {
-	isReadOnly := conversions.SufficientCS3Permissions(conversions.NewViewerRole(true).CS3ResourcePermissions(), permissions)
+	isReadOnly := conversions.SufficientCS3Permissions(conversions.NewViewerRole().CS3ResourcePermissions(), permissions)
 	if isReadOnly && canOptOut {
 		return false
 	}

vendor/github.com/cs3org/reva/v2/internal/grpc/services/usershareprovider/usershareprovider.go

@@ -55,7 +55,6 @@ type config struct {
 	Drivers               map[string]map[string]interface{} `mapstructure:"drivers"`
 	GatewayAddr           string                            `mapstructure:"gateway_addr"`
 	AllowedPathsForShares []string                          `mapstructure:"allowed_paths_for_shares"`
-	DisableResharing      bool                              `mapstructure:"disable_resharing"`
 }
 
 func (c *config) init() {
@@ -68,7 +67,6 @@ type service struct {
 	sm                    share.Manager
 	gatewaySelector       pool.Selectable[gateway.GatewayAPIClient]
 	allowedPathsForShares []*regexp.Regexp
-	disableResharing      bool
 }
 
 func getShareManager(c *config) (share.Manager, error) {
@@ -129,16 +127,15 @@ func NewDefault(m map[string]interface{}, ss *grpc.Server) (rgrpc.Service, error
 		return nil, err
 	}
 
-	return New(gatewaySelector, sm, allowedPathsForShares, c.DisableResharing), nil
+	return New(gatewaySelector, sm, allowedPathsForShares), nil
 }
 
 // New creates a new user share provider svc
-func New(gatewaySelector pool.Selectable[gateway.GatewayAPIClient], sm share.Manager, allowedPathsForShares []*regexp.Regexp, disableResharing bool) rgrpc.Service {
+func New(gatewaySelector pool.Selectable[gateway.GatewayAPIClient], sm share.Manager, allowedPathsForShares []*regexp.Regexp) rgrpc.Service {
 	service := &service{
 		sm:                    sm,
 		gatewaySelector:       gatewaySelector,
 		allowedPathsForShares: allowedPathsForShares,
-		disableResharing:      disableResharing,
 	}
 
 	return service
@@ -160,8 +157,8 @@ func (s *service) CreateShare(ctx context.Context, req *collaboration.CreateShar
 	log := appctx.GetLogger(ctx)
 	user := ctxpkg.ContextMustGetUser(ctx)
 
-	// when resharing is disabled grants must not allow grant permissions
-	if s.disableResharing && HasGrantPermissions(req.GetGrant().GetPermissions().GetPermissions()) {
+	// Grants must not allow grant permissions
+	if HasGrantPermissions(req.GetGrant().GetPermissions().GetPermissions()) {
 		return &collaboration.CreateShareResponse{
 			Status: status.NewInvalidArg(ctx, "resharing not supported"),
 		}, nil
@@ -342,8 +339,8 @@ func (s *service) UpdateShare(ctx context.Context, req *collaboration.UpdateShar
 	log := appctx.GetLogger(ctx)
 	user := ctxpkg.ContextMustGetUser(ctx)
 
-	// when resharing is disabled grants must not allow grant permissions
-	if s.disableResharing && HasGrantPermissions(req.GetShare().GetPermissions().GetPermissions()) {
+	// Grants must not allow grant permissions
+	if HasGrantPermissions(req.GetShare().GetPermissions().GetPermissions()) {
 		return &collaboration.UpdateShareResponse{
 			Status: status.NewInvalidArg(ctx, "resharing not supported"),
 		}, nil

vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/data/capabilities.go

@@ -209,7 +209,6 @@ type CapabilitiesDav struct {
 // CapabilitiesFilesSharing TODO document
 type CapabilitiesFilesSharing struct {
 	APIEnabled                    ocsBool                                  `json:"api_enabled" xml:"api_enabled" mapstructure:"api_enabled"`
-	Resharing                     ocsBool                                  `json:"resharing" xml:"resharing"`
 	GroupSharing                  ocsBool                                  `json:"group_sharing" xml:"group_sharing" mapstructure:"group_sharing"`
 	SharingRoles                  ocsBool                                  `json:"sharing_roles" xml:"sharing_roles" mapstructure:"sharing_roles"`
 	DenyAccess                    ocsBool                                  `json:"deny_access" xml:"deny_access" mapstructure:"deny_access"`
@@ -222,6 +221,8 @@ type CapabilitiesFilesSharing struct {
 	Federation                    *CapabilitiesFilesSharingFederation      `json:"federation" xml:"federation"`
 	Public                        *CapabilitiesFilesSharingPublic          `json:"public" xml:"public"`
 	User                          *CapabilitiesFilesSharingUser            `json:"user" xml:"user"`
+	// TODO: Remove next line once web defaults to resharing=false
+	Resharing ocsBool `json:"resharing" xml:"resharing"`
 }
 
 // CapabilitiesFilesSharingPublic TODO document

vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go

@@ -69,8 +69,6 @@ import (
 
 const (
 	storageIDPrefix string = "shared::"
-
-	_resharingDefault bool = false
 )
 
 var (
@@ -92,7 +90,6 @@ type Handler struct {
 	userIdentifierCache                   *ttlcache.Cache
 	statCache                             cache.StatCache
 	deniable                              bool
-	resharing                             bool
 	publicPasswordEnforced                passwordEnforced
 	passwordValidator                     password.Validator
 
@@ -146,7 +143,6 @@ func (h *Handler) Init(c *config.Config) error {
 	h.userIdentifierCache = ttlcache.NewCache()
 	_ = h.userIdentifierCache.SetTTL(time.Second * time.Duration(c.UserIdentifierCacheTTL))
 	h.deniable = c.EnableDenials
-	h.resharing = resharing(c)
 	h.publicPasswordEnforced = publicPwdEnforced(c)
 	h.passwordValidator = passwordPolicies(c)
 
@@ -292,6 +288,12 @@ func (h *Handler) CreateShare(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
+		// resharing is forbidden
+		if role.CS3ResourcePermissions().GetAddGrant() {
+			response.WriteOCSError(w, r, response.MetaBadRequest.StatusCode, "resharing not supported", nil)
+			return
+		}
+
 		var share *collaboration.Share
 		if shareType == int(conversions.ShareTypeUser) {
 			share, ocsErr = h.createUserShare(w, r, statRes.Info, role, val)
@@ -320,7 +322,7 @@ func (h *Handler) CreateShare(w http.ResponseWriter, r *http.Request) {
 		response.WriteOCSSuccess(w, r, s)
 	case int(conversions.ShareTypePublicLink):
 		// public links default to read only
-		_, _, ocsErr := h.extractPermissions(reqRole, reqPermissions, statRes.Info, conversions.NewViewerRole(h.resharing))
+		_, _, ocsErr := h.extractPermissions(reqRole, reqPermissions, statRes.Info, conversions.NewViewerRole())
 		if ocsErr != nil && ocsErr.Error != conversions.ErrZeroPermission {
 			response.WriteOCSError(w, r, http.StatusForbidden, "No share permission", nil)
 			return
@@ -339,7 +341,7 @@ func (h *Handler) CreateShare(w http.ResponseWriter, r *http.Request) {
 		response.WriteOCSSuccess(w, r, s)
 	case int(conversions.ShareTypeFederatedCloudShare):
 		// federated shares default to read only
-		if role, val, err := h.extractPermissions(reqRole, reqPermissions, statRes.Info, conversions.NewViewerRole(h.resharing)); err == nil {
+		if role, val, err := h.extractPermissions(reqRole, reqPermissions, statRes.Info, conversions.NewViewerRole()); err == nil {
 			h.createFederatedCloudShare(w, r, statRes.Info, role, val)
 		}
 	case int(conversions.ShareTypeSpaceMembershipUser), int(conversions.ShareTypeSpaceMembershipGroup):
@@ -429,7 +431,7 @@ func (h *Handler) extractPermissions(reqRole string, reqPermissions string, ri *
 
 	// the share role overrides the requested permissions
 	if reqRole != "" {
-		role = conversions.RoleFromName(reqRole, h.resharing)
+		role = conversions.RoleFromName(reqRole)
 	}
 
 	// if the role is unknown - fall back to reqPermissions or defaultPermissions
@@ -1685,10 +1687,3 @@ func sufficientPermissions(existing, requested *provider.ResourcePermissions, is
 	rp := conversions.RoleFromResourcePermissions(requested, islink).OCSPermissions()
 	return ep.Contain(rp)
 }
-
-func resharing(c *config.Config) bool {
-	if c != nil && c.Capabilities.Capabilities != nil && c.Capabilities.Capabilities.FilesSharing != nil {
-		return bool(c.Capabilities.Capabilities.FilesSharing.Resharing)
-	}
-	return _resharingDefault
-}

vendor/github.com/cs3org/reva/v2/internal/http/services/sciencemesh/share.go

@@ -150,9 +150,9 @@ func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
 func getPermissionsByRole(role string) (*providerpb.ResourcePermissions, appprovider.ViewMode) {
 	switch role {
 	case "viewer":
-		return conversions.NewViewerRole(false).CS3ResourcePermissions(), appprovider.ViewMode_VIEW_MODE_READ_ONLY
+		return conversions.NewViewerRole().CS3ResourcePermissions(), appprovider.ViewMode_VIEW_MODE_READ_ONLY
 	case "editor":
-		return conversions.NewEditorRole(false).CS3ResourcePermissions(), appprovider.ViewMode_VIEW_MODE_READ_WRITE
+		return conversions.NewEditorRole().CS3ResourcePermissions(), appprovider.ViewMode_VIEW_MODE_READ_WRITE
 	}
 	return nil, 0
 }

vendor/github.com/cs3org/reva/v2/pkg/cbox/utils/conversions.go

@@ -145,12 +145,12 @@ func SharePermToInt(p *provider.ResourcePermissions) int {
 func IntTosharePerm(p int, itemType string) *provider.ResourcePermissions {
 	switch p {
 	case 1:
-		return conversions.NewViewerRole(false).CS3ResourcePermissions()
+		return conversions.NewViewerRole().CS3ResourcePermissions()
 	case 15:
 		if itemType == "folder" {
-			return conversions.NewEditorRole(false).CS3ResourcePermissions()
+			return conversions.NewEditorRole().CS3ResourcePermissions()
 		}
-		return conversions.NewFileEditorRole(false).CS3ResourcePermissions()
+		return conversions.NewFileEditorRole().CS3ResourcePermissions()
 	case 4:
 		return conversions.NewUploaderRole().CS3ResourcePermissions()
 	default:

vendor/github.com/cs3org/reva/v2/pkg/conversions/role.go

@@ -141,20 +141,20 @@ func (r *Role) WebDAVPermissions(isDir, isShared, isMountpoint, isPublic bool) s
 }
 
 // RoleFromName creates a role from the name
-func RoleFromName(name string, sharing bool) *Role {
+func RoleFromName(name string) *Role {
 	switch name {
 	case RoleDenied:
 		return NewDeniedRole()
 	case RoleViewer:
-		return NewViewerRole(sharing)
+		return NewViewerRole()
 	case RoleSpaceViewer:
 		return NewSpaceViewerRole()
 	case RoleEditor:
-		return NewEditorRole(sharing)
+		return NewEditorRole()
 	case RoleSpaceEditor:
 		return NewSpaceEditorRole()
 	case RoleFileEditor:
-		return NewFileEditorRole(sharing)
+		return NewFileEditorRole()
 	case RoleUploader:
 		return NewUploaderRole()
 	case RoleManager:
@@ -183,15 +183,11 @@ func NewDeniedRole() *Role {
 }
 
 // NewViewerRole creates a viewer role. `sharing` indicates if sharing permission should be added
-func NewViewerRole(sharing bool) *Role {
+func NewViewerRole() *Role {
 	p := PermissionRead
-	if sharing {
-		p |= PermissionShare
-	}
 	return &Role{
 		Name: RoleViewer,
 		cS3ResourcePermissions: &provider.ResourcePermissions{
-			AddGrant:             sharing,
 			GetPath:              true,
 			GetQuota:             true,
 			InitiateFileDownload: true,
@@ -221,15 +217,11 @@ func NewSpaceViewerRole() *Role {
 }
 
 // NewEditorRole creates an editor role. `sharing` indicates if sharing permission should be added
-func NewEditorRole(sharing bool) *Role {
+func NewEditorRole() *Role {
 	p := PermissionRead | PermissionCreate | PermissionWrite | PermissionDelete
-	if sharing {
-		p |= PermissionShare
-	}
 	return &Role{
 		Name: RoleEditor,
 		cS3ResourcePermissions: &provider.ResourcePermissions{
-			AddGrant:             sharing,
 			CreateContainer:      true,
 			Delete:               true,
 			GetPath:              true,
@@ -271,15 +263,11 @@ func NewSpaceEditorRole() *Role {
 }
 
 // NewFileEditorRole creates a file-editor role
-func NewFileEditorRole(sharing bool) *Role {
+func NewFileEditorRole() *Role {
 	p := PermissionRead | PermissionWrite
-	if sharing {
-		p |= PermissionShare
-	}
 	return &Role{
 		Name: RoleEditor,
 		cS3ResourcePermissions: &provider.ResourcePermissions{
-			AddGrant:             sharing,
 			GetPath:              true,
 			GetQuota:             true,
 			InitiateFileDownload: true,
@@ -378,34 +366,30 @@ func NewManagerRole() *Role {
 // RoleFromOCSPermissions tries to map ocs permissions to a role
 // TODO: rethink using this. ocs permissions cannot be assigned 1:1 to roles
 func RoleFromOCSPermissions(p Permissions, ri *provider.ResourceInfo) *Role {
-	if p == PermissionInvalid {
+	switch {
+	// Invalid
+	case p == PermissionInvalid:
 		return NewNoneRole()
-	}
-
-	if p.Contain(PermissionRead) {
-		if p.Contain(PermissionWrite) && p.Contain(PermissionCreate) && p.Contain(PermissionDelete) {
-			if p.Contain(PermissionShare) {
-				return NewEditorRole(true)
-			}
-
-			if isSpaceRoot(ri) {
-				return NewSpaceEditorRole()
-			}
-		}
-
-		if p == PermissionRead && isSpaceRoot(ri) {
+	// Uploader
+	case p == PermissionCreate:
+		return NewUploaderRole()
+	// Viewer/SpaceViewer
+	case p == PermissionRead:
+		if isSpaceRoot(ri) {
 			return NewSpaceViewerRole()
 		}
-
-		if p == PermissionRead|PermissionShare && !isSpaceRoot(ri) {
-			return NewViewerRole(true)
+		return NewViewerRole()
+	// Editor/SpaceEditor
+	case p.Contain(PermissionRead) && p.Contain(PermissionWrite) && p.Contain(PermissionCreate) && p.Contain(PermissionDelete) && !p.Contain(PermissionShare):
+		if isSpaceRoot(ri) {
+			return NewSpaceEditorRole()
 		}
+
+		return NewEditorRole()
+	// Custom
+	default:
+		return NewLegacyRoleFromOCSPermissions(p)
 	}
-	if p == PermissionCreate {
-		return NewUploaderRole()
-	}
-	// legacy
-	return NewLegacyRoleFromOCSPermissions(p)
 }
 
 func isSpaceRoot(ri *provider.ResourceInfo) bool {

vendor/github.com/cs3org/reva/v2/pkg/storage/utils/eosfs/eosfs.go

@@ -83,8 +83,6 @@ const LockTypeKey = "reva.lock.type"
 
 var hiddenReg = regexp.MustCompile(`\.sys\..#.`)
 
-var _resharing = false
-
 func (c *Config) init() {
 	c.Namespace = path.Clean(c.Namespace)
 	if !strings.HasPrefix(c.Namespace, "/") {
@@ -2129,12 +2127,12 @@ func (fs *eosfs) permissionSet(ctx context.Context, eosFileInfo *eosclient.FileI
 			// The role names should not be hardcoded any more as they will come from config in the future
 			if publicShare, ok := u.Opaque.Map["public-share-role"]; ok {
 				if string(publicShare.Value) == "editor" {
-					return conversions.NewEditorRole(_resharing).CS3ResourcePermissions()
+					return conversions.NewEditorRole().CS3ResourcePermissions()
 				} else if string(publicShare.Value) == "uploader" {
 					return conversions.NewUploaderRole().CS3ResourcePermissions()
 				}
 				// Default to viewer role
-				return conversions.NewViewerRole(_resharing).CS3ResourcePermissions()
+				return conversions.NewViewerRole().CS3ResourcePermissions()
 			}
 		}
 

vendor/modules.txt

@@ -366,7 +366,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1
 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1
 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1
 github.com/cs3org/go-cs3apis/cs3/types/v1beta1
-# github.com/cs3org/reva/v2 v2.19.2-0.20240328104440-9c04f2d8ab7e
+# github.com/cs3org/reva/v2 v2.19.2-0.20240404085416-251ba8d12f6f
 ## explicit; go 1.21
 github.com/cs3org/reva/v2/cmd/revad/internal/grace
 github.com/cs3org/reva/v2/cmd/revad/runtime