add new permission 'publiclink.create' and assign it to the 'Admin', 'SpaceAdmin' and 'User' roles

2026-01-05 11:51:16 -06:00 · 2023-02-28 16:19:08 +01:00
parent 29fa64a79a
commit b8470d567d
4 changed files with 58 additions and 1 deletions
--- a/changelog/unreleased/public-link-permission.md
+++ b/changelog/unreleased/public-link-permission.md
@@ -0,0 +1,5 @@
+Enhancement: Add new permission for public links
+
+Added a new permission 'PublicLink.Write' to check if a user can create or update public links.
+
+https://github.com/owncloud/ocis/pull/5690
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/blevesearch/bleve/v2 v2.3.5
 	github.com/coreos/go-oidc/v3 v3.4.0
 	github.com/cs3org/go-cs3apis v0.0.0-20221012090518-ef2996678965
-	github.com/cs3org/reva/v2 v2.12.1-0.20230222151731-83c7b4d26b2b
+	github.com/cs3org/reva/v2 v2.12.1-0.20230301100432-f65cdbafbe3e
 	github.com/disintegration/imaging v1.6.2
 	github.com/ggwhite/go-masker v1.0.9
 	github.com/go-chi/chi/v5 v5.0.7
--- a/go.sum
+++ b/go.sum
@@ -346,6 +346,8 @@ github.com/crewjam/saml v0.4.9 h1:X2jDv4dv3IvfT9t+RhADavzNFAcq3fVxzTCIH3G605U=
 github.com/crewjam/saml v0.4.9/go.mod h1:9Zh6dWPtB3MSzTRt8fIFH60Z351QQ+s7hCU3J/tTlA4=
 github.com/cs3org/reva/v2 v2.12.1-0.20230222151731-83c7b4d26b2b h1:wIwnuSyH8tM4dbr16UYEoYF7ESlfxah2q99oz/FscU0=
 github.com/cs3org/reva/v2 v2.12.1-0.20230222151731-83c7b4d26b2b/go.mod h1:dbaNP2U3nGQA5BHLc5w/hqviq7b0F4eygNwC38jeaiU=
+github.com/cs3org/reva/v2 v2.12.1-0.20230301100432-f65cdbafbe3e h1:FMxx/Mr+3HVY9CuTPRI55AGExCRamjMTZlum1ckBBm4=
+github.com/cs3org/reva/v2 v2.12.1-0.20230301100432-f65cdbafbe3e/go.mod h1:dbaNP2U3nGQA5BHLc5w/hqviq7b0F4eygNwC38jeaiU=
 github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8 h1:Z9lwXumT5ACSmJ7WGnFl+OMLLjpz5uR2fyz7dC255FI=
 github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8/go.mod h1:4abs/jPXcmJzYoYGF91JF9Uq9s/KL5n1jvFDix8KcqY=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
--- a/services/settings/pkg/store/defaults/defaults.go
+++ b/services/settings/pkg/store/defaults/defaults.go
@@ -87,6 +87,11 @@ const (
 	ChangeLogoPermissionID string = "ed83fc10-1f54-4a9e-b5a7-fb517f5f3e01"
 	// ChangeLogoPermissionName is the hardcoded setting name for the change-logo permission
 	ChangeLogoPermissionName string = "change-logo"
+
+	// WritePublicLinkPermissionID is the hardcoded setting UUID for the PublicLink.Write permission
+	WritePublicLinkPermissionID string = "11516bbd-7157-49e1-b6ac-d00c820f980b"
+	// WritePublicLinkPermissionName is the hardcoded setting name for the PublicLink.Write permission
+	WritePublicLinkPermissionName string = "PublicLink.Write"
 )

 // GenerateBundlesDefaultRoles bootstraps the default roles.
@@ -280,6 +285,21 @@ func generateBundleAdminRole() *settingsmsg.Bundle {
 					},
 				},
 			},
+			{
+				Id:          WritePublicLinkPermissionID,
+				Name:        WritePublicLinkPermissionName,
+				DisplayName: "Write publiclink",
+				Description: "This permission permits to write a public link.",
+				Resource: &settingsmsg.Resource{
+					Type: settingsmsg.Resource_TYPE_SHARE,
+				},
+				Value: &settingsmsg.Setting_PermissionValue{
+					PermissionValue: &settingsmsg.Permission{
+						Operation:  settingsmsg.Permission_OPERATION_WRITE,
+						Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
+					},
+				},
+			},
 		},
 	}
 }
@@ -416,6 +436,21 @@ func generateBundleSpaceAdminRole() *settingsmsg.Bundle {
 					},
 				},
 			},
+			{
+				Id:          WritePublicLinkPermissionID,
+				Name:        WritePublicLinkPermissionName,
+				DisplayName: "Write publiclink",
+				Description: "This permission permits to write a public link.",
+				Resource: &settingsmsg.Resource{
+					Type: settingsmsg.Resource_TYPE_SHARE,
+				},
+				Value: &settingsmsg.Setting_PermissionValue{
+					PermissionValue: &settingsmsg.Permission{
+						Operation:  settingsmsg.Permission_OPERATION_WRITE,
+						Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
+					},
+				},
+			},
 		},
 	}
 }
@@ -477,6 +512,21 @@ func generateBundleUserRole() *settingsmsg.Bundle {
 					},
 				},
 			},
+			{
+				Id:          WritePublicLinkPermissionID,
+				Name:        WritePublicLinkPermissionName,
+				DisplayName: "Write publiclink",
+				Description: "This permission permits to write a public link.",
+				Resource: &settingsmsg.Resource{
+					Type: settingsmsg.Resource_TYPE_SHARE,
+				},
+				Value: &settingsmsg.Setting_PermissionValue{
+					PermissionValue: &settingsmsg.Permission{
+						Operation:  settingsmsg.Permission_OPERATION_WRITE,
+						Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
+					},
+				},
+			},
 		},
 	}
 }