Merge pull request #5441 from kobergj/SpaceManagementPermissions

Space Management Permissions
2026-01-07 04:40:05 -06:00 · 2023-01-25 17:45:58 +01:00
parent 85b84bdeaf b2067575a9
commit c424d24dba
4 changed files with 48 additions and 5 deletions
--- a/changelog/unreleased/space-management-permissions.md
+++ b/changelog/unreleased/space-management-permissions.md
@@ -0,0 +1,5 @@
+Enhancement: Space Management permissions
+
+We added new space management permissions. `space-properties` will allow changing space properties (name, description, ...). `space-ability` will allow enabling and disabling spaces
+
+https://github.com/owncloud/ocis/pull/5441
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/blevesearch/bleve/v2 v2.3.5
 	github.com/coreos/go-oidc/v3 v3.4.0
 	github.com/cs3org/go-cs3apis v0.0.0-20221012090518-ef2996678965
-	github.com/cs3org/reva/v2 v2.12.1-0.20230124073755-a6fe69ca6835
+	github.com/cs3org/reva/v2 v2.12.1-0.20230125142028-2d125a5354d0
 	github.com/disintegration/imaging v1.6.2
 	github.com/ggwhite/go-masker v1.0.9
 	github.com/go-chi/chi/v5 v5.0.7
--- a/go.sum
+++ b/go.sum
@@ -344,10 +344,8 @@ github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3p
 github.com/crewjam/saml v0.4.6/go.mod h1:ZBOXnNPFzB3CgOkRm7Nd6IVdkG+l/wF+0ZXLqD96t1A=
 github.com/crewjam/saml v0.4.9 h1:X2jDv4dv3IvfT9t+RhADavzNFAcq3fVxzTCIH3G605U=
 github.com/crewjam/saml v0.4.9/go.mod h1:9Zh6dWPtB3MSzTRt8fIFH60Z351QQ+s7hCU3J/tTlA4=
-github.com/cs3org/reva/v2 v2.12.1-0.20230113095557-1a7bb8c77ed0 h1:OOFyGTaCOKo3uXFNNtUAQVSNYNDKlZ21EqdDLMHUzQQ=
-github.com/cs3org/reva/v2 v2.12.1-0.20230113095557-1a7bb8c77ed0/go.mod h1:u73Df9JAZsDj43GIjQIb3DO1PLJuPutZXkRqQH0oGXA=
-github.com/cs3org/reva/v2 v2.12.1-0.20230124073755-a6fe69ca6835 h1:501X6172E9DhjqRASOoCN8dW3l4cLhuu9pRp9OJI+Z8=
-github.com/cs3org/reva/v2 v2.12.1-0.20230124073755-a6fe69ca6835/go.mod h1:u73Df9JAZsDj43GIjQIb3DO1PLJuPutZXkRqQH0oGXA=
+github.com/cs3org/reva/v2 v2.12.1-0.20230125142028-2d125a5354d0 h1:FCKt9i38oNgs6oQYpdWaIj7KfJykCNer22HwTUi+h3Y=
+github.com/cs3org/reva/v2 v2.12.1-0.20230125142028-2d125a5354d0/go.mod h1:u73Df9JAZsDj43GIjQIb3DO1PLJuPutZXkRqQH0oGXA=
 github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8 h1:Z9lwXumT5ACSmJ7WGnFl+OMLLjpz5uR2fyz7dC255FI=
 github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8/go.mod h1:4abs/jPXcmJzYoYGF91JF9Uq9s/KL5n1jvFDix8KcqY=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
--- a/services/settings/pkg/store/defaults/defaults.go
+++ b/services/settings/pkg/store/defaults/defaults.go
@@ -58,6 +58,16 @@ const (
 	// DeleteAllSpacesPermissionName is the hardcoded setting name for the delete all space permission
 	DeleteAllSpacesPermissionName string = "delete-all-spaces"

+	// ManageSpacePropertiesPermissionID is the hardcoded setting UUID for the manage space properties permission
+	ManageSpacePropertiesPermissionID string = "b44b4054-31a2-42b8-bb71-968b15cfbd4f"
+	// ManageSpacePropertiesPermissionName is the hardcoded setting name for the manage space properties permission
+	ManageSpacePropertiesPermissionName string = "Drive.ReadWrite"
+
+	// SpaceAbilityPermissionID is the hardcoded setting UUID for the space ability permission
+	SpaceAbilityPermissionID string = "cf3faa8c-50d9-4f84-9650-ff9faf21aa9d"
+	// SpaceAbilityPermissionName is the hardcoded setting name for the space ability permission
+	SpaceAbilityPermissionName string = "Drive.ReadWriteEnable"
+
 	settingUUIDProfileLanguage = "aa8cfbe5-95d4-4f7e-a032-c3c01f5f062f"

 	// AccountManagementPermissionID is the hardcoded setting UUID for the account management permission
@@ -265,6 +275,36 @@ func generateBundleSpaceAdminRole() *settingsmsg.Bundle {
 			Type: settingsmsg.Resource_TYPE_SYSTEM,
 		},
 		Settings: []*settingsmsg.Setting{
+			{
+				Id:          ManageSpacePropertiesPermissionID,
+				Name:        ManageSpacePropertiesPermissionName,
+				DisplayName: "Manage space properties",
+				Description: "This permission allows to manage space properties such as name and description.",
+				Resource: &settingsmsg.Resource{
+					Type: settingsmsg.Resource_TYPE_SYSTEM,
+				},
+				Value: &settingsmsg.Setting_PermissionValue{
+					PermissionValue: &settingsmsg.Permission{
+						Operation:  settingsmsg.Permission_OPERATION_READWRITE,
+						Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
+					},
+				},
+			},
+			{
+				Id:          SpaceAbilityPermissionID,
+				Name:        SpaceAbilityPermissionName,
+				DisplayName: "Space ability",
+				Description: "This permission allows to enable and disable spaces.",
+				Resource: &settingsmsg.Resource{
+					Type: settingsmsg.Resource_TYPE_SYSTEM,
+				},
+				Value: &settingsmsg.Setting_PermissionValue{
+					PermissionValue: &settingsmsg.Permission{
+						Operation:  settingsmsg.Permission_OPERATION_READWRITE,
+						Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
+					},
+				},
+			},
 			{
 				Id:          SetSpaceQuotaPermissionID,
 				Name:        SetSpaceQuotaPermissionName,