[full-ci] Added a new roles viewer/editor with ListGrants

2026-01-05 03:40:01 -06:00 · 2024-08-29 15:38:04 +02:00
parent 09ffe3891e
commit d3e8eb34df
12 changed files with 189 additions and 12 deletions
--- a/changelog/unreleased/new-roles-witht-list-grants.md
+++ b/changelog/unreleased/new-roles-witht-list-grants.md
@@ -0,0 +1,7 @@
+Enhancement: Added a new roles viewer/editor with ListGrants
+
+We add a new roles space viewer/editor with ListGrants permissions.
+
+
+https://github.com/owncloud/ocis/pull/9943
+https://github.com/owncloud/ocis/issues/9701
--- a/go.mod
+++ b/go.mod
@@ -15,7 +15,7 @@ require (
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/coreos/go-oidc/v3 v3.11.0
 	github.com/cs3org/go-cs3apis v0.0.0-20240724121416-062c4e3046cb
-	github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89
+	github.com/cs3org/reva/v2 v2.23.1-0.20240829154445-c991ee0e085f
 	github.com/dhowden/tag v0.0.0-20230630033851-978a0926ee25
 	github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e
 	github.com/egirna/icap-client v0.1.1
--- a/go.sum
+++ b/go.sum
@@ -255,8 +255,8 @@ github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c=
 github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME=
 github.com/cs3org/go-cs3apis v0.0.0-20240724121416-062c4e3046cb h1:KmYZDReplv/yfwc1LNYpDcVhVujC3Pasv6WjXx1haSU=
 github.com/cs3org/go-cs3apis v0.0.0-20240724121416-062c4e3046cb/go.mod h1:yyP8PRo0EZou3nSH7H4qjlzQwaydPeIRNgX50npQHpE=
-github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89 h1:fHQzCRgnsullqFcX9Equ/MKJdbBRSDfn2FtdSpbkdaw=
-github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89/go.mod h1:p7CHBXcg6sSqB+0JMNDfC1S7TSh9FghXkw1kTV3KcJI=
+github.com/cs3org/reva/v2 v2.23.1-0.20240829154445-c991ee0e085f h1:YHqyK+VZthBijeul54z16Kw1q6rn412jbRMUMp20h1k=
+github.com/cs3org/reva/v2 v2.23.1-0.20240829154445-c991ee0e085f/go.mod h1:p7CHBXcg6sSqB+0JMNDfC1S7TSh9FghXkw1kTV3KcJI=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
 github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
 github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
--- a/services/graph/pkg/config/defaults/defaultconfig.go
+++ b/services/graph/pkg/config/defaults/defaultconfig.go
@@ -15,7 +15,13 @@ import (
 var (
 	// _disabledByDefaultUnifiedRoleRoleIDs contains all roles that are not enabled by default,
 	// but can be enabled by the user.
-	_disabledByDefaultUnifiedRoleRoleIDs = []string{unifiedrole.UnifiedRoleSecureViewerID, unifiedrole.UnifiedRoleSpaceEditorWithoutVersionsID}
+	_disabledByDefaultUnifiedRoleRoleIDs = []string{
+		unifiedrole.UnifiedRoleSecureViewerID,
+		unifiedrole.UnifiedRoleSpaceEditorWithoutVersionsID,
+		unifiedrole.UnifiedRoleViewerListGrantsID,
+		unifiedrole.UnifiedRoleEditorListGrantsID,
+		unifiedrole.UnifiedRoleFileEditorListGrantsID,
+	}
 )

 // FullDefaultConfig returns a fully initialized default configuration
--- a/services/graph/pkg/unifiedrole/conversion.go
+++ b/services/graph/pkg/unifiedrole/conversion.go
@@ -204,16 +204,22 @@ func cs3RoleToDisplayName(role *conversions.Role) string {
 	switch role.Name {
 	case conversions.RoleViewer:
 		return _viewerUnifiedRoleDisplayName
+	case conversions.RoleViewerListGrants:
+		return _viewerListGrantsUnifiedRoleDisplayName
 	case conversions.RoleSpaceViewer:
 		return _spaceViewerUnifiedRoleDisplayName
 	case conversions.RoleEditor:
 		return _editorUnifiedRoleDisplayName
+	case conversions.RoleEditorListGrants:
+		return _editorListGrantsUnifiedRoleDisplayName
 	case conversions.RoleSpaceEditor:
 		return _spaceEditorUnifiedRoleDisplayName
 	case conversions.RoleSpaceEditorWithoutVersions:
 		return _spaceEditorWithoutVersionsUnifiedRoleDisplayName
 	case conversions.RoleFileEditor:
 		return _fileEditorUnifiedRoleDisplayName
+	case conversions.RoleFileEditorListGrants:
+		return _fileEditorListGrantsUnifiedRoleDisplayName
 	case conversions.RoleEditorLite:
 		return _editorLiteUnifiedRoleDisplayName
 	case conversions.RoleManager:
--- a/services/graph/pkg/unifiedrole/conversion_test.go
+++ b/services/graph/pkg/unifiedrole/conversion_test.go
@@ -19,12 +19,15 @@ func TestPermissionsToCS3ResourcePermissions(t *testing.T) {
 		unifiedRoleDefinition *libregraph.UnifiedRoleDefinition
 		match                 bool
 	}{
-		cs3Conversions.RoleViewer:       {cs3Conversions.NewViewerRole(), unifiedrole.RoleViewer, true},
-		cs3Conversions.RoleEditor:       {cs3Conversions.NewEditorRole(), unifiedrole.RoleEditor, true},
-		cs3Conversions.RoleFileEditor:   {cs3Conversions.NewFileEditorRole(), unifiedrole.RoleFileEditor, true},
-		cs3Conversions.RoleManager:      {cs3Conversions.NewManagerRole(), unifiedrole.RoleManager, true},
-		cs3Conversions.RoleSecureViewer: {cs3Conversions.NewSecureViewerRole(), unifiedrole.RoleSecureViewer, true},
-		"no match":                      {cs3Conversions.NewFileEditorRole(), unifiedrole.RoleManager, false},
+		cs3Conversions.RoleViewer:               {cs3Conversions.NewViewerRole(), unifiedrole.RoleViewer, true},
+		cs3Conversions.RoleViewerListGrants:     {cs3Conversions.NewViewerListGrantsRole(), unifiedrole.RoleViewerListGrants, true},
+		cs3Conversions.RoleEditor:               {cs3Conversions.NewEditorRole(), unifiedrole.RoleEditor, true},
+		cs3Conversions.RoleEditorListGrants:     {cs3Conversions.NewEditorListGrantsRole(), unifiedrole.RoleEditorListGrants, true},
+		cs3Conversions.RoleFileEditor:           {cs3Conversions.NewFileEditorRole(), unifiedrole.RoleFileEditor, true},
+		cs3Conversions.RoleFileEditorListGrants: {cs3Conversions.NewFileEditorListGrantsRole(), unifiedrole.RoleFileEditorListGrants, true},
+		cs3Conversions.RoleManager:              {cs3Conversions.NewManagerRole(), unifiedrole.RoleManager, true},
+		cs3Conversions.RoleSecureViewer:         {cs3Conversions.NewSecureViewerRole(), unifiedrole.RoleSecureViewer, true},
+		"no match":                              {cs3Conversions.NewFileEditorRole(), unifiedrole.RoleManager, false},
 	}

 	for name, tc := range tests {
--- a/services/graph/pkg/unifiedrole/export_test.go
+++ b/services/graph/pkg/unifiedrole/export_test.go
@@ -2,11 +2,14 @@ package unifiedrole

 var (
 	RoleViewer                     = roleViewer
+	RoleViewerListGrants           = roleViewerListGrants
 	RoleSpaceViewer                = roleSpaceViewer
 	RoleEditor                     = roleEditor
+	RoleEditorListGrants           = roleEditorListGrants
 	RoleSpaceEditor                = roleSpaceEditor
 	RoleSpaceEditorWithoutVersions = roleSpaceEditorWithoutVersions
 	RoleFileEditor                 = roleFileEditor
+	RoleFileEditorListGrants       = roleFileEditorListGrants
 	RoleEditorLite                 = roleEditorLite
 	RoleManager                    = roleManager
 	RoleSecureViewer               = roleSecureViewer
--- a/services/graph/pkg/unifiedrole/roles.go
+++ b/services/graph/pkg/unifiedrole/roles.go
@@ -16,16 +16,22 @@ import (
 const (
 	// UnifiedRoleViewerID Unified role viewer id.
 	UnifiedRoleViewerID = "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5"
+	// UnifiedRoleViewerListGrantsID Unified role viewer id.
+	UnifiedRoleViewerListGrantsID = "d5041006-ebb3-4b4a-b6a4-7c180ecfb17d"
 	// UnifiedRoleSpaceViewerID Unified role space viewer id.
 	UnifiedRoleSpaceViewerID = "a8d5fe5e-96e3-418d-825b-534dbdf22b99"
 	// UnifiedRoleEditorID Unified role editor id.
 	UnifiedRoleEditorID = "fb6c3e19-e378-47e5-b277-9732f9de6e21"
+	// UnifiedRoleEditorListGrantsID Unified role editor id.
+	UnifiedRoleEditorListGrantsID = "e8ea8b21-abd4-45d2-b893-8d1546378e9e"
 	// UnifiedRoleSpaceEditorID Unified role space editor id.
 	UnifiedRoleSpaceEditorID = "58c63c02-1d89-4572-916a-870abc5a1b7d"
 	// UnifiedRoleSpaceEditorWithoutVersionsID Unified role space editor without list/restore versions id.
 	UnifiedRoleSpaceEditorWithoutVersionsID = "3284f2d5-0070-4ad8-ac40-c247f7c1fb27"
 	// UnifiedRoleFileEditorID Unified role file editor id.
 	UnifiedRoleFileEditorID = "2d00ce52-1fc2-4dbc-8b95-a73b73395f5a"
+	// UnifiedRoleFileEditorListGrantsID Unified role file editor id.
+	UnifiedRoleFileEditorListGrantsID = "c1235aea-d106-42db-8458-7d5610fb0a67"
 	// UnifiedRoleEditorLiteID Unified role editor-lite id.
 	UnifiedRoleEditorLiteID = "1c996275-f1c9-4e71-abdf-a42f6495e960"
 	// UnifiedRoleManagerID Unified role manager id.
@@ -93,6 +99,12 @@ var (
 	// UnifiedRole Viewer, Role DisplayName (resolves directly)
 	_viewerUnifiedRoleDisplayName = l10n.Template("Can view")

+	// UnifiedRole ViewerListGrants, Role Description (resolves directly)
+	_viewerListGrantsUnifiedRoleDescription = l10n.Template("View, download and show all invited people.")
+
+	// UnifiedRole Viewer, Role DisplayName (resolves directly)
+	_viewerListGrantsUnifiedRoleDisplayName = l10n.Template("Can view")
+
 	// UnifiedRole SpaceViewer, Role Description (resolves directly)
 	_spaceViewerUnifiedRoleDescription = l10n.Template("View and download.")

@@ -105,6 +117,12 @@ var (
 	// UnifiedRole Editor, Role DisplayName (resolves directly)
 	_editorUnifiedRoleDisplayName = l10n.Template("Can edit")

+	// UnifiedRoleListGrants Editor, Role Description (resolves directly)
+	_editorListGrantsUnifiedRoleDescription = l10n.Template("View, download, upload, edit, add, delete and show all invited people.")
+
+	// UnifiedRole EditorListGrants, Role DisplayName (resolves directly)
+	_editorListGrantsUnifiedRoleDisplayName = l10n.Template("Can edit")
+
 	// UnifiedRole SpaseEditor, Role Description (resolves directly)
 	_spaceEditorUnifiedRoleDescription = l10n.Template("View, download, upload, edit, add and delete.")

@@ -123,6 +141,12 @@ var (
 	// UnifiedRole FileEditor, Role DisplayName (resolves directly)
 	_fileEditorUnifiedRoleDisplayName = l10n.Template("Can edit")

+	// UnifiedRole FileEditorListGrants, Role Description (resolves directly)
+	_fileEditorListGrantsUnifiedRoleDescription = l10n.Template("View, download, edit and show all invited people.")
+
+	// UnifiedRole FileEditorListGrants, Role DisplayName (resolves directly)
+	_fileEditorListGrantsUnifiedRoleDisplayName = l10n.Template("Can edit")
+
 	// UnifiedRole EditorLite, Role Description (resolves directly)
 	_editorLiteUnifiedRoleDescription = l10n.Template("View, download and upload.")

@@ -159,11 +183,14 @@ var (
 	// buildInRoles contains the built-in roles.
 	buildInRoles = []*libregraph.UnifiedRoleDefinition{
 		roleViewer,
+		roleViewerListGrants,
 		roleSpaceViewer,
 		roleEditor,
+		roleEditorListGrants,
 		roleSpaceEditor,
 		roleSpaceEditorWithoutVersions,
 		roleFileEditor,
+		roleFileEditorListGrants,
 		roleEditorLite,
 		roleManager,
 		roleSecureViewer,
@@ -198,6 +225,35 @@ var (
 		}
 	}()

+	// roleViewerListGrants creates a viewer role.
+	roleViewerListGrants = func() *libregraph.UnifiedRoleDefinition {
+		r := conversions.NewViewerListGrantsRole()
+		return &libregraph.UnifiedRoleDefinition{
+			Id:          proto.String(UnifiedRoleViewerListGrantsID),
+			Description: proto.String(_viewerListGrantsUnifiedRoleDescription),
+			DisplayName: proto.String(cs3RoleToDisplayName(r)),
+			RolePermissions: []libregraph.UnifiedRolePermission{
+				{
+					AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
+					Condition:              proto.String(UnifiedRoleConditionFile),
+				},
+				{
+					AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
+					Condition:              proto.String(UnifiedRoleConditionFolder),
+				},
+				{
+					AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
+					Condition:              proto.String(UnifiedRoleConditionFileFederatedUser),
+				},
+				{
+					AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
+					Condition:              proto.String(UnifiedRoleConditionFolderFederatedUser),
+				},
+			},
+			LibreGraphWeight: proto.Int32(0),
+		}
+	}()
+
 	// roleSpaceViewer creates a spaceviewer role
 	roleSpaceViewer = func() *libregraph.UnifiedRoleDefinition {
 		r := conversions.NewSpaceViewerRole()
@@ -236,6 +292,27 @@ var (
 		}
 	}()

+	// roleEditorListGrants creates an editor role.
+	roleEditorListGrants = func() *libregraph.UnifiedRoleDefinition {
+		r := conversions.NewEditorListGrantsRole()
+		return &libregraph.UnifiedRoleDefinition{
+			Id:          proto.String(UnifiedRoleEditorListGrantsID),
+			Description: proto.String(_editorListGrantsUnifiedRoleDescription),
+			DisplayName: proto.String(cs3RoleToDisplayName(r)),
+			RolePermissions: []libregraph.UnifiedRolePermission{
+				{
+					AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
+					Condition:              proto.String(UnifiedRoleConditionFolder),
+				},
+				{
+					AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
+					Condition:              proto.String(UnifiedRoleConditionFolderFederatedUser),
+				},
+			},
+			LibreGraphWeight: proto.Int32(0),
+		}
+	}()
+
 	// roleSpaceEditor creates an editor role
 	roleSpaceEditor = func() *libregraph.UnifiedRoleDefinition {
 		r := conversions.NewSpaceEditorRole()
@@ -291,6 +368,27 @@ var (
 		}
 	}()

+	// roleFileEditorListGrants creates a file-editor role
+	roleFileEditorListGrants = func() *libregraph.UnifiedRoleDefinition {
+		r := conversions.NewFileEditorListGrantsRole()
+		return &libregraph.UnifiedRoleDefinition{
+			Id:          proto.String(UnifiedRoleFileEditorListGrantsID),
+			Description: proto.String(_fileEditorListGrantsUnifiedRoleDescription),
+			DisplayName: proto.String(cs3RoleToDisplayName(r)),
+			RolePermissions: []libregraph.UnifiedRolePermission{
+				{
+					AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
+					Condition:              proto.String(UnifiedRoleConditionFile),
+				},
+				{
+					AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
+					Condition:              proto.String(UnifiedRoleConditionFileFederatedUser),
+				},
+			},
+			LibreGraphWeight: proto.Int32(0),
+		}
+	}()
+
 	// roleEditorLite creates an editor-lite role
 	roleEditorLite = func() *libregraph.UnifiedRoleDefinition {
 		r := conversions.NewEditorLiteRole()
--- a/services/graph/pkg/unifiedrole/roles_test.go
+++ b/services/graph/pkg/unifiedrole/roles_test.go
@@ -163,7 +163,9 @@ func TestGetRolesByPermissions(t *testing.T) {
 			unifiedRoleDefinition: []*libregraph.UnifiedRoleDefinition{
 				unifiedrole.RoleSecureViewer,
 				unifiedrole.RoleViewer,
+				unifiedrole.RoleViewerListGrants,
 				unifiedrole.RoleFileEditor,
+				unifiedrole.RoleFileEditorListGrants,
 			},
 		},
 		"BuildInRoles | folder": {
@@ -172,8 +174,10 @@ func TestGetRolesByPermissions(t *testing.T) {
 			unifiedRoleDefinition: []*libregraph.UnifiedRoleDefinition{
 				unifiedrole.RoleSecureViewer,
 				unifiedrole.RoleViewer,
+				unifiedrole.RoleViewerListGrants,
 				unifiedrole.RoleEditorLite,
 				unifiedrole.RoleEditor,
+				unifiedrole.RoleEditorListGrants,
 			},
 		},
 		"BuildInRoles | drive": {
--- a/services/web/pkg/theme/theme.go
+++ b/services/web/pkg/theme/theme.go
@@ -21,6 +21,10 @@ var themeDefaults = KV{
 				"name":     "UnifiedRoleViewer",
 				"iconName": "eye",
 			},
+			unifiedrole.UnifiedRoleViewerListGrantsID: KV{
+				"name":     "UnifiedRoleViewerListGrants",
+				"iconName": "eye",
+			},
 			unifiedrole.UnifiedRoleSpaceViewerID: KV{
 				"label":    "UnifiedRoleSpaceViewer",
 				"iconName": "eye",
@@ -29,10 +33,18 @@ var themeDefaults = KV{
 				"label":    "UnifiedRoleFileEditor",
 				"iconName": "pencil",
 			},
+			unifiedrole.UnifiedRoleFileEditorListGrantsID: KV{
+				"label":    "UnifiedRoleFileEditorListGrants",
+				"iconName": "pencil",
+			},
 			unifiedrole.UnifiedRoleEditorID: KV{
 				"label":    "UnifiedRoleEditor",
 				"iconName": "pencil",
 			},
+			unifiedrole.UnifiedRoleEditorListGrantsID: KV{
+				"label":    "UnifiedRoleEditorListGrants",
+				"iconName": "pencil",
+			},
 			unifiedrole.UnifiedRoleSpaceEditorID: KV{
 				"label":    "UnifiedRoleSpaceEditor",
 				"iconName": "pencil",
--- a/vendor/github.com/cs3org/reva/v2/pkg/conversions/role.go
+++ b/vendor/github.com/cs3org/reva/v2/pkg/conversions/role.go
@@ -37,16 +37,22 @@ type Role struct {
 const (
 	// RoleViewer grants non-editor role on a resource.
 	RoleViewer = "viewer"
+	// RoleViewerListGrants grants non-editor role on a resource.
+	RoleViewerListGrants = "viewer-list-grants"
 	// RoleSpaceViewer grants non-editor role on a space.
 	RoleSpaceViewer = "spaceviewer"
 	// RoleEditor grants editor permission on a resource, including folders.
 	RoleEditor = "editor"
+	// RoleEditorListGrants grants editor permission on a resource, including folders.
+	RoleEditorListGrants = "editor-list-grants"
 	// RoleSpaceEditor grants editor permission on a space.
 	RoleSpaceEditor = "spaceeditor"
 	// RoleSpaceEditorWithoutVersions grants editor permission without list/restore versions on a space.
 	RoleSpaceEditorWithoutVersions = "spaceeditor-without-versions"
 	// RoleFileEditor grants editor permission on a single file.
 	RoleFileEditor = "file-editor"
+	// RoleFileEditorListGrants grants editor permission on a single file.
+	RoleFileEditorListGrants = "file-editor-list-grants"
 	// RoleCoowner grants co-owner permissions on a resource.
 	RoleCoowner = "coowner"
 	// RoleEditorLite grants permission to upload and download to a resource.
@@ -157,14 +163,20 @@ func RoleFromName(name string) *Role {
 		return NewDeniedRole()
 	case RoleViewer:
 		return NewViewerRole()
+	case RoleViewerListGrants:
+		return NewViewerListGrantsRole()
 	case RoleSpaceViewer:
 		return NewSpaceViewerRole()
 	case RoleEditor:
 		return NewEditorRole()
+	case RoleEditorListGrants:
+		return NewEditorListGrantsRole()
 	case RoleSpaceEditor:
 		return NewSpaceEditorRole()
 	case RoleFileEditor:
 		return NewFileEditorRole()
+	case RoleFileEditorListGrants:
+		return NewFileEditorListGrantsRole()
 	case RoleUploader:
 		return NewUploaderRole()
 	case RoleManager:
@@ -211,6 +223,13 @@ func NewViewerRole() *Role {
 	}
 }

+// NewViewerListGrantsRole creates a viewer role. `sharing` indicates if sharing permission should be added
+func NewViewerListGrantsRole() *Role {
+	role := NewViewerRole()
+	role.cS3ResourcePermissions.ListGrants = true
+	return role
+}
+
 // NewSpaceViewerRole creates a spaceviewer role
 func NewSpaceViewerRole() *Role {
 	return &Role{
@@ -250,6 +269,13 @@ func NewEditorRole() *Role {
 	}
 }

+// NewEditorListGrantsRole creates an editor role. `sharing` indicates if sharing permission should be added
+func NewEditorListGrantsRole() *Role {
+	role := NewEditorRole()
+	role.cS3ResourcePermissions.ListGrants = true
+	return role
+}
+
 // NewSpaceEditorRole creates an editor role
 func NewSpaceEditorRole() *Role {
 	return &Role{
@@ -315,6 +341,13 @@ func NewFileEditorRole() *Role {
 	}
 }

+// NewFileEditorListGrantsRole creates a file-editor role
+func NewFileEditorListGrantsRole() *Role {
+	role := NewFileEditorRole()
+	role.cS3ResourcePermissions.ListGrants = true
+	return role
+}
+
 // NewCoownerRole creates a coowner role.
 func NewCoownerRole() *Role {
 	return &Role{
@@ -559,7 +592,9 @@ func RoleFromResourcePermissions(rp *provider.ResourcePermissions, islink bool)
 	if r.ocsPermissions.Contain(PermissionRead) {
 		if r.ocsPermissions.Contain(PermissionWrite) && r.ocsPermissions.Contain(PermissionCreate) && r.ocsPermissions.Contain(PermissionDelete) && r.ocsPermissions.Contain(PermissionShare) {
 			r.Name = RoleEditor
-
+			if rp.ListGrants {
+				r.Name = RoleEditorListGrants
+			}
 			if rp.RemoveGrant {
 				r.Name = RoleManager
 			}
@@ -567,6 +602,9 @@ func RoleFromResourcePermissions(rp *provider.ResourcePermissions, islink bool)
 		}
 		if r.ocsPermissions == PermissionRead|PermissionShare {
 			r.Name = RoleViewer
+			if rp.ListGrants {
+				r.Name = RoleViewerListGrants
+			}
 			return r
 		}
 	} else if rp.Stat && rp.GetPath && rp.ListContainer && !rp.InitiateFileUpload && !rp.Delete && !rp.AddGrant {
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -367,7 +367,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1
 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1
 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1
 github.com/cs3org/go-cs3apis/cs3/types/v1beta1
-# github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89
+# github.com/cs3org/reva/v2 v2.23.1-0.20240829154445-c991ee0e085f
 ## explicit; go 1.21
 github.com/cs3org/reva/v2/cmd/revad/internal/grace
 github.com/cs3org/reva/v2/cmd/revad/runtime