From 87efb6e3a977e18b8ec5694125637324de62e0cc Mon Sep 17 00:00:00 2001 From: Martin Date: Thu, 11 Apr 2024 12:19:11 +0200 Subject: [PATCH 01/14] [docs-only] Backport of Make a frontend envvar description more clear Backport of #8838 to stable-5.0 --- services/frontend/pkg/config/config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/frontend/pkg/config/config.go b/services/frontend/pkg/config/config.go index bfb61f899..8a73d5dd9 100644 --- a/services/frontend/pkg/config/config.go +++ b/services/frontend/pkg/config/config.go @@ -143,7 +143,7 @@ type OCS struct { EnableDenials bool `yaml:"enable_denials" env:"FRONTEND_OCS_ENABLE_DENIALS" desc:"EXPERIMENTAL: enable the feature to deny access on folders." introductionVersion:"pre5.0"` ListOCMShares bool `yaml:"list_ocm_shares" env:"FRONTEND_OCS_LIST_OCM_SHARES" desc:"Include OCM shares when listing shares. See the OCM service documentation for more details." introductionVersion:"5.0"` PublicShareMustHavePassword bool `yaml:"public_sharing_share_must_have_password" env:"OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD;FRONTEND_OCS_PUBLIC_SHARE_MUST_HAVE_PASSWORD" desc:"Set this to true if you want to enforce passwords on all public shares." introductionVersion:"5.0"` - WriteablePublicShareMustHavePassword bool `yaml:"public_sharing_writeableshare_must_have_password" env:"OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD;FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD" desc:"Set this to true if you want to enforce passwords on Uploader, Editor or Contributor shares." introductionVersion:"5.0"` + WriteablePublicShareMustHavePassword bool `yaml:"public_sharing_writeableshare_must_have_password" env:"OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD;FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD" desc:"Set this to true if you want to enforce passwords for writable shares. Only effective if the setting for 'passwords on all public shares' is set to false." introductionVersion:"5.0"` IncludeOCMSharees bool `yaml:"include_ocm_sharees" env:"FRONTEND_OCS_INCLUDE_OCM_SHAREES" desc:"Include OCM sharees when listing sharees." introductionVersion:"5.0"` ShowUserEmailInResults bool `yaml:"show_email_in_results" env:"FRONTEND_SHOW_USER_EMAIL_IN_RESULTS;OCIS_SHOW_USER_EMAIL_IN_RESULTS" desc:"Mask user email addresses in responses. (EXPERIMENTAL)" introductionVersion:"5.1"` } From de2a3c7444af3853cb8cffc9cba39960c0ff5247 Mon Sep 17 00:00:00 2001 From: Martin Date: Fri, 12 Apr 2024 15:06:25 +0200 Subject: [PATCH 02/14] [docs-only] Remove EXPERIMENTAL from envvar text Based on a discussion with @tbsbdr, we can remove the EXPERIMENTAL string from the `OCIS_SHOW_USER_EMAIL_IN_RESULTS` envvar text. This is already fixed in master. --- services/frontend/pkg/config/config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/frontend/pkg/config/config.go b/services/frontend/pkg/config/config.go index 8a73d5dd9..709d7a7b0 100644 --- a/services/frontend/pkg/config/config.go +++ b/services/frontend/pkg/config/config.go @@ -145,7 +145,7 @@ type OCS struct { PublicShareMustHavePassword bool `yaml:"public_sharing_share_must_have_password" env:"OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD;FRONTEND_OCS_PUBLIC_SHARE_MUST_HAVE_PASSWORD" desc:"Set this to true if you want to enforce passwords on all public shares." introductionVersion:"5.0"` WriteablePublicShareMustHavePassword bool `yaml:"public_sharing_writeableshare_must_have_password" env:"OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD;FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD" desc:"Set this to true if you want to enforce passwords for writable shares. Only effective if the setting for 'passwords on all public shares' is set to false." introductionVersion:"5.0"` IncludeOCMSharees bool `yaml:"include_ocm_sharees" env:"FRONTEND_OCS_INCLUDE_OCM_SHAREES" desc:"Include OCM sharees when listing sharees." introductionVersion:"5.0"` - ShowUserEmailInResults bool `yaml:"show_email_in_results" env:"FRONTEND_SHOW_USER_EMAIL_IN_RESULTS;OCIS_SHOW_USER_EMAIL_IN_RESULTS" desc:"Mask user email addresses in responses. (EXPERIMENTAL)" introductionVersion:"5.1"` + ShowUserEmailInResults bool `yaml:"show_email_in_results" env:"FRONTEND_SHOW_USER_EMAIL_IN_RESULTS;OCIS_SHOW_USER_EMAIL_IN_RESULTS" desc:"Mask user email addresses in responses." introductionVersion:"5.1"` } type CacheWarmupDrivers struct { From 76591e0ea334c5a62012685da8bcb3c02981c54d Mon Sep 17 00:00:00 2001 From: Prajwol Amatya <83579989+PrajwolAmatya@users.noreply.github.com> Date: Mon, 15 Apr 2024 13:05:18 +0545 Subject: [PATCH 03/14] notify chat on nightly success also (#8852) --- .drone.star | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.drone.star b/.drone.star index 8d1d8da48..67d56bff6 100644 --- a/.drone.star +++ b/.drone.star @@ -280,7 +280,7 @@ def main(ctx): # always append notification step pipelines.append( pipelineDependsOn( - notify(), + notify(ctx), pipelines, ), ) @@ -1908,7 +1908,11 @@ def makeGoGenerate(module): }, ] -def notify(): +def notify(ctx): + status = ["failure"] + if ctx.build.event == "cron": + status.append("success") + return { "kind": "pipeline", "type": "docker", @@ -1935,9 +1939,7 @@ def notify(): "refs/heads/release*", "refs/tags/**", ], - "status": [ - "failure", - ], + "status": status, }, } From d3812a1bd6777483c8581f6b0b77ef848e374188 Mon Sep 17 00:00:00 2001 From: Prajwol Amatya <83579989+PrajwolAmatya@users.noreply.github.com> Date: Mon, 15 Apr 2024 13:06:02 +0545 Subject: [PATCH 04/14] updated drone file to display pipeline in order by trigger (#8823) (#8851) --- .drone.star | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/.drone.star b/.drone.star index 67d56bff6..24d7f35fb 100644 --- a/.drone.star +++ b/.drone.star @@ -237,25 +237,27 @@ def main(ctx): pipelines = [] + build_release_helpers = [ + changelog(), + docs(), + licenseCheck(ctx), + ] + test_pipelines = \ codestyle(ctx) + \ checkTestSuitesInExpectedFailures(ctx) + \ buildWebCache(ctx) + \ getGoBinForTesting(ctx) + \ [buildOcisBinaryForTesting(ctx)] + \ + checkStarlark() + \ + build_release_helpers + \ testOcisAndUploadResults(ctx) + \ testPipelines(ctx) build_release_pipelines = \ - [licenseCheck(ctx)] + \ dockerReleases(ctx) + \ binaryReleases(ctx) - build_release_helpers = [ - changelog(), - docs(), - ] - test_pipelines.append( pipelineDependsOn( purgeBuildArtifactCache(ctx), @@ -263,7 +265,7 @@ def main(ctx): ), ) - pipelines = test_pipelines + build_release_pipelines + build_release_helpers + pipelines = test_pipelines + build_release_pipelines if ctx.build.event == "cron": pipelines = \ @@ -287,7 +289,6 @@ def main(ctx): pipelines = pipelines + k6LoadTests(ctx) - pipelines += checkStarlark() pipelineSanityChecks(ctx, pipelines) return pipelines @@ -322,7 +323,7 @@ def testOcisAndUploadResults(ctx): scan_result_upload["depends_on"] = getPipelineNames([pipeline]) security_scan = scanOcis(ctx) - return [pipeline, scan_result_upload, security_scan] + return [security_scan, pipeline, scan_result_upload] def testPipelines(ctx): pipelines = [] From 49c241af930a730a350a83a55eb26df9b6cedf9c Mon Sep 17 00:00:00 2001 From: Prajwol Amatya Date: Tue, 16 Apr 2024 09:55:20 +0545 Subject: [PATCH 05/14] send nightly notification to builds channel --- .drone.star | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.drone.star b/.drone.star index 24d7f35fb..bb1114b87 100644 --- a/.drone.star +++ b/.drone.star @@ -144,6 +144,7 @@ config = { }, "rocketchat": { "channel": "infinitescale", + "channel_builds": "builds", "from_secret": "rocketchat_talk_webhook", }, "binaryReleases": { @@ -1911,8 +1912,10 @@ def makeGoGenerate(module): def notify(ctx): status = ["failure"] + channel = config["rocketchat"]["channel"] if ctx.build.event == "cron": status.append("success") + channel = config["rocketchat"]["channel_builds"] return { "kind": "pipeline", @@ -1929,7 +1932,7 @@ def notify(ctx): "webhook": { "from_secret": config["rocketchat"]["from_secret"], }, - "channel": config["rocketchat"]["channel"], + "channel": channel, }, }, ], From 46ea8a0bc6fb486598e1c5a59dfbcc1ecccef649 Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Tue, 16 Apr 2024 18:35:54 +0545 Subject: [PATCH 06/14] rename channel_cron in drone script --- .drone.star | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.star b/.drone.star index bb1114b87..1e034e65e 100644 --- a/.drone.star +++ b/.drone.star @@ -144,7 +144,7 @@ config = { }, "rocketchat": { "channel": "infinitescale", - "channel_builds": "builds", + "channel_cron": "builds", "from_secret": "rocketchat_talk_webhook", }, "binaryReleases": { @@ -1915,7 +1915,7 @@ def notify(ctx): channel = config["rocketchat"]["channel"] if ctx.build.event == "cron": status.append("success") - channel = config["rocketchat"]["channel_builds"] + channel = config["rocketchat"]["channel_cron"] return { "kind": "pipeline", From 6df5f45c0efece37815c926ddab2cca127e5b0b5 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Wed, 10 Apr 2024 18:22:43 +0200 Subject: [PATCH 07/14] fix(public-share-auth): allow to create new documents in public share folder The public share authentication middleware only allowed to open existing documents the /app/new route was missing. Fixes #8691 (cherry picked from commit 8d5a0c6dd874e6ba9b2199348228203d542ff257) --- .../unreleased/fix-adding-wopi-doc-on-public-share.md | 7 +++++++ services/proxy/pkg/middleware/public_share_auth.go | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 changelog/unreleased/fix-adding-wopi-doc-on-public-share.md diff --git a/changelog/unreleased/fix-adding-wopi-doc-on-public-share.md b/changelog/unreleased/fix-adding-wopi-doc-on-public-share.md new file mode 100644 index 000000000..5c901ab55 --- /dev/null +++ b/changelog/unreleased/fix-adding-wopi-doc-on-public-share.md @@ -0,0 +1,7 @@ +Bugfix: Fix creating new WOPI documents on public shares + +Creating a new Office document in a publicly shared folder is now possible. + +https://github.com/owncloud/ocis/pull/8828 +https://github.com/owncloud/ocis/issues/8691 + diff --git a/services/proxy/pkg/middleware/public_share_auth.go b/services/proxy/pkg/middleware/public_share_auth.go index f66e030a0..403d5d598 100644 --- a/services/proxy/pkg/middleware/public_share_auth.go +++ b/services/proxy/pkg/middleware/public_share_auth.go @@ -44,7 +44,7 @@ func isPublicShareArchive(r *http.Request) bool { // The app open requests can also be made in authenticated context. In these cases the PublicShareAuthenticator // needs to ignore the request. func isPublicShareAppOpen(r *http.Request) bool { - return strings.HasPrefix(r.URL.Path, "/app/open") && + return (strings.HasPrefix(r.URL.Path, "/app/open") || strings.HasPrefix(r.URL.Path, "/app/new")) && (r.URL.Query().Get(headerShareToken) != "" || r.Header.Get(headerShareToken) != "") } From 042ec41edd175a3240eca686e2305ddec328ab94 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Tue, 16 Apr 2024 17:20:29 +0200 Subject: [PATCH 08/14] Bump reva to v2.19.5 For https://github.com/cs3org/reva/pull/4634 --- go.mod | 2 +- go.sum | 4 ++-- .../reva/v2/internal/grpc/interceptors/auth/scope.go | 12 ++++++++++-- .../publicshareprovider/publicshareprovider.go | 12 ++++++++++++ .../http/services/archiver/manager/archiver.go | 11 +++-------- .../v2/internal/http/services/owncloud/ocdav/copy.go | 4 ++-- .../v2/internal/http/services/owncloud/ocdav/move.go | 4 ++-- .../internal/http/services/owncloud/ocdav/ocdav.go | 6 ------ vendor/github.com/cs3org/reva/v2/pkg/utils/grpc.go | 7 +++++++ vendor/modules.txt | 2 +- 10 files changed, 40 insertions(+), 24 deletions(-) diff --git a/go.mod b/go.mod index 15ff4d4d2..c08e14806 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/cenkalti/backoff v2.2.1+incompatible github.com/coreos/go-oidc/v3 v3.9.0 github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781 - github.com/cs3org/reva/v2 v2.19.4 + github.com/cs3org/reva/v2 v2.19.5 github.com/dhowden/tag v0.0.0-20230630033851-978a0926ee25 github.com/disintegration/imaging v1.6.2 github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e diff --git a/go.sum b/go.sum index 2721eebd1..9230fc802 100644 --- a/go.sum +++ b/go.sum @@ -1019,8 +1019,8 @@ github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c= github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME= github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781 h1:BUdwkIlf8IS2FasrrPg8gGPHQPOrQ18MS1Oew2tmGtY= github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY= -github.com/cs3org/reva/v2 v2.19.4 h1:gOcV6cgV+es624ckLUkXWL9mbHZpPXEgsa83/YA6WYA= -github.com/cs3org/reva/v2 v2.19.4/go.mod h1:GRUrOp5HbFVwZTgR9bVrMZ/MvVy+Jhxw1PdMmhhKP9E= +github.com/cs3org/reva/v2 v2.19.5 h1:Qh38wpPovnb0jPpgGR6L6HfbQ8vwObcrB8yUCRJldSw= +github.com/cs3org/reva/v2 v2.19.5/go.mod h1:GRUrOp5HbFVwZTgR9bVrMZ/MvVy+Jhxw1PdMmhhKP9E= github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= diff --git a/vendor/github.com/cs3org/reva/v2/internal/grpc/interceptors/auth/scope.go b/vendor/github.com/cs3org/reva/v2/internal/grpc/interceptors/auth/scope.go index 1b5edd9f2..5cb6183c6 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/grpc/interceptors/auth/scope.go +++ b/vendor/github.com/cs3org/reva/v2/internal/grpc/interceptors/auth/scope.go @@ -264,7 +264,15 @@ func checkIfNestedResource(ctx context.Context, ref *provider.Reference, parent if statResponse.Status.Code != rpc.Code_CODE_OK { return false, statuspkg.NewErrorFromCode(statResponse.Status.Code, "auth interceptor") } - parentPath := statResponse.Info.Path + + pathResp, err := client.GetPath(ctx, &provider.GetPathRequest{ResourceId: statResponse.GetInfo().GetId()}) + if err != nil { + return false, err + } + if pathResp.Status.Code != rpc.Code_CODE_OK { + return false, statuspkg.NewErrorFromCode(pathResp.Status.Code, "auth interceptor") + } + parentPath := pathResp.Path childPath := ref.GetPath() if childPath != "" && childPath != "." && strings.HasPrefix(childPath, parentPath) { @@ -308,7 +316,7 @@ func checkIfNestedResource(ctx context.Context, ref *provider.Reference, parent if childStat.Status.Code != rpc.Code_CODE_OK { return false, statuspkg.NewErrorFromCode(childStat.Status.Code, "auth interceptor") } - pathResp, err := client.GetPath(ctx, &provider.GetPathRequest{ResourceId: childStat.GetInfo().GetId()}) + pathResp, err = client.GetPath(ctx, &provider.GetPathRequest{ResourceId: childStat.GetInfo().GetId()}) if err != nil { return false, err } diff --git a/vendor/github.com/cs3org/reva/v2/internal/grpc/services/publicshareprovider/publicshareprovider.go b/vendor/github.com/cs3org/reva/v2/internal/grpc/services/publicshareprovider/publicshareprovider.go index 3df749f88..a18401b5c 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/grpc/services/publicshareprovider/publicshareprovider.go +++ b/vendor/github.com/cs3org/reva/v2/internal/grpc/services/publicshareprovider/publicshareprovider.go @@ -554,12 +554,24 @@ func (s *service) UpdatePublicShare(ctx context.Context, req *link.UpdatePublicS } updatePassword := req.GetUpdate().GetType() == link.UpdatePublicShareRequest_Update_TYPE_PASSWORD setPassword := grant.GetPassword() + + // we update permissions with an empty password and password is not set on the public share + emptyPasswordInPermissionUpdate := len(setPassword) == 0 && updatePermissions && !ps.PasswordProtected + + // password is updated, we use the current permissions to check if the user can opt out if updatePassword && !isInternalLink && enforcePassword(canOptOut, ps.GetPermissions().GetPermissions(), s.conf) && len(setPassword) == 0 { return &link.UpdatePublicShareResponse{ Status: status.NewInvalidArg(ctx, "password protection is enforced"), }, nil } + // permissions are updated, we use the new permissions to check if the user can opt out + if emptyPasswordInPermissionUpdate && !isInternalLink && enforcePassword(canOptOut, grant.GetPermissions().GetPermissions(), s.conf) && len(setPassword) == 0 { + return &link.UpdatePublicShareResponse{ + Status: status.NewInvalidArg(ctx, "password protection is enforced"), + }, nil + } + // validate password policy if updatePassword && len(setPassword) > 0 { if err := s.passwordValidator.Validate(setPassword); err != nil { diff --git a/vendor/github.com/cs3org/reva/v2/internal/http/services/archiver/manager/archiver.go b/vendor/github.com/cs3org/reva/v2/internal/http/services/archiver/manager/archiver.go index 803606665..ecb3c20bc 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/http/services/archiver/manager/archiver.go +++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/archiver/manager/archiver.go @@ -29,6 +29,7 @@ import ( provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1" "github.com/cs3org/reva/v2/pkg/storage/utils/downloader" "github.com/cs3org/reva/v2/pkg/storage/utils/walker" + "github.com/cs3org/reva/v2/pkg/utils" ) // Config is the config for the Archiver @@ -77,7 +78,7 @@ func (a *Archiver) CreateTar(ctx context.Context, dst io.Writer) (func(), error) } // when archiving a space we can omit the spaceroot - if isSpaceRoot(info) { + if utils.IsSpaceRoot(info) { return nil } @@ -152,7 +153,7 @@ func (a *Archiver) CreateZip(ctx context.Context, dst io.Writer) (func(), error) } // when archiving a space we can omit the spaceroot - if isSpaceRoot(info) { + if utils.IsSpaceRoot(info) { return nil } @@ -205,9 +206,3 @@ func (a *Archiver) CreateZip(ctx context.Context, dst io.Writer) (func(), error) } return closer, nil } - -func isSpaceRoot(info *provider.ResourceInfo) bool { - f := info.GetId() - s := info.GetSpace().GetRoot() - return f.GetOpaqueId() == s.GetOpaqueId() && f.GetSpaceId() == s.GetSpaceId() -} diff --git a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/copy.go b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/copy.go index 166c110f3..bb7b4cd6b 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/copy.go +++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/copy.go @@ -610,7 +610,7 @@ func (s *svc) prepareCopy(ctx context.Context, w http.ResponseWriter, r *http.Re errors.HandleErrorStatus(log, w, srcStatRes.Status) return nil } - if isSpaceRoot(srcStatRes.GetInfo()) { + if utils.IsSpaceRoot(srcStatRes.GetInfo()) { log.Error().Msg("the source is disallowed") w.WriteHeader(http.StatusBadRequest) return nil @@ -632,7 +632,7 @@ func (s *svc) prepareCopy(ctx context.Context, w http.ResponseWriter, r *http.Re if dstStatRes.Status.Code == rpc.Code_CODE_OK { successCode = http.StatusNoContent // 204 if target already existed, see https://tools.ietf.org/html/rfc4918#section-9.8.5 - if isSpaceRoot(dstStatRes.GetInfo()) { + if utils.IsSpaceRoot(dstStatRes.GetInfo()) { log.Error().Msg("overwriting is not allowed") w.WriteHeader(http.StatusBadRequest) return nil diff --git a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/move.go b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/move.go index 4706d20e9..60516979e 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/move.go +++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/move.go @@ -196,7 +196,7 @@ func (s *svc) handleMove(ctx context.Context, w http.ResponseWriter, r *http.Req errors.HandleErrorStatus(&log, w, srcStatRes.Status) return } - if isSpaceRoot(srcStatRes.GetInfo()) { + if utils.IsSpaceRoot(srcStatRes.GetInfo()) { log.Error().Msg("the source is disallowed") w.WriteHeader(http.StatusBadRequest) return @@ -219,7 +219,7 @@ func (s *svc) handleMove(ctx context.Context, w http.ResponseWriter, r *http.Req if dstStatRes.Status.Code == rpc.Code_CODE_OK { successCode = http.StatusNoContent // 204 if target already existed, see https://tools.ietf.org/html/rfc4918#section-9.9.4 - if isSpaceRoot(dstStatRes.GetInfo()) { + if utils.IsSpaceRoot(dstStatRes.GetInfo()) { log.Error().Msg("overwriting is not allowed") w.WriteHeader(http.StatusBadRequest) return diff --git a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/ocdav.go b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/ocdav.go index 509a6ea63..d3cab17be 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/ocdav.go +++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/ocdav.go @@ -418,9 +418,3 @@ func (s *svc) referenceIsChildOf(ctx context.Context, selector pool.Selectable[g pp := path.Join(parentPathRes.Path, parent.Path) + "/" return strings.HasPrefix(cp, pp), nil } - -func isSpaceRoot(info *provider.ResourceInfo) bool { - f := info.GetId() - s := info.GetSpace().GetRoot() - return f.GetOpaqueId() == s.GetOpaqueId() && f.GetSpaceId() == s.GetSpaceId() -} diff --git a/vendor/github.com/cs3org/reva/v2/pkg/utils/grpc.go b/vendor/github.com/cs3org/reva/v2/pkg/utils/grpc.go index d363d9f2d..075aee212 100644 --- a/vendor/github.com/cs3org/reva/v2/pkg/utils/grpc.go +++ b/vendor/github.com/cs3org/reva/v2/pkg/utils/grpc.go @@ -201,6 +201,13 @@ func IsStatusCodeError(err error, code rpc.Code) bool { return sce.code == code } +// IsSpaceRoot checks if the given resource info is referring to a space root +func IsSpaceRoot(ri *storageprovider.ResourceInfo) bool { + f := ri.GetId() + s := ri.GetSpace().GetRoot() + return f.GetOpaqueId() == s.GetOpaqueId() && f.GetSpaceId() == s.GetSpaceId() +} + func checkStatusCode(reason string, code rpc.Code) error { if code == rpc.Code_CODE_OK { return nil diff --git a/vendor/modules.txt b/vendor/modules.txt index 5e24b61df..e83f4f2cc 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -359,7 +359,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1 github.com/cs3org/go-cs3apis/cs3/types/v1beta1 -# github.com/cs3org/reva/v2 v2.19.4 +# github.com/cs3org/reva/v2 v2.19.5 ## explicit; go 1.21 github.com/cs3org/reva/v2/cmd/revad/internal/grace github.com/cs3org/reva/v2/cmd/revad/runtime From f2c33fcba09081faeddf361402bd5f00da43a40a Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Wed, 17 Apr 2024 13:11:24 +0200 Subject: [PATCH 09/14] docs: add reva changelog --- changelog/unreleased/bump-reva.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 changelog/unreleased/bump-reva.md diff --git a/changelog/unreleased/bump-reva.md b/changelog/unreleased/bump-reva.md new file mode 100644 index 000000000..f18e03f08 --- /dev/null +++ b/changelog/unreleased/bump-reva.md @@ -0,0 +1,8 @@ +Bugfix: Update reva to v2.19.5 + +We updated reva to v2.19.5 + +* Bugfix [cs3org/reva#4626](https://github.com/cs3org/reva/pull/4626): Fix public share update +* Bugfix [cs3org/reva#4634](https://github.com/cs3org/reva/pull/4634): Fix access to files withing a public link targeting a space root + +https://github.com/owncloud/ocis/pull/8873 From 676e6dbcefcd9186b5fca4a6be581cb3af9d8284 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Wed, 17 Apr 2024 11:44:37 +0000 Subject: [PATCH 10/14] Automated changelog update [skip ci] --- CHANGELOG.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 101254319..ac215c405 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,6 @@ # Table of Contents +* [Changelog for unreleased](#changelog-for-unreleased-unreleased) * [Changelog for 5.0.1](#changelog-for-501-2024-04-10) * [Changelog for 5.0.0](#changelog-for-500-2024-03-18) * [Changelog for 4.0.6](#changelog-for-406-2024-02-07) @@ -34,6 +35,35 @@ * [Changelog for 1.1.0](#changelog-for-110-2021-01-22) * [Changelog for 1.0.0](#changelog-for-100-2020-12-17) +# Changelog for [unreleased] (UNRELEASED) + +The following sections list the changes for unreleased. + +[unreleased]: https://github.com/owncloud/ocis/compare/v5.0.1...master + +## Summary + +* Bugfix - Fix creating new WOPI documents on public shares: [#8828](https://github.com/owncloud/ocis/pull/8828) +* Bugfix - Update reva to v2.19.5: [#8873](https://github.com/owncloud/ocis/pull/8873) + +## Details + +* Bugfix - Fix creating new WOPI documents on public shares: [#8828](https://github.com/owncloud/ocis/pull/8828) + + Creating a new Office document in a publicly shared folder is now possible. + + https://github.com/owncloud/ocis/issues/8691 + https://github.com/owncloud/ocis/pull/8828 + +* Bugfix - Update reva to v2.19.5: [#8873](https://github.com/owncloud/ocis/pull/8873) + + We updated reva to v2.19.5 + + * Bugfix [cs3org/reva#4626](https://github.com/cs3org/reva/pull/4626): Fix public share update + * Bugfix [cs3org/reva#4634](https://github.com/cs3org/reva/pull/4634): Fix access to files withing a public link targeting a space root + + https://github.com/owncloud/ocis/pull/8873 + # Changelog for [5.0.1] (2024-04-10) The following sections list the changes for 5.0.1. From 97035575c34a652025f0cfc0f1c863f5259dbc15 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Wed, 17 Apr 2024 13:59:28 +0200 Subject: [PATCH 11/14] docs: prepare changelog --- changelog/{unreleased => 5.0.2_2024-04-17}/bump-reva.md | 0 .../fix-adding-wopi-doc-on-public-share.md | 0 deployments/continuous-deployment-config/ocis_wopi/released.yml | 2 +- 3 files changed, 1 insertion(+), 1 deletion(-) rename changelog/{unreleased => 5.0.2_2024-04-17}/bump-reva.md (100%) rename changelog/{unreleased => 5.0.2_2024-04-17}/fix-adding-wopi-doc-on-public-share.md (100%) diff --git a/changelog/unreleased/bump-reva.md b/changelog/5.0.2_2024-04-17/bump-reva.md similarity index 100% rename from changelog/unreleased/bump-reva.md rename to changelog/5.0.2_2024-04-17/bump-reva.md diff --git a/changelog/unreleased/fix-adding-wopi-doc-on-public-share.md b/changelog/5.0.2_2024-04-17/fix-adding-wopi-doc-on-public-share.md similarity index 100% rename from changelog/unreleased/fix-adding-wopi-doc-on-public-share.md rename to changelog/5.0.2_2024-04-17/fix-adding-wopi-doc-on-public-share.md diff --git a/deployments/continuous-deployment-config/ocis_wopi/released.yml b/deployments/continuous-deployment-config/ocis_wopi/released.yml index 4673fb487..f7bfd9e0c 100644 --- a/deployments/continuous-deployment-config/ocis_wopi/released.yml +++ b/deployments/continuous-deployment-config/ocis_wopi/released.yml @@ -32,7 +32,7 @@ env: INSECURE: "false" TRAEFIK_ACME_MAIL: mbarz@owncloud.com - OCIS_DOCKER_TAG: 5.0.1 + OCIS_DOCKER_TAG: 5.0.2-rc.1 OCIS_DOMAIN: ocis.ocis-wopi.released.owncloud.works COMPANION_DOMAIN: companion.ocis-wopi.released.owncloud.works COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud From b07925a927f3ff9bf792d7889d6f11ef92c97fa1 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Wed, 17 Apr 2024 14:01:03 +0200 Subject: [PATCH 12/14] chore: bump version --- ocis-pkg/version/version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ocis-pkg/version/version.go b/ocis-pkg/version/version.go index f2edadb80..43c7413e7 100644 --- a/ocis-pkg/version/version.go +++ b/ocis-pkg/version/version.go @@ -16,7 +16,7 @@ var ( // LatestTag is the latest released version plus the dev meta version. // Will be overwritten by the release pipeline // Needs a manual change for every tagged release - LatestTag = "5.0.1+dev" + LatestTag = "5.0.2+dev" // Date indicates the build date. // This has been removed, it looks like you can only replace static strings with recent go versions From 5d41175b12cdd20a8142624d207b6aadc9190360 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Wed, 17 Apr 2024 17:21:01 +0000 Subject: [PATCH 13/14] Automated changelog update [skip ci] --- CHANGELOG.md | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ac215c405..a1869cee2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Table of Contents -* [Changelog for unreleased](#changelog-for-unreleased-unreleased) +* [Changelog for 5.0.2](#changelog-for-502-2024-04-17) * [Changelog for 5.0.1](#changelog-for-501-2024-04-10) * [Changelog for 5.0.0](#changelog-for-500-2024-03-18) * [Changelog for 4.0.6](#changelog-for-406-2024-02-07) @@ -13,8 +13,8 @@ * [Changelog for 3.0.0](#changelog-for-300-2023-06-06) * [Changelog for 2.0.0](#changelog-for-200-2022-11-30) * [Changelog for 1.20.0](#changelog-for-1200-2022-04-13) -* [Changelog for 1.19.1](#changelog-for-1191-2022-03-29) * [Changelog for 1.19.0](#changelog-for-1190-2022-03-29) +* [Changelog for 1.19.1](#changelog-for-1191-2022-03-29) * [Changelog for 1.18.0](#changelog-for-1180-2022-03-03) * [Changelog for 1.17.0](#changelog-for-1170-2022-02-16) * [Changelog for 1.16.0](#changelog-for-1160-2021-12-10) @@ -35,11 +35,11 @@ * [Changelog for 1.1.0](#changelog-for-110-2021-01-22) * [Changelog for 1.0.0](#changelog-for-100-2020-12-17) -# Changelog for [unreleased] (UNRELEASED) +# Changelog for [5.0.2] (2024-04-17) -The following sections list the changes for unreleased. +The following sections list the changes for 5.0.2. -[unreleased]: https://github.com/owncloud/ocis/compare/v5.0.1...master +[5.0.2]: https://github.com/owncloud/ocis/compare/v5.0.1...v5.0.2 ## Summary @@ -7330,7 +7330,7 @@ The following sections list the changes for 2.0.0. The following sections list the changes for 1.20.0. -[1.20.0]: https://github.com/owncloud/ocis/compare/v1.19.1...v1.20.0 +[1.20.0]: https://github.com/owncloud/ocis/compare/v1.19.0...v1.20.0 ## Summary @@ -7504,29 +7504,11 @@ The following sections list the changes for 1.20.0. https://github.com/owncloud/ocis/pull/3509 https://github.com/owncloud/web/releases/tag/v5.4.0 -# Changelog for [1.19.1] (2022-03-29) - -The following sections list the changes for 1.19.1. - -[1.19.1]: https://github.com/owncloud/ocis/compare/v1.19.0...v1.19.1 - -## Summary - -* Bugfix - Return correct special item urls: [#3419](https://github.com/owncloud/ocis/pull/3419) - -## Details - -* Bugfix - Return correct special item urls: [#3419](https://github.com/owncloud/ocis/pull/3419) - - URLs for Special items (space image, readme) were broken. - - https://github.com/owncloud/ocis/pull/3419 - # Changelog for [1.19.0] (2022-03-29) The following sections list the changes for 1.19.0. -[1.19.0]: https://github.com/owncloud/ocis/compare/v1.18.0...v1.19.0 +[1.19.0]: https://github.com/owncloud/ocis/compare/v1.19.1...v1.19.0 ## Summary @@ -7700,6 +7682,24 @@ The following sections list the changes for 1.19.0. https://github.com/owncloud/ocis/pull/3375 https://github.com/owncloud/web/releases/tag/v5.3.0 +# Changelog for [1.19.1] (2022-03-29) + +The following sections list the changes for 1.19.1. + +[1.19.1]: https://github.com/owncloud/ocis/compare/v1.18.0...v1.19.1 + +## Summary + +* Bugfix - Return correct special item urls: [#3419](https://github.com/owncloud/ocis/pull/3419) + +## Details + +* Bugfix - Return correct special item urls: [#3419](https://github.com/owncloud/ocis/pull/3419) + + URLs for Special items (space image, readme) were broken. + + https://github.com/owncloud/ocis/pull/3419 + # Changelog for [1.18.0] (2022-03-03) The following sections list the changes for 1.18.0. From 945414d46344bf9fac7157c1524f14643cba06ab Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Wed, 17 Apr 2024 19:24:07 +0200 Subject: [PATCH 14/14] chore: update released deployments --- .../continuous-deployment-config/ocis_keycloak/released.yml | 2 +- deployments/continuous-deployment-config/ocis_ldap/released.yml | 2 +- .../continuous-deployment-config/ocis_traefik/released.yml | 2 +- deployments/continuous-deployment-config/ocis_wopi/released.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deployments/continuous-deployment-config/ocis_keycloak/released.yml b/deployments/continuous-deployment-config/ocis_keycloak/released.yml index 681878121..159518eb9 100644 --- a/deployments/continuous-deployment-config/ocis_keycloak/released.yml +++ b/deployments/continuous-deployment-config/ocis_keycloak/released.yml @@ -32,7 +32,7 @@ env: INSECURE: "false" TRAEFIK_ACME_MAIL: mbarz@owncloud.com - OCIS_DOCKER_TAG: 5.0.1 + OCIS_DOCKER_TAG: 5.0.2 OCIS_DOMAIN: ocis.ocis-keycloak.released.owncloud.works KEYCLOAK_DOMAIN: keycloak.ocis-keycloak.released.owncloud.works COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml diff --git a/deployments/continuous-deployment-config/ocis_ldap/released.yml b/deployments/continuous-deployment-config/ocis_ldap/released.yml index 1936bf758..fae0f76d4 100644 --- a/deployments/continuous-deployment-config/ocis_ldap/released.yml +++ b/deployments/continuous-deployment-config/ocis_ldap/released.yml @@ -32,7 +32,7 @@ env: INSECURE: "false" TRAEFIK_ACME_MAIL: mbarz@owncloud.com - OCIS_DOCKER_TAG: 5.0.1 + OCIS_DOCKER_TAG: 5.0.2 OCIS_DOMAIN: ocis.ocis-ldap.released.owncloud.works LDAP_MANAGER_DOMAIN: ldap.ocis-ldap.released.owncloud.works COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml diff --git a/deployments/continuous-deployment-config/ocis_traefik/released.yml b/deployments/continuous-deployment-config/ocis_traefik/released.yml index 1345b85f1..67d79a944 100644 --- a/deployments/continuous-deployment-config/ocis_traefik/released.yml +++ b/deployments/continuous-deployment-config/ocis_traefik/released.yml @@ -32,7 +32,7 @@ env: INSECURE: "false" TRAEFIK_ACME_MAIL: mbarz@owncloud.com - OCIS_DOCKER_TAG: 5.0.1 + OCIS_DOCKER_TAG: 5.0.2 OCIS_DOMAIN: ocis.ocis-traefik.released.owncloud.works DEMO_USERS: "true" INBUCKET_DOMAIN: mail.ocis-traefik.released.owncloud.works diff --git a/deployments/continuous-deployment-config/ocis_wopi/released.yml b/deployments/continuous-deployment-config/ocis_wopi/released.yml index f7bfd9e0c..ccb00d027 100644 --- a/deployments/continuous-deployment-config/ocis_wopi/released.yml +++ b/deployments/continuous-deployment-config/ocis_wopi/released.yml @@ -32,7 +32,7 @@ env: INSECURE: "false" TRAEFIK_ACME_MAIL: mbarz@owncloud.com - OCIS_DOCKER_TAG: 5.0.2-rc.1 + OCIS_DOCKER_TAG: 5.0.2 OCIS_DOMAIN: ocis.ocis-wopi.released.owncloud.works COMPANION_DOMAIN: companion.ocis-wopi.released.owncloud.works COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud