mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-02-18 11:28:48 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9973 from owncloud/description_for_Unified_Roles_Management

Browse Source 
[docs-only] Description + CLI for Unified Roles Management
This commit is contained in:
Florian Schade
2024-09-03 12:15:41 +02:00
committed by GitHub
parent 52ac89a2ca 79aac868cf
commit e44eac24c1
3 changed files with 97 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
ocis/README.md
View File

@@ -100,3 +100,38 @@ This command provides additional options:
* `--dry-run` (default: `true`)\
Do not remove any empty folders but print the empty folders that would be removed.
### List Unified Roles
This command simplifies the process of finding out which UID belongs to which role. The command is:
```bash
ocis graph list-unified-roles
```
The output of this command includes the following information for each role:
* `uid`\
The unique identifier of the role.
* `Description`\
A short description of the role.
* `Enabled`\
Whether the role is enabled or not.
* `Condition`
* `Allowed Resource Action`
**Example output (shortned)**
```bash
+--------------------------------------+----------+--------------------------------+--------------------------------+------------------------------------------+
| UID | ENABLED | DESCRIPTION | CONDITION | ALLOWED RESOURCE ACTIONS |
+--------------------------------------+----------+--------------------------------+--------------------------------+------------------------------------------+
| a8d5fe5e-96e3-418d-825b-534dbdf22b99 | enabled | View and download. | exists @Resource.Root | libre.graph/driveItem/path/read |
| | | | | libre.graph/driveItem/quota/read |
| | | | | libre.graph/driveItem/content/read |
| | | | | libre.graph/driveItem/permissions/read |
| | | | | libre.graph/driveItem/children/read |
| | | | | libre.graph/driveItem/deleted/read |
| | | | | libre.graph/driveItem/basic/read |
+--------------------------------------+----------+--------------------------------+--------------------------------+------------------------------------------+
```

61
services/graph/README.md
View File

@@ -89,3 +89,64 @@ which is the source of the texts provided by the code.
## Default Language
The default language can be defined via the `OCIS_DEFAULT_LANGUAGE` environment variable. See the `settings` service for a detailed description.
## Unified Role Management
Unified Roles are roles granted a user for sharing and can be enabled or disabled. A CLI command is provided to list existing roles and their state among other data.
{{< hint info >}}
Note that a disabled role does not lose previously assigned permissions. It only means that the role is not available for new assignments.
{{< /hint >}}
The following roles are **enabled** by default:
- `UnifiedRoleViewerID`
- `UnifiedRoleSpaceViewer`
- `UnifiedRoleEditor`
- `UnifiedRoleSpaceEditor`
- `UnifiedRoleFileEditor`
- `UnifiedRoleEditorLite`
- `UnifiedRoleManager`
The following role is **disabled** by default:
- `UnifiedRoleSecureViewer`
To enable disabled roles like the `UnifiedRoleSecureViewer`, you must provide the UID(s) by one of the following methods:
- Using the `GRAPH_AVAILABLE_ROLES` environment variable.
- Setting the `available_roles` configuration value.
The following CLI command simplifies the process of finding out which UID belongs to which role:
```bash
ocis graph list-unified-roles
```
The output of this command includes the following information for each role:
* `UID`\
The unique identifier of the role.
* `Enabled`\
Whether the role is enabled or not.
* `Description`\
A short description of the role.
* `Condition`
* `Allowed resource actions`
**Example output (shortned)**
```bash
+--------------------------------------+----------+--------------------------------+--------------------------------+------------------------------------------+
| UID | ENABLED | DESCRIPTION | CONDITION | ALLOWED RESOURCE ACTIONS |
+--------------------------------------+----------+--------------------------------+--------------------------------+------------------------------------------+
| a8d5fe5e-96e3-418d-825b-534dbdf22b99 | enabled | View and download. | exists @Resource.Root | libre.graph/driveItem/path/read |
| | | | | libre.graph/driveItem/quota/read |
| | | | | libre.graph/driveItem/content/read |
| | | | | libre.graph/driveItem/permissions/read |
| | | | | libre.graph/driveItem/children/read |
| | | | | libre.graph/driveItem/deleted/read |
| | | | | libre.graph/driveItem/basic/read |
+--------------------------------------+----------+--------------------------------+--------------------------------+------------------------------------------+
```

2
services/graph/pkg/config/unified_roles.go
View File

@@ -2,5 +2,5 @@ package config
// UnifiedRoles contains all settings related to unified roles.
type UnifiedRoles struct {
AvailableRoles []string `yaml:"available_roles" env:"GRAPH_AVAILABLE_ROLES" desc:"A list of roles that are available for assignment." introductionVersion:"%%NEXT%%"`
AvailableRoles []string `yaml:"available_roles" env:"GRAPH_AVAILABLE_ROLES" desc:"A comma separated list of roles that are available for assignment." introductionVersion:"%%NEXT%%"`
}