From ec8a2601193d36c84d49aed1832e40e0daf674b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Duffeck?= Date: Fri, 7 Jul 2023 12:48:00 +0200 Subject: [PATCH] Handle shares received from project spaces. Unfortunately searching these kinds of shares can't be fully fixed until the service accounts have been implemented. --- services/search/pkg/search/service.go | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/services/search/pkg/search/service.go b/services/search/pkg/search/service.go index 2c7f4ce84..f7ae9ca5d 100644 --- a/services/search/pkg/search/service.go +++ b/services/search/pkg/search/service.go @@ -246,9 +246,18 @@ func (s *Service) searchIndex(ctx context.Context, req *searchsvc.SearchRequest, return nil, err } - ownerCtx, err := getAuthContext(&user.User{Id: space.Owner.Id}, s.gatewaySelector, s.secret, s.logger) - if err != nil { - return nil, err + var ownerCtx context.Context + if space.Owner.Id.Type == user.UserType_USER_TYPE_SPACE_OWNER { + // We can't impersonate SPACE_OWNER users and have to fall back to using the user auth instead, + // which will not resolve the absolute path of the share in the space but only the part the user + // is allowed to see. + // In the future this problem can be solved using service accounts. + ownerCtx = ctx + } else { + ownerCtx, err = getAuthContext(&user.User{Id: space.Owner.Id}, s.gatewaySelector, s.secret, s.logger) + if err != nil { + return nil, err + } } gpRes, err := gatewayClient.GetPath(ownerCtx, &provider.GetPathRequest{