From d46fe477d2b8cddcb7282acc0fd079a83a92fe65 Mon Sep 17 00:00:00 2001 From: Florian Schade Date: Wed, 18 May 2022 16:27:55 +0200 Subject: [PATCH 1/2] consider roles when updating a share --- .../ocs-share-update-consider-role.md | 6 ++++ .../handlers/apps/sharing/shares/shares.go | 34 ++++++++++++------- 2 files changed, 28 insertions(+), 12 deletions(-) create mode 100644 changelog/unreleased/ocs-share-update-consider-role.md diff --git a/changelog/unreleased/ocs-share-update-consider-role.md b/changelog/unreleased/ocs-share-update-consider-role.md new file mode 100644 index 0000000000..5d93d90fb7 --- /dev/null +++ b/changelog/unreleased/ocs-share-update-consider-role.md @@ -0,0 +1,6 @@ +Bugfix: Fix role consideration when updating a share + +Previously when updating a share the endpoint only considered the permissions, now this also respects a given role. + +https://github.com/cs3org/reva/pull/2883 + diff --git a/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go b/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go index aee0119793..04f8642292 100644 --- a/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go +++ b/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go @@ -581,26 +581,36 @@ func (h *Handler) UpdateShare(w http.ResponseWriter, r *http.Request) { func (h *Handler) updateShare(w http.ResponseWriter, r *http.Request, shareID string) { ctx := r.Context() - pval := r.FormValue("permissions") - if pval == "" { - response.WriteOCSError(w, r, response.MetaBadRequest.StatusCode, "permissions missing", nil) + client, err := pool.GetGatewayServiceClient(h.gatewayAddr) + if err != nil { + response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error getting grpc gateway client", err) return } - pint, err := strconv.Atoi(pval) + shareR, err := client.GetShare(r.Context(), &collaboration.GetShareRequest{ + Ref: &collaboration.ShareReference{ + Spec: &collaboration.ShareReference_Id{ + Id: &collaboration.ShareId{ + OpaqueId: shareID, + }, + }, + }, + }) + if err != nil { - response.WriteOCSError(w, r, response.MetaBadRequest.StatusCode, "permissions must be an integer", nil) + response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error sending a grpc update share request", err) return } - permissions, err := conversions.NewPermissions(pint) - if err != nil { - response.WriteOCSError(w, r, response.MetaBadRequest.StatusCode, err.Error(), nil) + + info, status, err := h.getResourceInfoByID(ctx, client, shareR.Share.ResourceId) + if err != nil || status.Code != rpc.Code_CODE_OK { + response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error mapping share data", err) return } - client, err := pool.GetGatewayServiceClient(h.gatewayAddr) - if err != nil { - response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error getting grpc gateway client", err) + role, _, ocsErr := h.extractPermissions(w, r, info, conversions.NewManagerRole()) + if ocsErr != nil { + response.WriteOCSError(w, r, ocsErr.Code, ocsErr.Message, ocsErr.Error) return } @@ -616,7 +626,7 @@ func (h *Handler) updateShare(w http.ResponseWriter, r *http.Request, shareID st Field: &collaboration.UpdateShareRequest_UpdateField_Permissions{ Permissions: &collaboration.SharePermissions{ // this completely overwrites the permissions for this user - Permissions: conversions.RoleFromOCSPermissions(permissions).CS3ResourcePermissions(), + Permissions: role.CS3ResourcePermissions(), }, }, }, From 14e300aaa0ab521fde23455ede5fca4d345b2224 Mon Sep 17 00:00:00 2001 From: Florian Schade Date: Thu, 19 May 2022 13:04:23 +0200 Subject: [PATCH 2/2] cleanup expected failures --- .../ocs-share-update-consider-role.md | 1 - .../expected-failures-on-OCIS-storage.md | 16 ---------------- .../expected-failures-on-S3NG-storage.md | 18 ------------------ 3 files changed, 35 deletions(-) diff --git a/changelog/unreleased/ocs-share-update-consider-role.md b/changelog/unreleased/ocs-share-update-consider-role.md index 5d93d90fb7..8fe13dede3 100644 --- a/changelog/unreleased/ocs-share-update-consider-role.md +++ b/changelog/unreleased/ocs-share-update-consider-role.md @@ -3,4 +3,3 @@ Bugfix: Fix role consideration when updating a share Previously when updating a share the endpoint only considered the permissions, now this also respects a given role. https://github.com/cs3org/reva/pull/2883 - diff --git a/tests/acceptance/expected-failures-on-OCIS-storage.md b/tests/acceptance/expected-failures-on-OCIS-storage.md index 47b259a158..0b5f14261b 100644 --- a/tests/acceptance/expected-failures-on-OCIS-storage.md +++ b/tests/acceptance/expected-failures-on-OCIS-storage.md @@ -535,12 +535,8 @@ _requires a [CS3 user provisioning api that can update the quota for a user](htt #### [share permissions are not enforced](https://github.com/owncloud/product/issues/270) - [apiShareManagementToShares/mergeShare.feature:124](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareManagementToShares/mergeShare.feature#L124) -- [apiShareReshareToShares3/reShareUpdate.feature:61](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareReshareToShares3/reShareUpdate.feature#L61) -- [apiShareReshareToShares3/reShareUpdate.feature:62](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareReshareToShares3/reShareUpdate.feature#L62) #### [path property in pending shares gives only filename](https://github.com/owncloud/ocis/issues/2156) -- [apiShareReshareToShares2/reShareSubfolder.feature:178](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareReshareToShares2/reShareSubfolder.feature#L178) -- [apiShareReshareToShares2/reShareSubfolder.feature:179](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareReshareToShares2/reShareSubfolder.feature#L179) - [apiShareManagementBasicToShares/createShareToSharesFolder.feature:727](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareManagementBasicToShares/createShareToSharesFolder.feature#L727) - [apiShareManagementBasicToShares/createShareToSharesFolder.feature:728](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareManagementBasicToShares/createShareToSharesFolder.feature#L728) - [apiShareManagementBasicToShares/createShareToSharesFolder.feature:746](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareManagementBasicToShares/createShareToSharesFolder.feature#L746) @@ -816,18 +812,6 @@ _ocs: api compatibility, return correct status code_ - [apiShareCreateSpecialToShares1/createShareUniqueReceivedNames.feature:15](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareCreateSpecialToShares1/createShareUniqueReceivedNames.feature#L15) - [apiShareCreateSpecialToShares2/createShareWithDisabledUser.feature:20](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareCreateSpecialToShares2/createShareWithDisabledUser.feature#L20) - [apiShareCreateSpecialToShares2/createShareWithDisabledUser.feature:23](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareCreateSpecialToShares2/createShareWithDisabledUser.feature#L23) -- [apiShareUpdateToShares/updateShare.feature:131](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L131) -- [apiShareUpdateToShares/updateShare.feature:132](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L132) -- [apiShareUpdateToShares/updateShare.feature:133](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L133) -- [apiShareUpdateToShares/updateShare.feature:134](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L134) -- [apiShareUpdateToShares/updateShare.feature:135](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L135) -- [apiShareUpdateToShares/updateShare.feature:136](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L136) -- [apiShareUpdateToShares/updateShare.feature:155](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L155) -- [apiShareUpdateToShares/updateShare.feature:156](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L156) -- [apiShareUpdateToShares/updateShare.feature:157](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L157) -- [apiShareUpdateToShares/updateShare.feature:158](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L158) -- [apiShareUpdateToShares/updateShare.feature:159](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L159) -- [apiShareUpdateToShares/updateShare.feature:160](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L160) #### [Group shares support ](https://github.com/owncloud/ocis/issues/1289) - [apiShareOperationsToShares1/gettingShares.feature:188](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareOperationsToShares1/gettingShares.feature#L188) diff --git a/tests/acceptance/expected-failures-on-S3NG-storage.md b/tests/acceptance/expected-failures-on-S3NG-storage.md index 1ff47b7c38..191efaf45d 100644 --- a/tests/acceptance/expected-failures-on-S3NG-storage.md +++ b/tests/acceptance/expected-failures-on-S3NG-storage.md @@ -553,12 +553,6 @@ _requires a [CS3 user provisioning api that can update the quota for a user](htt #### [share permissions are not enforced](https://github.com/owncloud/product/issues/270) - [apiShareManagementToShares/mergeShare.feature:124](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareManagementToShares/mergeShare.feature#L124) -- [apiShareReshareToShares3/reShareUpdate.feature:61](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareReshareToShares3/reShareUpdate.feature#L61) -- [apiShareReshareToShares3/reShareUpdate.feature:62](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareReshareToShares3/reShareUpdate.feature#L62) - -#### [file_target in share response](https://github.com/owncloud/product/issues/203) -- [apiShareReshareToShares2/reShareSubfolder.feature:178](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareReshareToShares2/reShareSubfolder.feature#L178) -- [apiShareReshareToShares2/reShareSubfolder.feature:179](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareReshareToShares2/reShareSubfolder.feature#L179) #### [deleting a file inside a received shared folder is moved to the trash-bin of the sharer not the receiver](https://github.com/owncloud/ocis/issues/1124) - [apiTrashbin/trashbinSharingToShares.feature:29](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiTrashbin/trashbinSharingToShares.feature#L29) @@ -827,18 +821,6 @@ _ocs: api compatibility, return correct status code_ - [apiShareCreateSpecialToShares1/createShareUniqueReceivedNames.feature:15](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareCreateSpecialToShares1/createShareUniqueReceivedNames.feature#L15) - [apiShareCreateSpecialToShares2/createShareWithDisabledUser.feature:20](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareCreateSpecialToShares2/createShareWithDisabledUser.feature#L20) - [apiShareCreateSpecialToShares2/createShareWithDisabledUser.feature:23](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareCreateSpecialToShares2/createShareWithDisabledUser.feature#L23) -- [apiShareUpdateToShares/updateShare.feature:131](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L131) -- [apiShareUpdateToShares/updateShare.feature:132](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L132) -- [apiShareUpdateToShares/updateShare.feature:133](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L133) -- [apiShareUpdateToShares/updateShare.feature:134](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L134) -- [apiShareUpdateToShares/updateShare.feature:135](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L135) -- [apiShareUpdateToShares/updateShare.feature:136](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L136) -- [apiShareUpdateToShares/updateShare.feature:155](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L155) -- [apiShareUpdateToShares/updateShare.feature:156](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L156) -- [apiShareUpdateToShares/updateShare.feature:157](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L157) -- [apiShareUpdateToShares/updateShare.feature:158](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L158) -- [apiShareUpdateToShares/updateShare.feature:159](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L159) -- [apiShareUpdateToShares/updateShare.feature:160](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareUpdateToShares/updateShare.feature#L160) #### [Group shares support ](https://github.com/owncloud/ocis/issues/1289) - [apiShareOperationsToShares1/gettingShares.feature:188](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiShareOperationsToShares1/gettingShares.feature#L188)