non personal spaces need virtual owner

cs3org · Jul 27, 2022 · 3e79826 · 3e79826
1 parent c11d954
commit 3e79826
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 29 deletions.
diff --git a/changelog/unreleased/space-owner.md b/changelog/unreleased/space-owner.md
@@ -0,0 +1,5 @@
+Bugfix: Project spaces need no real owner
+
+Make it possible to use a non existing user as a space owner.
+
+https://github.com/cs3org/reva/pull/3091
diff --git a/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go b/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go
@@ -1119,30 +1119,33 @@ func (h *Handler) addFileInfo(ctx context.Context, s *conversions.ShareData, inf
  // TODO log error?
  s.Path = gpRes.Path
  }
-
- // cut off configured home namespace, paths in ocs shares are relative to it
- identifier := h.mustGetIdentifiers(ctx, client, info.GetOwner().GetOpaqueId(), false)
- u := &userpb.User{
- Id: info.Owner,
- Username: identifier.Username,
- DisplayName: identifier.DisplayName,
- Mail: identifier.Mail,
+ // on spaces, we could have no owner set
+ if info.Owner != nil {
+ // cut off configured home namespace, paths in ocs shares are relative to it
+ identifier := h.mustGetIdentifiers(ctx, client, info.GetOwner().GetOpaqueId(), false)
+ u := &userpb.User{
+ Id: info.Owner,
+ Username: identifier.Username,
+ DisplayName: identifier.DisplayName,
+ Mail: identifier.Mail,
+ }
+ s.Path = strings.TrimPrefix(s.Path, h.getHomeNamespace(u))
  }
- s.Path = strings.TrimPrefix(s.Path, h.getHomeNamespace(u))
  }
  }
  s.StorageID = storageIDPrefix + s.FileTarget
  // TODO FileParent:
  // item type
  s.ItemType = conversions.ResourceType(info.GetType()).String()
 
+ owner := info.GetOwner()
  // file owner might not yet be set. Use file info
- if s.UIDFileOwner == "" {
- s.UIDFileOwner = info.GetOwner().GetOpaqueId()
+ if s.UIDFileOwner == "" && owner != nil {
+ s.UIDFileOwner = owner.GetOpaqueId()
  }
  // share owner might not yet be set. Use file info
- if s.UIDOwner == "" {
- s.UIDOwner = info.GetOwner().GetOpaqueId()
+ if s.UIDOwner == "" && owner != nil {
+ s.UIDOwner = owner.GetOpaqueId()
  }
  }
  return nil
@@ -1236,8 +1239,8 @@ func (h *Handler) mapUserIds(ctx context.Context, client gateway.GatewayAPIClien
  if s.DisplaynameOwner == "" {
  s.DisplaynameOwner = owner.DisplayName
  }
- if s.AdditionalInfoFileOwner == "" {
- s.AdditionalInfoFileOwner = h.getAdditionalInfoAttribute(ctx, owner)
+ if s.AdditionalInfoOwner == "" {
+ s.AdditionalInfoOwner = h.getAdditionalInfoAttribute(ctx, owner)
  }
  }
 
@@ -1247,8 +1250,8 @@ func (h *Handler) mapUserIds(ctx context.Context, client gateway.GatewayAPIClien
  if s.DisplaynameFileOwner == "" {
  s.DisplaynameFileOwner = fileOwner.DisplayName
  }
- if s.AdditionalInfoOwner == "" {
- s.AdditionalInfoOwner = h.getAdditionalInfoAttribute(ctx, fileOwner)
+ if s.AdditionalInfoFileOwner == "" {
+ s.AdditionalInfoFileOwner = h.getAdditionalInfoAttribute(ctx, fileOwner)
  }
  }
 

diff --git a/pkg/auth/manager/publicshares/publicshares.go b/pkg/auth/manager/publicshares/publicshares.go
@@ -127,11 +127,17 @@ func (m *manager) Authenticate(ctx context.Context, token, secret string) (*user
  return nil, nil, errtypes.InternalError(publicShareResponse.Status.Message)
  }
 
- getUserResponse, err := gwConn.GetUser(ctx, &userprovider.GetUserRequest{
- UserId: publicShareResponse.GetShare().GetCreator(),
- })
- if err != nil {
- return nil, nil, err
+ var owner *user.User
+ if publicShareResponse.GetShare().GetOwner().Type == 0 {
+ owner = &user.User{Id: publicShareResponse.GetShare().GetOwner(), DisplayName: "Public", Username: "public"}
+ } else {
+ getUserResponse, err := gwConn.GetUser(ctx, &userprovider.GetUserRequest{
+ UserId: publicShareResponse.GetShare().GetCreator(),
+ })
+ if err != nil {
+ return nil, nil, err
+ }
+ owner = getUserResponse.GetUser()
  }
 
  share := publicShareResponse.GetShare()
@@ -150,8 +156,7 @@ func (m *manager) Authenticate(ctx context.Context, token, secret string) (*user
  return nil, nil, err
  }
 
- u := getUserResponse.GetUser()
- u.Opaque = &types.Opaque{
+ owner.Opaque = &types.Opaque{
  Map: map[string]*types.OpaqueEntry{
  "public-share-role": {
  Decoder: "plain",
@@ -160,7 +165,7 @@ func (m *manager) Authenticate(ctx context.Context, token, secret string) (*user
  },
  }
 
- return u, scope, nil
+ return owner, scope, nil
 }
 
 // ErrPasswordNotProvided is returned when the public share is password protected, but there was no password on the request

diff --git a/pkg/storage/utils/decomposedfs/grants.go b/pkg/storage/utils/decomposedfs/grants.go
@@ -70,7 +70,7 @@ func (fs *Decomposedfs) AddGrant(ctx context.Context, ref *provider.Reference, g
  // When the owner is empty but grants are set then we do want to check the grants.
  // However, if we are trying to edit an existing grant we do not have to check for permission if the user owns the grant
  // TODO: find a better to check this
- if !(len(grants) == 0 && (owner == nil || owner.OpaqueId == "")) {
+ if !(len(grants) == 0 && (owner == nil || owner.OpaqueId == "" || owner.OpaqueId == node.SpaceID)) {
  ok, err := fs.p.HasPermission(ctx, node, func(rp *provider.ResourcePermissions) bool {
  return rp.AddGrant
  })

diff --git a/pkg/storage/utils/decomposedfs/spaces.go b/pkg/storage/utils/decomposedfs/spaces.go
@@ -99,10 +99,14 @@ func (fs *Decomposedfs) CreateStorageSpace(ctx context.Context, req *provider.Cr
  if err := root.WriteAllNodeMetadata(); err != nil {
  return nil, err
  }
+ var owner *userv1beta1.UserId
  if req.GetOwner() != nil && req.GetOwner().GetId() != nil {
- if err := root.WriteOwner(req.GetOwner().GetId()); err != nil {
- return nil, err
- }
+ owner = req.GetOwner().GetId()
+ } else {
+ owner = &userv1beta1.UserId{OpaqueId: spaceID}
+ }
+ if err := root.WriteOwner(owner); err != nil {
+ return nil, err
  }
 
  err = fs.updateIndexes(ctx, req.GetOwner().GetId().GetOpaqueId(), req.Type, root.ID)