From 3e7982684577e83427029d557ce20f5afd85ff45 Mon Sep 17 00:00:00 2001
From: Michael Barz <mbarz@owncloud.com>
Date: Wed, 20 Jul 2022 20:18:12 +0200
Subject: [PATCH] non personal spaces need virtual owner

---
 changelog/unreleased/space-owner.md           |  5 +++
 .../handlers/apps/sharing/shares/shares.go    | 37 ++++++++++---------
 pkg/auth/manager/publicshares/publicshares.go | 21 +++++++----
 pkg/storage/utils/decomposedfs/grants.go      |  2 +-
 pkg/storage/utils/decomposedfs/spaces.go      | 10 +++--
 5 files changed, 46 insertions(+), 29 deletions(-)
 create mode 100644 changelog/unreleased/space-owner.md

diff --git a/changelog/unreleased/space-owner.md b/changelog/unreleased/space-owner.md
new file mode 100644
index 00000000000..153730a7f6a
--- /dev/null
+++ b/changelog/unreleased/space-owner.md
@@ -0,0 +1,5 @@
+Bugfix: Project spaces need no real owner
+
+Make it possible to use a non existing user as a space owner.
+
+https://github.com/cs3org/reva/pull/3091
diff --git a/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go b/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go
index 3c3ecdbdfe5..e1811c50e67 100644
--- a/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go
+++ b/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go
@@ -1119,16 +1119,18 @@ func (h *Handler) addFileInfo(ctx context.Context, s *conversions.ShareData, inf
 					// TODO log error?
 					s.Path = gpRes.Path
 				}
-
-				// cut off configured home namespace, paths in ocs shares are relative to it
-				identifier := h.mustGetIdentifiers(ctx, client, info.GetOwner().GetOpaqueId(), false)
-				u := &userpb.User{
-					Id:          info.Owner,
-					Username:    identifier.Username,
-					DisplayName: identifier.DisplayName,
-					Mail:        identifier.Mail,
+				// on spaces, we could have no owner set
+				if info.Owner != nil {
+					// cut off configured home namespace, paths in ocs shares are relative to it
+					identifier := h.mustGetIdentifiers(ctx, client, info.GetOwner().GetOpaqueId(), false)
+					u := &userpb.User{
+						Id:          info.Owner,
+						Username:    identifier.Username,
+						DisplayName: identifier.DisplayName,
+						Mail:        identifier.Mail,
+					}
+					s.Path = strings.TrimPrefix(s.Path, h.getHomeNamespace(u))
 				}
-				s.Path = strings.TrimPrefix(s.Path, h.getHomeNamespace(u))
 			}
 		}
 		s.StorageID = storageIDPrefix + s.FileTarget
@@ -1136,13 +1138,14 @@ func (h *Handler) addFileInfo(ctx context.Context, s *conversions.ShareData, inf
 		// item type
 		s.ItemType = conversions.ResourceType(info.GetType()).String()
 
+		owner := info.GetOwner()
 		// file owner might not yet be set. Use file info
-		if s.UIDFileOwner == "" {
-			s.UIDFileOwner = info.GetOwner().GetOpaqueId()
+		if s.UIDFileOwner == "" && owner != nil {
+			s.UIDFileOwner = owner.GetOpaqueId()
 		}
 		// share owner might not yet be set. Use file info
-		if s.UIDOwner == "" {
-			s.UIDOwner = info.GetOwner().GetOpaqueId()
+		if s.UIDOwner == "" && owner != nil {
+			s.UIDOwner = owner.GetOpaqueId()
 		}
 	}
 	return nil
@@ -1236,8 +1239,8 @@ func (h *Handler) mapUserIds(ctx context.Context, client gateway.GatewayAPIClien
 		if s.DisplaynameOwner == "" {
 			s.DisplaynameOwner = owner.DisplayName
 		}
-		if s.AdditionalInfoFileOwner == "" {
-			s.AdditionalInfoFileOwner = h.getAdditionalInfoAttribute(ctx, owner)
+		if s.AdditionalInfoOwner == "" {
+			s.AdditionalInfoOwner = h.getAdditionalInfoAttribute(ctx, owner)
 		}
 	}
 
@@ -1247,8 +1250,8 @@ func (h *Handler) mapUserIds(ctx context.Context, client gateway.GatewayAPIClien
 		if s.DisplaynameFileOwner == "" {
 			s.DisplaynameFileOwner = fileOwner.DisplayName
 		}
-		if s.AdditionalInfoOwner == "" {
-			s.AdditionalInfoOwner = h.getAdditionalInfoAttribute(ctx, fileOwner)
+		if s.AdditionalInfoFileOwner == "" {
+			s.AdditionalInfoFileOwner = h.getAdditionalInfoAttribute(ctx, fileOwner)
 		}
 	}
 
diff --git a/pkg/auth/manager/publicshares/publicshares.go b/pkg/auth/manager/publicshares/publicshares.go
index c0997a32e68..6798c6366d9 100644
--- a/pkg/auth/manager/publicshares/publicshares.go
+++ b/pkg/auth/manager/publicshares/publicshares.go
@@ -127,11 +127,17 @@ func (m *manager) Authenticate(ctx context.Context, token, secret string) (*user
 		return nil, nil, errtypes.InternalError(publicShareResponse.Status.Message)
 	}
 
-	getUserResponse, err := gwConn.GetUser(ctx, &userprovider.GetUserRequest{
-		UserId: publicShareResponse.GetShare().GetCreator(),
-	})
-	if err != nil {
-		return nil, nil, err
+	var owner *user.User
+	if publicShareResponse.GetShare().GetOwner().Type == 0 {
+		owner = &user.User{Id: publicShareResponse.GetShare().GetOwner(), DisplayName: "Public", Username: "public"}
+	} else {
+		getUserResponse, err := gwConn.GetUser(ctx, &userprovider.GetUserRequest{
+			UserId: publicShareResponse.GetShare().GetCreator(),
+		})
+		if err != nil {
+			return nil, nil, err
+		}
+		owner = getUserResponse.GetUser()
 	}
 
 	share := publicShareResponse.GetShare()
@@ -150,8 +156,7 @@ func (m *manager) Authenticate(ctx context.Context, token, secret string) (*user
 		return nil, nil, err
 	}
 
-	u := getUserResponse.GetUser()
-	u.Opaque = &types.Opaque{
+	owner.Opaque = &types.Opaque{
 		Map: map[string]*types.OpaqueEntry{
 			"public-share-role": {
 				Decoder: "plain",
@@ -160,7 +165,7 @@ func (m *manager) Authenticate(ctx context.Context, token, secret string) (*user
 		},
 	}
 
-	return u, scope, nil
+	return owner, scope, nil
 }
 
 // ErrPasswordNotProvided is returned when the public share is password protected, but there was no password on the request
diff --git a/pkg/storage/utils/decomposedfs/grants.go b/pkg/storage/utils/decomposedfs/grants.go
index 75dfae92746..998308dd60f 100644
--- a/pkg/storage/utils/decomposedfs/grants.go
+++ b/pkg/storage/utils/decomposedfs/grants.go
@@ -70,7 +70,7 @@ func (fs *Decomposedfs) AddGrant(ctx context.Context, ref *provider.Reference, g
 	// When the owner is empty but grants are set then we do want to check the grants.
 	// However, if we are trying to edit an existing grant we do not have to check for permission if the user owns the grant
 	// TODO: find a better to check this
-	if !(len(grants) == 0 && (owner == nil || owner.OpaqueId == "")) {
+	if !(len(grants) == 0 && (owner == nil || owner.OpaqueId == "" || owner.OpaqueId == node.SpaceID)) {
 		ok, err := fs.p.HasPermission(ctx, node, func(rp *provider.ResourcePermissions) bool {
 			return rp.AddGrant
 		})
diff --git a/pkg/storage/utils/decomposedfs/spaces.go b/pkg/storage/utils/decomposedfs/spaces.go
index 7e93404b90b..8c2eecac126 100644
--- a/pkg/storage/utils/decomposedfs/spaces.go
+++ b/pkg/storage/utils/decomposedfs/spaces.go
@@ -99,10 +99,14 @@ func (fs *Decomposedfs) CreateStorageSpace(ctx context.Context, req *provider.Cr
 	if err := root.WriteAllNodeMetadata(); err != nil {
 		return nil, err
 	}
+	var owner *userv1beta1.UserId
 	if req.GetOwner() != nil && req.GetOwner().GetId() != nil {
-		if err := root.WriteOwner(req.GetOwner().GetId()); err != nil {
-			return nil, err
-		}
+		owner = req.GetOwner().GetId()
+	} else {
+		owner = &userv1beta1.UserId{OpaqueId: spaceID}
+	}
+	if err := root.WriteOwner(owner); err != nil {
+		return nil, err
 	}
 
 	err = fs.updateIndexes(ctx, req.GetOwner().GetId().GetOpaqueId(), req.Type, root.ID)