Fix "delete-all-home-spaces" permission check

We were using the wrong permission name and the permission check was implemented in a way, that the deleting user needed to have the "delete-all-home-spaces" permission AND manager access to the space.
cs3org · Sep 7, 2022 · 4bd4228 · 4bd4228
1 parent 53b778d
commit 4bd4228
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 9 deletions.
diff --git a/changelog/unreleased/check-home-space-delte-permission.md b/changelog/unreleased/check-home-space-delte-permission.md
@@ -3,4 +3,5 @@ Enhancement: Add canDeleteAllHomeSpaces permission
 We added a permission to the admin role in ocis that allows deleting homespaces on user delete.
 
 https://github.com/cs3org/reva/pull/3180
-https://github.com/owncloud/ocis/pull/4447/files
+https://github.com/cs3org/reva/pull/3202
+https://github.com/owncloud/ocis/pull/4447/files
diff --git a/pkg/storage/utils/decomposedfs/spaces.go b/pkg/storage/utils/decomposedfs/spaces.go
@@ -199,7 +199,7 @@ func (fs *Decomposedfs) canListAllSpaces(ctx context.Context) bool {
 func (fs *Decomposedfs) canDeleteAllHomeSpaces(ctx context.Context) bool {
  user := ctxpkg.ContextMustGetUser(ctx)
  checkRes, err := fs.permissionsClient.CheckPermission(ctx, &cs3permissions.CheckPermissionRequest{
- Permission: "can-delete-all-home-spaces",
+ Permission: "delete-all-home-spaces",
  SubjectRef: &cs3permissions.SubjectReference{
  Spec: &cs3permissions.SubjectReference_UserId{
  UserId: user.Id,
@@ -635,13 +635,16 @@ func (fs *Decomposedfs) DeleteStorageSpace(ctx context.Context, req *provider.De
  return errtypes.InternalError(fmt.Sprintf("space %s does not have a spacetype, possible corrupt decompsedfs", n.ID))
  }
 
- if st == "personal" && !fs.canDeleteAllHomeSpaces(ctx) {
- return errtypes.PermissionDenied(fmt.Sprintf("user is not allowed to delete home space %s", n.ID))
- }
-
- // only managers are allowed to disable or purge a drive
- if err := fs.checkManagerPermission(ctx, n); err != nil {
- return errtypes.PermissionDenied(fmt.Sprintf("user is not allowed to delete spaces %s", n.ID))
+ switch {
+ case st == "personal":
+ if !fs.canDeleteAllHomeSpaces(ctx) {
+ return errtypes.PermissionDenied(fmt.Sprintf("user is not allowed to delete home space %s", n.ID))
+ }
+ default:
+ // only managers are allowed to disable or purge a drive
+ if err := fs.checkManagerPermission(ctx, n); err != nil {
+ return errtypes.PermissionDenied(fmt.Sprintf("user is not allowed to delete spaces %s", n.ID))
+ }
  }
 
  if purge {