non personal spaces need virtual owner

changelog/unreleased/space-owner.md

@@ -0,0 +1,5 @@
+Bugfix: Project spaces need no real owner
+
+Make it possible to use a non existing user as a space owner.
+
+https://github.com/cs3org/reva/pull/3091

internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go

@@ -1119,30 +1119,33 @@ func (h *Handler) addFileInfo(ctx context.Context, s *conversions.ShareData, inf
 					// TODO log error?
 					s.Path = gpRes.Path
 				}
-
-				// cut off configured home namespace, paths in ocs shares are relative to it
-				identifier := h.mustGetIdentifiers(ctx, client, info.GetOwner().GetOpaqueId(), false)
-				u := &userpb.User{
-					Id:          info.Owner,
-					Username:    identifier.Username,
-					DisplayName: identifier.DisplayName,
-					Mail:        identifier.Mail,
+				// on spaces, we could have no owner set
+				if info.Owner != nil {
+					// cut off configured home namespace, paths in ocs shares are relative to it
+					identifier := h.mustGetIdentifiers(ctx, client, info.GetOwner().GetOpaqueId(), false)
+					u := &userpb.User{
+						Id:          info.Owner,
+						Username:    identifier.Username,
+						DisplayName: identifier.DisplayName,
+						Mail:        identifier.Mail,
+					}
+					s.Path = strings.TrimPrefix(s.Path, h.getHomeNamespace(u))
 				}
-				s.Path = strings.TrimPrefix(s.Path, h.getHomeNamespace(u))
 			}
 		}
 		s.StorageID = storageIDPrefix + s.FileTarget
 		// TODO FileParent:
 		// item type
 		s.ItemType = conversions.ResourceType(info.GetType()).String()
 
+		owner := info.GetOwner()
 		// file owner might not yet be set. Use file info
-		if s.UIDFileOwner == "" {
-			s.UIDFileOwner = info.GetOwner().GetOpaqueId()
+		if s.UIDFileOwner == "" && owner != nil {
+			s.UIDFileOwner = owner.GetOpaqueId()
 		}
 		// share owner might not yet be set. Use file info
-		if s.UIDOwner == "" {
-			s.UIDOwner = info.GetOwner().GetOpaqueId()
+		if s.UIDOwner == "" && owner != nil {
+			s.UIDOwner = owner.GetOpaqueId()
 		}
 	}
 	return nil
@@ -1236,19 +1239,21 @@ func (h *Handler) mapUserIds(ctx context.Context, client gateway.GatewayAPIClien
 		if s.DisplaynameOwner == "" {
 			s.DisplaynameOwner = owner.DisplayName
 		}
-		if s.AdditionalInfoFileOwner == "" {
-			s.AdditionalInfoFileOwner = h.getAdditionalInfoAttribute(ctx, owner)
+		if s.AdditionalInfoOwner == "" {
+			s.AdditionalInfoOwner = h.getAdditionalInfoAttribute(ctx, owner)
 		}
 	}
 
 	if s.UIDFileOwner != "" {
 		fileOwner := h.mustGetIdentifiers(ctx, client, s.UIDFileOwner, false)
-		s.UIDFileOwner = fileOwner.Username
+		if fileOwner.Username != "" {
+			s.UIDFileOwner = fileOwner.Username
+		}
 		if s.DisplaynameFileOwner == "" {
 			s.DisplaynameFileOwner = fileOwner.DisplayName
 		}
-		if s.AdditionalInfoOwner == "" {
-			s.AdditionalInfoOwner = h.getAdditionalInfoAttribute(ctx, fileOwner)
+		if s.AdditionalInfoFileOwner == "" {
+			s.AdditionalInfoFileOwner = h.getAdditionalInfoAttribute(ctx, fileOwner)
 		}
 	}
 

pkg/auth/manager/publicshares/publicshares.go

@@ -127,11 +127,17 @@ func (m *manager) Authenticate(ctx context.Context, token, secret string) (*user
 		return nil, nil, errtypes.InternalError(publicShareResponse.Status.Message)
 	}
 
-	getUserResponse, err := gwConn.GetUser(ctx, &userprovider.GetUserRequest{
-		UserId: publicShareResponse.GetShare().GetCreator(),
-	})
-	if err != nil {
-		return nil, nil, err
+	var owner *user.User
+	if publicShareResponse.GetShare().GetOwner().Type == 0 {
+		owner = &user.User{Id: publicShareResponse.GetShare().GetOwner(), DisplayName: "Public", Username: "public"}
+	} else {
+		getUserResponse, err := gwConn.GetUser(ctx, &userprovider.GetUserRequest{
+			UserId: publicShareResponse.GetShare().GetCreator(),
+		})
+		if err != nil {
+			return nil, nil, err
+		}
+		owner = getUserResponse.GetUser()
 	}
 
 	share := publicShareResponse.GetShare()
@@ -150,8 +156,7 @@ func (m *manager) Authenticate(ctx context.Context, token, secret string) (*user
 		return nil, nil, err
 	}
 
-	u := getUserResponse.GetUser()
-	u.Opaque = &types.Opaque{
+	owner.Opaque = &types.Opaque{
 		Map: map[string]*types.OpaqueEntry{
 			"public-share-role": {
 				Decoder: "plain",
@@ -160,7 +165,7 @@ func (m *manager) Authenticate(ctx context.Context, token, secret string) (*user
 		},
 	}
 
-	return u, scope, nil
+	return owner, scope, nil
 }
 
 // ErrPasswordNotProvided is returned when the public share is password protected, but there was no password on the request

pkg/publicshare/manager/cs3/cs3.go

@@ -347,11 +347,30 @@ func (m *Manager) ListPublicShares(ctx context.Context, u *user.User, filters []
 	}
 
 	log := appctx.GetLogger(ctx)
-
-	createdShareTokens, err := m.indexer.FindBy(&link.PublicShare{},
-		indexer.NewField("Owner", userIDToIndex(u.Id)),
-		indexer.NewField("Creator", userIDToIndex(u.Id)),
-	)
+	var rID *provider.ResourceId
+	if len(filters) != 0 {
+		grouped := publicshare.GroupFiltersByType(filters)
+		for _, f := range grouped {
+			for _, f := range f {
+				if f.GetResourceId() != nil {
+					rID = f.GetResourceId()
+				}
+			}
+		}
+	}
+	var createdShareTokens []string
+	var err error
+	if rID == nil {
+		createdShareTokens, err = m.indexer.FindBy(&link.PublicShare{},
+			indexer.NewField("Owner", userIDToIndex(u.Id)),
+			indexer.NewField("Creator", userIDToIndex(u.Id)),
+		)
+	} else {
+		createdShareTokens, err = m.indexer.FindBy(&link.PublicShare{},
+			// on a space, the owner has the spaceID as a userID
+			indexer.NewField("Owner", userIDToIndex(&user.UserId{OpaqueId: rID.GetSpaceId()})),
+		)
+	}
 	if err != nil {
 		return nil, err
 	}

pkg/publicshare/manager/memory/memory.go

@@ -172,17 +172,13 @@ func (m *manager) ListPublicShares(ctx context.Context, u *user.User, filters []
 	shares := []*link.PublicShare{}
 	m.shares.Range(func(k, v interface{}) bool {
 		s := v.(*link.PublicShare)
-
-		// Skip if the share isn't created by the current user
-		if s.Creator.GetOpaqueId() == u.Id.OpaqueId && (s.Creator.GetIdp() == "" || u.Id.Idp == s.Creator.GetIdp()) {
-			if len(filters) == 0 {
-				shares = append(shares, s)
-			} else {
-				for _, f := range filters {
-					if f.Type == link.ListPublicSharesRequest_Filter_TYPE_RESOURCE_ID {
-						if utils.ResourceIDEqual(s.ResourceId, f.GetResourceId()) {
-							shares = append(shares, s)
-						}
+		if len(filters) == 0 {
+			shares = append(shares, s)
+		} else {
+			for _, f := range filters {
+				if f.Type == link.ListPublicSharesRequest_Filter_TYPE_RESOURCE_ID {
+					if utils.ResourceIDEqual(s.ResourceId, f.GetResourceId()) {
+						shares = append(shares, s)
 					}
 				}
 			}

pkg/storage/utils/decomposedfs/grants.go

@@ -70,7 +70,7 @@ func (fs *Decomposedfs) AddGrant(ctx context.Context, ref *provider.Reference, g
 	// When the owner is empty but grants are set then we do want to check the grants.
 	// However, if we are trying to edit an existing grant we do not have to check for permission if the user owns the grant
 	// TODO: find a better to check this
-	if !(len(grants) == 0 && (owner == nil || owner.OpaqueId == "")) {
+	if !(len(grants) == 0 && (owner == nil || owner.OpaqueId == "" || (owner.OpaqueId == node.SpaceID && owner.Type == 0))) {
 		ok, err := fs.p.HasPermission(ctx, node, func(rp *provider.ResourcePermissions) bool {
 			return rp.AddGrant
 		})

pkg/storage/utils/decomposedfs/spaces.go

@@ -99,10 +99,14 @@ func (fs *Decomposedfs) CreateStorageSpace(ctx context.Context, req *provider.Cr
 	if err := root.WriteAllNodeMetadata(); err != nil {
 		return nil, err
 	}
+	var owner *userv1beta1.UserId
 	if req.GetOwner() != nil && req.GetOwner().GetId() != nil {
-		if err := root.WriteOwner(req.GetOwner().GetId()); err != nil {
-			return nil, err
-		}
+		owner = req.GetOwner().GetId()
+	} else {
+		owner = &userv1beta1.UserId{OpaqueId: spaceID}
+	}
+	if err := root.WriteOwner(owner); err != nil {
+		return nil, err
 	}
 
 	err = fs.updateIndexes(ctx, req.GetOwner().GetId().GetOpaqueId(), req.Type, root.ID)