Skip to content

Commit

Permalink
bugfix: Role "file-editor" does not have resharing permissions
Browse files Browse the repository at this point in the history
Similar to the generich "editor" role the "file-editor" should have resharing
permissions.

When creating an "editor" file share using `ocs`. `ocs` already adds the `AddGrant`
permission. This commit just about fixing the mapping of resource permission back to
the corresponding role.
  • Loading branch information
rhafer committed Nov 14, 2023
1 parent a86cf70 commit 8cc3b38
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 4 deletions.
6 changes: 6 additions & 0 deletions changelog/unreleased/fix-editor-role-resharing.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
Bugfix: Fix definition of "file-editor" role

The "file-editor" role was missing the AddGrant resource permission, which
caused a broken mapping from ResourcePermissions to roles in certain cases.

https://github.com/cs3org/reva/pull/4336
2 changes: 1 addition & 1 deletion pkg/cbox/utils/conversions.go
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ func IntTosharePerm(p int, itemType string) *provider.ResourcePermissions {
if itemType == "folder" {
return conversions.NewEditorRole(false).CS3ResourcePermissions()
}
return conversions.NewFileEditorRole().CS3ResourcePermissions()
return conversions.NewFileEditorRole(false).CS3ResourcePermissions()
case 4:
return conversions.NewUploaderRole().CS3ResourcePermissions()
default:
Expand Down
11 changes: 8 additions & 3 deletions pkg/conversions/role.go
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ func RoleFromName(name string, sharing bool) *Role {
case RoleSpaceEditor:
return NewSpaceEditorRole()
case RoleFileEditor:
return NewFileEditorRole()
return NewFileEditorRole(sharing)
case RoleUploader:
return NewUploaderRole()
case RoleManager:
Expand Down Expand Up @@ -271,10 +271,15 @@ func NewSpaceEditorRole() *Role {
}

// NewFileEditorRole creates a file-editor role
func NewFileEditorRole() *Role {
func NewFileEditorRole(sharing bool) *Role {
p := PermissionRead | PermissionWrite
if sharing {
p |= PermissionShare
}
return &Role{
Name: RoleEditor,
cS3ResourcePermissions: &provider.ResourcePermissions{
AddGrant: sharing,
GetPath: true,
GetQuota: true,
InitiateFileDownload: true,
Expand All @@ -285,7 +290,7 @@ func NewFileEditorRole() *Role {
InitiateFileUpload: true,
RestoreRecycleItem: true,
},
ocsPermissions: PermissionRead | PermissionWrite,
ocsPermissions: p,
}
}

Expand Down

0 comments on commit 8cc3b38

Please sign in to comment.