diff --git a/changelog/unreleased/rename-permissions.md b/changelog/unreleased/rename-permissions.md new file mode 100644 index 0000000000..984f762a5a --- /dev/null +++ b/changelog/unreleased/rename-permissions.md @@ -0,0 +1,5 @@ +Enhancement: Rename permissions + +Rename permissions to be consistent and future proof + +https://github.com/cs3org/reva/pull/3922 diff --git a/pkg/permission/permission.go b/pkg/permission/permission.go index c34589b24a..405f72bbc8 100644 --- a/pkg/permission/permission.go +++ b/pkg/permission/permission.go @@ -24,9 +24,9 @@ import ( const ( // ListAllSpaces is the hardcoded name for the list all spaces permission - ListAllSpaces string = "list-all-spaces" + ListAllSpaces string = "Drives.List" // CreateSpace is the hardcoded name for the create space permission - CreateSpace string = "create-space" + CreateSpace string = "Drives.Create" // WritePublicLink is the hardcoded name for the PublicLink.Write permission WritePublicLink string = "PublicLink.Write" ) diff --git a/pkg/storage/utils/decomposedfs/spacepermissions.go b/pkg/storage/utils/decomposedfs/spacepermissions.go index ce764f8e0e..31043239ad 100644 --- a/pkg/storage/utils/decomposedfs/spacepermissions.go +++ b/pkg/storage/utils/decomposedfs/spacepermissions.go @@ -41,7 +41,7 @@ func (p Permissions) AssemblePermissions(ctx context.Context, n *node.Node) (pro // CreateSpace returns true when the user is allowed to create the space func (p Permissions) CreateSpace(ctx context.Context, spaceid string) bool { - return p.checkPermission(ctx, "create-space", spaceRef(spaceid)) + return p.checkPermission(ctx, "Drives.Create", spaceRef(spaceid)) } // SetSpaceQuota returns true when the user is allowed to change the spaces quota @@ -50,25 +50,25 @@ func (p Permissions) SetSpaceQuota(ctx context.Context, spaceid string, spaceTyp default: return false // only quotas of personal and project space may be changed case _spaceTypePersonal: - return p.checkPermission(ctx, "set-space-quota", spaceRef(spaceid)) + return p.checkPermission(ctx, "Drives.ReadWritePersonalQuota", spaceRef(spaceid)) case _spaceTypeProject: - return p.checkPermission(ctx, "Drive.ReadWriteQuota.Project", spaceRef(spaceid)) + return p.checkPermission(ctx, "Drives.ReadWriteProjectQuota", spaceRef(spaceid)) } } // ManageSpaceProperties returns true when the user is allowed to change space properties (name/subtitle) func (p Permissions) ManageSpaceProperties(ctx context.Context, spaceid string) bool { - return p.checkPermission(ctx, "Drive.ReadWrite", spaceRef(spaceid)) + return p.checkPermission(ctx, "Drives.ReadWrite", spaceRef(spaceid)) } // SpaceAbility returns true when the user is allowed to enable/disable the space func (p Permissions) SpaceAbility(ctx context.Context, spaceid string) bool { - return p.checkPermission(ctx, "Drive.ReadWriteEnabled", spaceRef(spaceid)) + return p.checkPermission(ctx, "Drives.ReadWriteEnabled", spaceRef(spaceid)) } // ListAllSpaces returns true when the user is allowed to list all spaces func (p Permissions) ListAllSpaces(ctx context.Context) bool { - return p.checkPermission(ctx, "list-all-spaces", nil) + return p.checkPermission(ctx, "Drives.List", nil) } // ListSpacesOfUser returns true when the user is allowed to list the spaces of the given user @@ -86,12 +86,12 @@ func (p Permissions) ListSpacesOfUser(ctx context.Context, userid *userv1beta1.U // DeleteAllSpaces returns true when the user is allowed to delete all spaces func (p Permissions) DeleteAllSpaces(ctx context.Context) bool { - return p.checkPermission(ctx, "delete-all-spaces", nil) + return p.checkPermission(ctx, "Drives.DeleteProject", nil) } // DeleteAllHomeSpaces returns true when the user is allowed to delete all home spaces func (p Permissions) DeleteAllHomeSpaces(ctx context.Context) bool { - return p.checkPermission(ctx, "delete-all-home-spaces", nil) + return p.checkPermission(ctx, "Drives.DeletePersonal", nil) } // checkPermission is used to check a users space permissions diff --git a/pkg/storage/utils/decomposedfs/spaces_test.go b/pkg/storage/utils/decomposedfs/spaces_test.go index 2b0137262e..21071750c7 100644 --- a/pkg/storage/utils/decomposedfs/spaces_test.go +++ b/pkg/storage/utils/decomposedfs/spaces_test.go @@ -49,13 +49,13 @@ var _ = Describe("Spaces", func() { Expect(err).ToNot(HaveOccurred()) env.PermissionsClient.On("CheckPermission", mock.Anything, mock.Anything, mock.Anything).Return( func(ctx context.Context, in *cs3permissions.CheckPermissionRequest, opts ...grpc.CallOption) *cs3permissions.CheckPermissionResponse { - if in.Permission == "delete-all-home-spaces" && ctxpkg.ContextMustGetUser(ctx).Id.GetOpaqueId() == env.DeleteHomeSpacesUser.Id.OpaqueId { + if in.Permission == "Drives.DeletePersonal" && ctxpkg.ContextMustGetUser(ctx).Id.GetOpaqueId() == env.DeleteHomeSpacesUser.Id.OpaqueId { return &cs3permissions.CheckPermissionResponse{Status: &rpcv1beta1.Status{Code: rpcv1beta1.Code_CODE_OK}} } - if in.Permission == "delete-all-spaces" && ctxpkg.ContextMustGetUser(ctx).Id.GetOpaqueId() == env.DeleteAllSpacesUser.Id.OpaqueId { + if in.Permission == "Drives.DeleteProject" && ctxpkg.ContextMustGetUser(ctx).Id.GetOpaqueId() == env.DeleteAllSpacesUser.Id.OpaqueId { return &cs3permissions.CheckPermissionResponse{Status: &rpcv1beta1.Status{Code: rpcv1beta1.Code_CODE_OK}} } - if (in.Permission == "create-space" || in.Permission == "list-all-spaces") && ctxpkg.ContextMustGetUser(ctx).Id.GetOpaqueId() == helpers.OwnerID { + if (in.Permission == "Drives.Create" || in.Permission == "Drives.List") && ctxpkg.ContextMustGetUser(ctx).Id.GetOpaqueId() == helpers.OwnerID { return &cs3permissions.CheckPermissionResponse{Status: &rpcv1beta1.Status{Code: rpcv1beta1.Code_CODE_OK}} } // any other user @@ -316,7 +316,7 @@ var _ = Describe("Spaces", func() { switch ctxpkg.ContextMustGetUser(ctx).GetId().GetOpaqueId() { case manager.GetId().GetOpaqueId(): switch in.Permission { - case "create-space": + case "Drives.Create": return &cs3permissions.CheckPermissionResponse{Status: &rpcv1beta1.Status{Code: rpcv1beta1.Code_CODE_OK}} default: return &cs3permissions.CheckPermissionResponse{Status: &rpcv1beta1.Status{Code: rpcv1beta1.Code_CODE_PERMISSION_DENIED}}