Skip to content

Commit

Permalink
non personal spaces need virtual owner
Browse files Browse the repository at this point in the history
  • Loading branch information
micbar committed Jul 27, 2022
1 parent c11d954 commit d3797f0
Show file tree
Hide file tree
Showing 5 changed files with 46 additions and 29 deletions.
5 changes: 5 additions & 0 deletions changelog/unreleased/space-owner.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Bugfix: Project spaces need no real owner

Make it possible to use a non existing user as a space owner.

https://github.com/cs3org/reva/pull/3091
Original file line number Diff line number Diff line change
Expand Up @@ -1119,30 +1119,33 @@ func (h *Handler) addFileInfo(ctx context.Context, s *conversions.ShareData, inf
// TODO log error?
s.Path = gpRes.Path
}

// cut off configured home namespace, paths in ocs shares are relative to it
identifier := h.mustGetIdentifiers(ctx, client, info.GetOwner().GetOpaqueId(), false)
u := &userpb.User{
Id: info.Owner,
Username: identifier.Username,
DisplayName: identifier.DisplayName,
Mail: identifier.Mail,
// on spaces, we could have no owner set
if info.Owner != nil {
// cut off configured home namespace, paths in ocs shares are relative to it
identifier := h.mustGetIdentifiers(ctx, client, info.GetOwner().GetOpaqueId(), false)
u := &userpb.User{
Id: info.Owner,
Username: identifier.Username,
DisplayName: identifier.DisplayName,
Mail: identifier.Mail,
}
s.Path = strings.TrimPrefix(s.Path, h.getHomeNamespace(u))
}
s.Path = strings.TrimPrefix(s.Path, h.getHomeNamespace(u))
}
}
s.StorageID = storageIDPrefix + s.FileTarget
// TODO FileParent:
// item type
s.ItemType = conversions.ResourceType(info.GetType()).String()

owner := info.GetOwner()
// file owner might not yet be set. Use file info
if s.UIDFileOwner == "" {
s.UIDFileOwner = info.GetOwner().GetOpaqueId()
if s.UIDFileOwner == "" && owner != nil {
s.UIDFileOwner = owner.GetOpaqueId()
}
// share owner might not yet be set. Use file info
if s.UIDOwner == "" {
s.UIDOwner = info.GetOwner().GetOpaqueId()
if s.UIDOwner == "" && owner != nil {
s.UIDOwner = owner.GetOpaqueId()
}
}
return nil
Expand Down Expand Up @@ -1236,8 +1239,8 @@ func (h *Handler) mapUserIds(ctx context.Context, client gateway.GatewayAPIClien
if s.DisplaynameOwner == "" {
s.DisplaynameOwner = owner.DisplayName
}
if s.AdditionalInfoFileOwner == "" {
s.AdditionalInfoFileOwner = h.getAdditionalInfoAttribute(ctx, owner)
if s.AdditionalInfoOwner == "" {
s.AdditionalInfoOwner = h.getAdditionalInfoAttribute(ctx, owner)
}
}

Expand All @@ -1247,8 +1250,8 @@ func (h *Handler) mapUserIds(ctx context.Context, client gateway.GatewayAPIClien
if s.DisplaynameFileOwner == "" {
s.DisplaynameFileOwner = fileOwner.DisplayName
}
if s.AdditionalInfoOwner == "" {
s.AdditionalInfoOwner = h.getAdditionalInfoAttribute(ctx, fileOwner)
if s.AdditionalInfoFileOwner == "" {
s.AdditionalInfoFileOwner = h.getAdditionalInfoAttribute(ctx, fileOwner)
}
}

Expand Down
21 changes: 13 additions & 8 deletions pkg/auth/manager/publicshares/publicshares.go
Original file line number Diff line number Diff line change
Expand Up @@ -127,11 +127,17 @@ func (m *manager) Authenticate(ctx context.Context, token, secret string) (*user
return nil, nil, errtypes.InternalError(publicShareResponse.Status.Message)
}

getUserResponse, err := gwConn.GetUser(ctx, &userprovider.GetUserRequest{
UserId: publicShareResponse.GetShare().GetCreator(),
})
if err != nil {
return nil, nil, err
var owner *user.User
if publicShareResponse.GetShare().GetOwner().Type == 0 {
owner = &user.User{Id: publicShareResponse.GetShare().GetOwner(), DisplayName: "Public", Username: "public"}
} else {
getUserResponse, err := gwConn.GetUser(ctx, &userprovider.GetUserRequest{
UserId: publicShareResponse.GetShare().GetCreator(),
})
if err != nil {
return nil, nil, err
}
owner = getUserResponse.GetUser()
}

share := publicShareResponse.GetShare()
Expand All @@ -150,8 +156,7 @@ func (m *manager) Authenticate(ctx context.Context, token, secret string) (*user
return nil, nil, err
}

u := getUserResponse.GetUser()
u.Opaque = &types.Opaque{
owner.Opaque = &types.Opaque{
Map: map[string]*types.OpaqueEntry{
"public-share-role": {
Decoder: "plain",
Expand All @@ -160,7 +165,7 @@ func (m *manager) Authenticate(ctx context.Context, token, secret string) (*user
},
}

return u, scope, nil
return owner, scope, nil
}

// ErrPasswordNotProvided is returned when the public share is password protected, but there was no password on the request
Expand Down
2 changes: 1 addition & 1 deletion pkg/storage/utils/decomposedfs/grants.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ func (fs *Decomposedfs) AddGrant(ctx context.Context, ref *provider.Reference, g
// When the owner is empty but grants are set then we do want to check the grants.
// However, if we are trying to edit an existing grant we do not have to check for permission if the user owns the grant
// TODO: find a better to check this
if !(len(grants) == 0 && (owner == nil || owner.OpaqueId == "")) {
if !(len(grants) == 0 && (owner == nil || owner.OpaqueId == "" || (owner.OpaqueId == node.SpaceID && owner.Type == 0))) {
ok, err := fs.p.HasPermission(ctx, node, func(rp *provider.ResourcePermissions) bool {
return rp.AddGrant
})
Expand Down
10 changes: 7 additions & 3 deletions pkg/storage/utils/decomposedfs/spaces.go
Original file line number Diff line number Diff line change
Expand Up @@ -99,10 +99,14 @@ func (fs *Decomposedfs) CreateStorageSpace(ctx context.Context, req *provider.Cr
if err := root.WriteAllNodeMetadata(); err != nil {
return nil, err
}
var owner *userv1beta1.UserId
if req.GetOwner() != nil && req.GetOwner().GetId() != nil {
if err := root.WriteOwner(req.GetOwner().GetId()); err != nil {
return nil, err
}
owner = req.GetOwner().GetId()
} else {
owner = &userv1beta1.UserId{OpaqueId: spaceID}
}
if err := root.WriteOwner(owner); err != nil {
return nil, err
}

err = fs.updateIndexes(ctx, req.GetOwner().GetId().GetOpaqueId(), req.Type, root.ID)
Expand Down

0 comments on commit d3797f0

Please sign in to comment.