Skip to content

Commit

Permalink
improve grant handling for space members
Browse files Browse the repository at this point in the history
  • Loading branch information
micbar committed Mar 7, 2022
1 parent b43635e commit eadd817
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 1 deletion.
1 change: 1 addition & 0 deletions changelog/unreleased/use-share-api-spaces.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@ Change: Use the cs3 share api to manage spaces
We now use the cs3 share Api to manage the space roles. We do not send the request to the share manager, the permissions are stored in the storage provider

https://github.com/cs3org/reva/pull/2600
https://github.com/cs3org/reva/pull/2620
31 changes: 30 additions & 1 deletion internal/grpc/services/gateway/usershareprovider.go
Original file line number Diff line number Diff line change
Expand Up @@ -698,10 +698,19 @@ func (s *svc) removeShare(ctx context.Context, req *collaboration.RemoveShareReq

func (s *svc) removeSpaceShare(ctx context.Context, ref *provider.ResourceId, grantee *provider.Grantee) (*collaboration.RemoveShareResponse, error) {
listGrantRes, err := s.listGrants(ctx, ref)
var permissions *provider.ResourcePermissions
if err != nil {
return nil, errors.Wrap(err, "gateway: error getting grant to remove from storage")
}
removeGrantStatus, err := s.removeGrant(ctx, ref, grantee, listGrantRes.Grants[0].Permissions)
for _, g := range listGrantRes.Grants {
if isEqualGrantee(*g.Grantee, *grantee) {
permissions = g.Permissions
}
}
if permissions == nil {
return nil, errors.New("gateway: error getting grant to remove from storage")
}
removeGrantStatus, err := s.removeGrant(ctx, ref, grantee, permissions)
if err != nil {
return nil, errors.Wrap(err, "gateway: error removing grant from storage")
}
Expand Down Expand Up @@ -733,3 +742,23 @@ func shareIsSpaceRoot(key *collaboration.ShareKey) bool {
}
return refIsSpaceRoot(key.ResourceId)
}

func isEqualGrantee(a, b provider.Grantee) bool {
// Ideally we would want to use utils.GranteeEqual()
// but the grants stored in the decomposedfs aren't complete (missing usertype and idp)
// because of that the check would fail so we can only check the ... for now.
if a.Type != b.Type {
return false
}

var aID, bID string
switch a.Type {
case provider.GranteeType_GRANTEE_TYPE_GROUP:
aID = a.GetGroupId().OpaqueId
bID = b.GetGroupId().OpaqueId
case provider.GranteeType_GRANTEE_TYPE_USER:
aID = a.GetUserId().OpaqueId
bID = b.GetUserId().OpaqueId
}
return aID == bID
}

0 comments on commit eadd817

Please sign in to comment.