update space root grant instead of always adding

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
cs3org · Aug 18, 2023 · f4d0d47 · f4d0d47
1 parent 18801a9
commit f4d0d47
Showing 1 changed file with 60 additions and 32 deletions.
diff --git a/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/spaces.go b/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/spaces.go
@@ -126,45 +126,64 @@ func (h *Handler) addSpaceMember(w http.ResponseWriter, r *http.Request, info *p
 		}
 	}
 
-	if role.Name != conversions.RoleManager {
-		ref := provider.Reference{ResourceId: info.GetId()}
-		p, err := h.findProvider(ctx, &ref)
-		if err != nil {
-			response.WriteOCSError(w, r, response.MetaNotFound.StatusCode, "error getting storage provider", err)
-			return
-		}
+	ref := provider.Reference{ResourceId: info.GetId()}
+	p, err := h.findProvider(ctx, &ref)
+	if err != nil {
+		response.WriteOCSError(w, r, response.MetaNotFound.StatusCode, "error getting storage provider", err)
+		return
+	}
 
-		providerClient, err := h.getStorageProviderClient(p)
-		if err != nil {
-			response.WriteOCSError(w, r, response.MetaNotFound.StatusCode, "error getting storage provider client", err)
-			return
-		}
+	providerClient, err := h.getStorageProviderClient(p)
+	if err != nil {
+		response.WriteOCSError(w, r, response.MetaNotFound.StatusCode, "error getting storage provider client", err)
+		return
+	}
 
-		lgRes, err := providerClient.ListGrants(ctx, &provider.ListGrantsRequest{Ref: &ref})
-		if err != nil || lgRes.Status.Code != rpc.Code_CODE_OK {
-			response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error listing space grants", err)
-			return
-		}
+	lgRes, err := providerClient.ListGrants(ctx, &provider.ListGrantsRequest{Ref: &ref})
+	if err != nil || lgRes.Status.Code != rpc.Code_CODE_OK {
+		response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error listing space grants", err)
+		return
+	}
 
-		if !isSpaceManagerRemaining(lgRes.Grants, grantee) {
-			response.WriteOCSError(w, r, http.StatusForbidden, "the space must have at least one manager", nil)
-			return
-		}
+	if !isSpaceManagerRemaining(lgRes.Grants, grantee) {
+		response.WriteOCSError(w, r, http.StatusForbidden, "the space must have at least one manager", nil)
+		return
 	}
 
-	createShareRes, err := client.CreateShare(ctx, &collaborationv1beta1.CreateShareRequest{
-		ResourceInfo: info,
-		Grant: &collaborationv1beta1.ShareGrant{
-			Permissions: &collaborationv1beta1.SharePermissions{
+	if granteeExists(lgRes.Grants, grantee) {
+		updateShareRes, err := providerClient.UpdateGrant(ctx, &provider.UpdateGrantRequest{
+			// TODO: change CS3 APIs
+			Opaque: &types.Opaque{
+				Map: map[string]*types.OpaqueEntry{
+					"spacegrant": {},
+				},
+			},
+			Ref: &ref,
+			Grant: &provider.Grant{
 				Permissions: permissions,
+				Grantee:     &grantee,
+				Expiration:  expirationTs,
 			},
-			Grantee:    &grantee,
-			Expiration: expirationTs,
-		},
-	})
-	if err != nil || createShareRes.Status.Code != rpc.Code_CODE_OK {
-		response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "could not add space member", err)
-		return
+		})
+		if err != nil || updateShareRes.Status.Code != rpc.Code_CODE_OK {
+			response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "could not update space member grant", err)
+			return
+		}
+	} else {
+		createShareRes, err := client.CreateShare(ctx, &collaborationv1beta1.CreateShareRequest{
+			ResourceInfo: info,
+			Grant: &collaborationv1beta1.ShareGrant{
+				Permissions: &collaborationv1beta1.SharePermissions{
+					Permissions: permissions,
+				},
+				Grantee:    &grantee,
+				Expiration: expirationTs,
+			},
+		})
+		if err != nil || createShareRes.Status.Code != rpc.Code_CODE_OK {
+			response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "could not add space member grant", err)
+			return
+		}
 	}
 
 	response.WriteOCSSuccess(w, r, nil)
@@ -325,6 +344,15 @@ func isSpaceManagerRemaining(grants []*provider.Grant, grantee provider.Grantee)
 	return false
 }
 
+func granteeExists(grants []*provider.Grant, grantee provider.Grantee) bool {
+	for _, g := range grants {
+		if isEqualGrantee(*g.Grantee, grantee) {
+			return true
+		}
+	}
+	return false
+}
+
 func isEqualGrantee(a, b provider.Grantee) bool {
 	// Ideally we would want to use utils.GranteeEqual()
 	// but the grants stored in the decomposedfs aren't complete (missing usertype and idp)