From d2deee7660bbf8cab88d10b0a74ebfc90e4236ec Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Thu, 25 Apr 2024 15:36:48 +0200 Subject: [PATCH] fix(auth/scope): fix nested resource check when creating a new resource When creating a reource (e.g a document via the app/new endpoint) below a next folder structure of a public link, we can't stat the resource itself (it doesn't exit yet) for checking if it is a descendant of the share root. We now stat the resource's parent instead in that case. Fixes: https://github.com/owncloud/ocis/issues/8957 (cherry picked from commit 5faad8dad61e25175e89f08e253feb187434a54c) --- .../unreleased/fix-publicshare-nested-appnew.md | 8 ++++++++ internal/grpc/interceptors/auth/scope.go | 14 +++++++++++--- 2 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 changelog/unreleased/fix-publicshare-nested-appnew.md diff --git a/changelog/unreleased/fix-publicshare-nested-appnew.md b/changelog/unreleased/fix-publicshare-nested-appnew.md new file mode 100644 index 0000000000..dc0212f9ea --- /dev/null +++ b/changelog/unreleased/fix-publicshare-nested-appnew.md @@ -0,0 +1,8 @@ +Bugfix: Fix creating documents in nested folders of public shares + +We fixed a bug that prevented creating new documented in a nested folder +of a public share. + +https://github.com/cs3org/reva/pull/4665 +https://github.com/cs3org/reva/pull/4660 +https://github.com/owncloud/ocis/issues/8957 diff --git a/internal/grpc/interceptors/auth/scope.go b/internal/grpc/interceptors/auth/scope.go index 5cb6183c61..353b2c6762 100644 --- a/internal/grpc/interceptors/auth/scope.go +++ b/internal/grpc/interceptors/auth/scope.go @@ -261,7 +261,7 @@ func checkIfNestedResource(ctx context.Context, ref *provider.Reference, parent if err != nil { return false, err } - if statResponse.Status.Code != rpc.Code_CODE_OK { + if statResponse.GetStatus().GetCode() != rpc.Code_CODE_OK { return false, statuspkg.NewErrorFromCode(statResponse.Status.Code, "auth interceptor") } @@ -313,14 +313,22 @@ func checkIfNestedResource(ctx context.Context, ref *provider.Reference, parent if err != nil { return false, err } - if childStat.Status.Code != rpc.Code_CODE_OK { + if childStat.GetStatus().GetCode() == rpc.Code_CODE_NOT_FOUND && ref.GetPath() != "" && ref.GetPath() != "." { + // The resource does not seem to exist (yet?). We might be part of an initiate upload request. + // Stat the parent to get its path and check that against the root path. + childStat, err = client.Stat(ctx, &provider.StatRequest{Ref: &provider.Reference{ResourceId: ref.GetResourceId()}}) + if err != nil { + return false, err + } + } + if childStat.GetStatus().GetCode() != rpc.Code_CODE_OK { return false, statuspkg.NewErrorFromCode(childStat.Status.Code, "auth interceptor") } pathResp, err = client.GetPath(ctx, &provider.GetPathRequest{ResourceId: childStat.GetInfo().GetId()}) if err != nil { return false, err } - if pathResp.Status.Code != rpc.Code_CODE_OK { + if pathResp.GetStatus().GetCode() != rpc.Code_CODE_OK { return false, statuspkg.NewErrorFromCode(pathResp.Status.Code, "auth interceptor") } childPath = pathResp.Path