listing drives shsould use the user filter

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
owncloud · Apr 24, 2023 · 558df1b · 558df1b
1 parent 0862ff6
commit 558df1b
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 0 deletions.
diff --git a/services/graph/pkg/service/v0/drives.go b/services/graph/pkg/service/v0/drives.go
@@ -91,6 +91,20 @@ func (g Graph) getDrives(w http.ResponseWriter, r *http.Request, unrestricted bo
  errorcode.NotSupported.Render(w, r, http.StatusNotImplemented, err.Error())
  return
  }
+ if !unrestricted {
+ user, ok := revactx.ContextGetUser(r.Context())
+ if !ok {
+ logger.Debug().Msg("could not create drive: invalid user")
+ errorcode.NotAllowed.Render(w, r, http.StatusUnauthorized, "invalid user")
+ return
+ }
+ filters = append(filters, &storageprovider.ListStorageSpacesRequest_Filter{
+ Type: storageprovider.ListStorageSpacesRequest_Filter_TYPE_USER,
+ Term: &storageprovider.ListStorageSpacesRequest_Filter_User{
+ User: user.GetId(),
+ },
+ })
+ }
 
  logger.Debug().
  Interface("filters", filters).

diff --git a/services/graph/pkg/service/v0/graph_test.go b/services/graph/pkg/service/v0/graph_test.go
@@ -90,6 +90,7 @@ var _ = Describe("Graph", func() {
  }, nil)
 
  r := httptest.NewRequest(http.MethodGet, "/graph/v1.0/me/drives", nil)
+ r = r.WithContext(ctx)
  rr := httptest.NewRecorder()
  svc.GetDrives(rr, r)
  Expect(rr.Code).To(Equal(http.StatusOK))
@@ -102,6 +103,7 @@ var _ = Describe("Graph", func() {
  }, nil)
 
  r := httptest.NewRequest(http.MethodGet, "/graph/v1.0/drives", nil)
+ r = r.WithContext(ctx)
  rr := httptest.NewRecorder()
  svc.GetAllDrives(rr, r)
  Expect(rr.Code).To(Equal(http.StatusOK))
@@ -131,6 +133,7 @@ var _ = Describe("Graph", func() {
  }, nil)
 
  r := httptest.NewRequest(http.MethodGet, "/graph/v1.0/me/drives", nil)
+ r = r.WithContext(ctx)
  rr := httptest.NewRecorder()
  svc.GetDrives(rr, r)
 
@@ -201,6 +204,7 @@ var _ = Describe("Graph", func() {
  }, nil)
 
  r := httptest.NewRequest(http.MethodGet, "/graph/v1.0/me/drives?$orderby=name%20asc", nil)
+ r = r.WithContext(ctx)
  rr := httptest.NewRecorder()
  svc.GetDrives(rr, r)
 
@@ -281,6 +285,7 @@ var _ = Describe("Graph", func() {
  }, nil)
 
  r := httptest.NewRequest(http.MethodGet, "/graph/v1.0/me/drives", nil)
+ r = r.WithContext(ctx)
  rr := httptest.NewRecorder()
  svc.GetDrives(rr, r)
 
@@ -320,6 +325,7 @@ var _ = Describe("Graph", func() {
  }, nil)
 
  r := httptest.NewRequest(http.MethodGet, "/graph/v1.0/me/drives?$orderby=owner%20asc", nil)
+ r = r.WithContext(ctx)
  rr := httptest.NewRecorder()
  svc.GetDrives(rr, r)
  Expect(rr.Code).To(Equal(http.StatusBadRequest))
@@ -361,6 +367,7 @@ var _ = Describe("Graph", func() {
  gatewayClient.On("ListStorageSpaces", mock.Anything, mock.Anything).Return(nil, errors.New("transport error"))
 
  r := httptest.NewRequest(http.MethodGet, "/graph/v1.0/me/drives)", nil)
+ r = r.WithContext(ctx)
  rr := httptest.NewRecorder()
  svc.GetDrives(rr, r)
  Expect(rr.Code).To(Equal(http.StatusInternalServerError))
@@ -378,6 +385,7 @@ var _ = Describe("Graph", func() {
  StorageSpaces: []*provider.StorageSpace{}}, nil)
 
  r := httptest.NewRequest(http.MethodGet, "/graph/v1.0/me/drives)", nil)
+ r = r.WithContext(ctx)
  rr := httptest.NewRecorder()
  svc.GetDrives(rr, r)
  Expect(rr.Code).To(Equal(http.StatusInternalServerError))
@@ -395,6 +403,7 @@ var _ = Describe("Graph", func() {
  StorageSpaces: []*provider.StorageSpace{}}, nil)
 
  r := httptest.NewRequest(http.MethodGet, "/graph/v1.0/me/drives)", nil)
+ r = r.WithContext(ctx)
  rr := httptest.NewRecorder()
  svc.GetDrives(rr, r)
  Expect(rr.Code).To(Equal(http.StatusOK))
@@ -430,6 +439,7 @@ var _ = Describe("Graph", func() {
  }, nil)
 
  r := httptest.NewRequest(http.MethodGet, "/graph/v1.0/me/drives", nil)
+ r = r.WithContext(ctx)
  rr := httptest.NewRecorder()
  svc.GetDrives(rr, r)