Fix CreateHome for external users

External users, when logging in for the first time, have no role assigned and are unable to create their home because that requires the create-space permission. This assigns users that don't have a role assigned to the default user role and persists that assignment in the settings service so that CreateHome can pick it up when checking permissions later. This also disables the auto creation of the user's home in the reva auth provider (i.e. when using basic auth) as the role assignement has not happenend at that point. So the home creation will now always happen in the CreateHome middleware in the proxy.
owncloud · Mar 16, 2022 · 6abf38d · 6abf38d
1 parent b3a1a14
commit 6abf38d
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 5 deletions.
diff --git a/proxy/pkg/user/backend/cs3.go b/proxy/pkg/user/backend/cs3.go
@@ -61,11 +61,21 @@ func (c *cs3backend) GetUserByClaims(ctx context.Context, claim, value string, w
  }
  }
 
+ // if roles are empty, assume we haven't seen the user before and assign a
+ // default user role. At least until proper roles are provided. See
+ // https://github.com/owncloud/ocis/issues/1825 for more context.
  if len(roleIDs) == 0 {
- roleIDs = append(roleIDs, settingsService.BundleUUIDRoleUser, settingsService.SelfManagementPermissionID)
- // if roles are empty, assume we haven't seen the user before and assign a default user role. At least until
- // proper roles are provided. See https://github.com/owncloud/ocis/issues/1825 for more context.
- //return user, nil
+ if user.Id.Type == cs3.UserType_USER_TYPE_PRIMARY {
+ c.logger.Info().Str("userid", user.Id.OpaqueId).Msg("user has no role assigned, assigning default user role")
+ _, err := c.settingsRoleService.AssignRoleToUser(ctx, &settingssvc.AssignRoleToUserRequest{
+ AccountUuid: user.Id.OpaqueId,
+ RoleId: settingsService.BundleUUIDRoleUser,
+ })
+ if err != nil {
+ c.logger.Error().Err(err).Msg("Could not add default role")
+ }
+ roleIDs = append(roleIDs, settingsService.BundleUUIDRoleUser)
+ }
  }
 
  enc, err := encodeRoleIDs(roleIDs)

diff --git a/storage/pkg/config/defaults/defaultconfig.go b/storage/pkg/config/defaults/defaultconfig.go
@@ -266,7 +266,7 @@ func DefaultConfig() *config.Config {
  },
  CommitShareToStorageGrant: true,
  CommitShareToStorageRef: true,
- DisableHomeCreationOnLogin: false,
+ DisableHomeCreationOnLogin: true,
  ShareFolder: "Shares",
  LinkGrants: "",
  HomeMapping: "",