diff --git a/settings/pkg/store/defaults/defaults.go b/settings/pkg/store/defaults/defaults.go new file mode 100644 index 00000000000..d183714fa71 --- /dev/null +++ b/settings/pkg/store/defaults/defaults.go @@ -0,0 +1,402 @@ +package defaults + +import ( + settingsmsg "github.com/owncloud/ocis/protogen/gen/ocis/messages/settings/v0" +) + +const ( + // BundleUUIDRoleAdmin represents the admin role + BundleUUIDRoleAdmin = "71881883-1768-46bd-a24d-a356a2afdf7f" + + // BundleUUIDRoleUser represents the user role. + BundleUUIDRoleUser = "d7beeea8-8ff4-406b-8fb6-ab2dd81e6b11" + + // BundleUUIDRoleGuest represents the guest role. + BundleUUIDRoleGuest = "38071a68-456a-4553-846a-fa67bf5596cc" + + // RoleManagementPermissionID is the hardcoded setting UUID for the role management permission + RoleManagementPermissionID string = "a53e601e-571f-4f86-8fec-d4576ef49c62" + // RoleManagementPermissionName is the hardcoded setting name for the role management permission + RoleManagementPermissionName string = "role-management" + + // SettingsManagementPermissionID is the hardcoded setting UUID for the settings management permission + SettingsManagementPermissionID string = "79e13b30-3e22-11eb-bc51-0b9f0bad9a58" + // SettingsManagementPermissionName is the hardcoded setting name for the settings management permission + SettingsManagementPermissionName string = "settings-management" + + // SetSpaceQuotaPermissionID is the hardcoded setting UUID for the set space quota permission + SetSpaceQuotaPermissionID string = "4e6f9709-f9e7-44f1-95d4-b762d27b7896" + // SetSpaceQuotaPermissionName is the hardcoded setting name for the set space quota permission + SetSpaceQuotaPermissionName string = "set-space-quota" + + // ListAllSpacesPermissionID is the hardcoded setting UUID for the list all spaces permission + ListAllSpacesPermissionID string = "016f6ddd-9501-4a0a-8ebe-64a20ee8ec82" + // ListAllSpacesPermissionName is the hardcoded setting name for the list all spaces permission + ListAllSpacesPermissionName string = "list-all-spaces" + + // CreateSpacePermissionID is the hardcoded setting UUID for the create space permission + CreateSpacePermissionID string = "79e13b30-3e22-11eb-bc51-0b9f0bad9a58" + // CreateSpacePermissionName is the hardcoded setting name for the create space permission + CreateSpacePermissionName string = "create-space" + + settingUUIDProfileLanguage = "aa8cfbe5-95d4-4f7e-a032-c3c01f5f062f" + + // AccountManagementPermissionID is the hardcoded setting UUID for the account management permission + AccountManagementPermissionID string = "8e587774-d929-4215-910b-a317b1e80f73" + // AccountManagementPermissionName is the hardcoded setting name for the account management permission + AccountManagementPermissionName string = "account-management" + // GroupManagementPermissionID is the hardcoded setting UUID for the group management permission + GroupManagementPermissionID string = "522adfbe-5908-45b4-b135-41979de73245" + // GroupManagementPermissionName is the hardcoded setting name for the group management permission + GroupManagementPermissionName string = "group-management" + // SelfManagementPermissionID is the hardcoded setting UUID for the self management permission + SelfManagementPermissionID string = "e03070e9-4362-4cc6-a872-1c7cb2eb2b8e" + // SelfManagementPermissionName is the hardcoded setting name for the self management permission + SelfManagementPermissionName string = "self-management" +) + +// GenerateBundlesDefaultRoles bootstraps the default roles. +func GenerateBundlesDefaultRoles() []*settingsmsg.Bundle { + return []*settingsmsg.Bundle{ + generateBundleAdminRole(), + generateBundleUserRole(), + generateBundleGuestRole(), + generateBundleProfileRequest(), + } +} + +func generateBundleAdminRole() *settingsmsg.Bundle { + return &settingsmsg.Bundle{ + Id: BundleUUIDRoleAdmin, + Name: "admin", + Type: settingsmsg.Bundle_TYPE_ROLE, + Extension: "ocis-roles", + DisplayName: "Admin", + Resource: &settingsmsg.Resource{ + Type: settingsmsg.Resource_TYPE_SYSTEM, + }, + Settings: []*settingsmsg.Setting{ + { + Id: RoleManagementPermissionID, + Name: RoleManagementPermissionName, + DisplayName: "Role Management", + Description: "This permission gives full access to everything that is related to role management.", + Resource: &settingsmsg.Resource{ + Type: settingsmsg.Resource_TYPE_USER, + Id: "all", + }, + Value: &settingsmsg.Setting_PermissionValue{ + PermissionValue: &settingsmsg.Permission{ + Operation: settingsmsg.Permission_OPERATION_READWRITE, + Constraint: settingsmsg.Permission_CONSTRAINT_ALL, + }, + }, + }, + { + Id: SettingsManagementPermissionID, + Name: SettingsManagementPermissionName, + DisplayName: "Settings Management", + Description: "This permission gives full access to everything that is related to settings management.", + Resource: &settingsmsg.Resource{ + Type: settingsmsg.Resource_TYPE_USER, + Id: "all", + }, + Value: &settingsmsg.Setting_PermissionValue{ + PermissionValue: &settingsmsg.Permission{ + Operation: settingsmsg.Permission_OPERATION_READWRITE, + Constraint: settingsmsg.Permission_CONSTRAINT_ALL, + }, + }, + }, + { + Id: "7d81f103-0488-4853-bce5-98dcce36d649", + Name: "language-readwrite", + DisplayName: "Permission to read and set the language (anyone)", + Resource: &settingsmsg.Resource{ + Type: settingsmsg.Resource_TYPE_SETTING, + Id: settingUUIDProfileLanguage, + }, + Value: &settingsmsg.Setting_PermissionValue{ + PermissionValue: &settingsmsg.Permission{ + Operation: settingsmsg.Permission_OPERATION_READWRITE, + Constraint: settingsmsg.Permission_CONSTRAINT_ALL, + }, + }, + }, + { + Id: AccountManagementPermissionID, + Name: AccountManagementPermissionName, + DisplayName: "Account Management", + Description: "This permission gives full access to everything that is related to account management.", + Resource: &settingsmsg.Resource{ + Type: settingsmsg.Resource_TYPE_USER, + Id: "all", + }, + Value: &settingsmsg.Setting_PermissionValue{ + PermissionValue: &settingsmsg.Permission{ + Operation: settingsmsg.Permission_OPERATION_READWRITE, + Constraint: settingsmsg.Permission_CONSTRAINT_ALL, + }, + }, + }, + { + Id: GroupManagementPermissionID, + Name: GroupManagementPermissionName, + DisplayName: "Group Management", + Description: "This permission gives full access to everything that is related to group management.", + Resource: &settingsmsg.Resource{ + Type: settingsmsg.Resource_TYPE_GROUP, + Id: "all", + }, + Value: &settingsmsg.Setting_PermissionValue{ + PermissionValue: &settingsmsg.Permission{ + Operation: settingsmsg.Permission_OPERATION_READWRITE, + Constraint: settingsmsg.Permission_CONSTRAINT_ALL, + }, + }, + }, + { + Id: SetSpaceQuotaPermissionID, + Name: SetSpaceQuotaPermissionName, + DisplayName: "Set Space Quota", + Description: "This permission allows to manage space quotas.", + Resource: &settingsmsg.Resource{ + Type: settingsmsg.Resource_TYPE_SYSTEM, + }, + Value: &settingsmsg.Setting_PermissionValue{ + PermissionValue: &settingsmsg.Permission{ + Operation: settingsmsg.Permission_OPERATION_READWRITE, + Constraint: settingsmsg.Permission_CONSTRAINT_ALL, + }, + }, + }, + { + Id: CreateSpacePermissionID, + Name: CreateSpacePermissionName, + DisplayName: "Create Space", + Description: "This permission allows to create new spaces.", + Resource: &settingsmsg.Resource{ + Type: settingsmsg.Resource_TYPE_SYSTEM, + }, + Value: &settingsmsg.Setting_PermissionValue{ + PermissionValue: &settingsmsg.Permission{ + Operation: settingsmsg.Permission_OPERATION_READWRITE, + Constraint: settingsmsg.Permission_CONSTRAINT_ALL, + }, + }, + }, + { + Id: ListAllSpacesPermissionID, + Name: ListAllSpacesPermissionName, + DisplayName: "List All Spaces", + Description: "This permission allows list all spaces.", + Resource: &settingsmsg.Resource{ + Type: settingsmsg.Resource_TYPE_SYSTEM, + }, + Value: &settingsmsg.Setting_PermissionValue{ + PermissionValue: &settingsmsg.Permission{ + Operation: settingsmsg.Permission_OPERATION_READ, + Constraint: settingsmsg.Permission_CONSTRAINT_ALL, + }, + }, + }, + }, + } +} + +func generateBundleUserRole() *settingsmsg.Bundle { + return &settingsmsg.Bundle{ + Id: BundleUUIDRoleUser, + Name: "user", + Type: settingsmsg.Bundle_TYPE_ROLE, + Extension: "ocis-roles", + DisplayName: "User", + Resource: &settingsmsg.Resource{ + Type: settingsmsg.Resource_TYPE_SYSTEM, + }, + Settings: []*settingsmsg.Setting{ + { + Id: "640e00d2-4df8-41bd-b1c2-9f30a01e0e99", + Name: "language-readwrite", + DisplayName: "Permission to read and set the language (self)", + Resource: &settingsmsg.Resource{ + Type: settingsmsg.Resource_TYPE_SETTING, + Id: settingUUIDProfileLanguage, + }, + Value: &settingsmsg.Setting_PermissionValue{ + PermissionValue: &settingsmsg.Permission{ + Operation: settingsmsg.Permission_OPERATION_READWRITE, + Constraint: settingsmsg.Permission_CONSTRAINT_OWN, + }, + }, + }, + { + Id: SelfManagementPermissionID, + Name: SelfManagementPermissionName, + DisplayName: "Self Management", + Description: "This permission gives access to self management.", + Resource: &settingsmsg.Resource{ + Type: settingsmsg.Resource_TYPE_USER, + Id: "me", + }, + Value: &settingsmsg.Setting_PermissionValue{ + PermissionValue: &settingsmsg.Permission{ + Operation: settingsmsg.Permission_OPERATION_READWRITE, + Constraint: settingsmsg.Permission_CONSTRAINT_OWN, + }, + }, + }, + }, + } +} + +func generateBundleGuestRole() *settingsmsg.Bundle { + return &settingsmsg.Bundle{ + Id: BundleUUIDRoleGuest, + Name: "guest", + Type: settingsmsg.Bundle_TYPE_ROLE, + Extension: "ocis-roles", + DisplayName: "Guest", + Resource: &settingsmsg.Resource{ + Type: settingsmsg.Resource_TYPE_SYSTEM, + }, + Settings: []*settingsmsg.Setting{ + { + Id: "ca878636-8b1a-4fae-8282-8617a4c13597", + Name: "language-readwrite", + DisplayName: "Permission to read and set the language (self)", + Resource: &settingsmsg.Resource{ + Type: settingsmsg.Resource_TYPE_SETTING, + Id: settingUUIDProfileLanguage, + }, + Value: &settingsmsg.Setting_PermissionValue{ + PermissionValue: &settingsmsg.Permission{ + Operation: settingsmsg.Permission_OPERATION_READWRITE, + Constraint: settingsmsg.Permission_CONSTRAINT_OWN, + }, + }, + }, + }, + } +} + +func generateBundleProfileRequest() *settingsmsg.Bundle { + return &settingsmsg.Bundle{ + Id: "2a506de7-99bd-4f0d-994e-c38e72c28fd9", + Name: "profile", + Extension: "ocis-accounts", + Type: settingsmsg.Bundle_TYPE_DEFAULT, + Resource: &settingsmsg.Resource{ + Type: settingsmsg.Resource_TYPE_SYSTEM, + }, + DisplayName: "Profile", + Settings: []*settingsmsg.Setting{ + { + Id: settingUUIDProfileLanguage, + Name: "language", + DisplayName: "Language", + Description: "User language", + Resource: &settingsmsg.Resource{ + Type: settingsmsg.Resource_TYPE_USER, + }, + Value: &languageSetting, + }, + }, + } +} + +// TODO: languageSetting needed? +var languageSetting = settingsmsg.Setting_SingleChoiceValue{ + SingleChoiceValue: &settingsmsg.SingleChoiceList{ + Options: []*settingsmsg.ListOption{ + { + Value: &settingsmsg.ListOptionValue{ + Option: &settingsmsg.ListOptionValue_StringValue{ + StringValue: "cs", + }, + }, + DisplayValue: "Czech", + }, + { + Value: &settingsmsg.ListOptionValue{ + Option: &settingsmsg.ListOptionValue_StringValue{ + StringValue: "de", + }, + }, + DisplayValue: "Deutsch", + }, + { + Value: &settingsmsg.ListOptionValue{ + Option: &settingsmsg.ListOptionValue_StringValue{ + StringValue: "en", + }, + }, + DisplayValue: "English", + Default: true, + }, + { + Value: &settingsmsg.ListOptionValue{ + Option: &settingsmsg.ListOptionValue_StringValue{ + StringValue: "es", + }, + }, + DisplayValue: "Español", + }, + { + Value: &settingsmsg.ListOptionValue{ + Option: &settingsmsg.ListOptionValue_StringValue{ + StringValue: "fr", + }, + }, + DisplayValue: "Français", + }, + { + Value: &settingsmsg.ListOptionValue{ + Option: &settingsmsg.ListOptionValue_StringValue{ + StringValue: "gl", + }, + }, + DisplayValue: "Galego", + }, + { + Value: &settingsmsg.ListOptionValue{ + Option: &settingsmsg.ListOptionValue_StringValue{ + StringValue: "it", + }, + }, + DisplayValue: "Italiano", + }, + }, + }, +} + +// DefaultRoleAssignments returns (as one might guess) the default role assignments +func DefaultRoleAssignments() []*settingsmsg.UserRoleAssignment { + return []*settingsmsg.UserRoleAssignment{ + // default admin users + { + AccountUuid: "058bff95-6708-4fe5-91e4-9ea3d377588b", + RoleId: BundleUUIDRoleAdmin, + }, { + AccountUuid: "ddc2004c-0977-11eb-9d3f-a793888cd0f8", + RoleId: BundleUUIDRoleAdmin, + }, { + AccountUuid: "820ba2a1-3f54-4538-80a4-2d73007e30bf", + RoleId: BundleUUIDRoleAdmin, + }, { + AccountUuid: "bc596f3c-c955-4328-80a0-60d018b4ad57", + RoleId: BundleUUIDRoleAdmin, + }, + // default users with role "user" + { + AccountUuid: "4c510ada-c86b-4815-8820-42cdf82c3d51", + RoleId: BundleUUIDRoleUser, + }, { + AccountUuid: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c", + RoleId: BundleUUIDRoleUser, + }, { + AccountUuid: "932b4540-8d16-481e-8ef4-588e4b6b151c", + RoleId: BundleUUIDRoleUser, + }, + } +} diff --git a/settings/pkg/store/metadata/assignments.go b/settings/pkg/store/metadata/assignments.go index 07862ca0d4d..4fe6c9173ed 100644 --- a/settings/pkg/store/metadata/assignments.go +++ b/settings/pkg/store/metadata/assignments.go @@ -7,10 +7,14 @@ import ( "github.com/gofrs/uuid" settingsmsg "github.com/owncloud/ocis/protogen/gen/ocis/messages/settings/v0" + "github.com/owncloud/ocis/settings/pkg/store/defaults" ) // ListRoleAssignments loads and returns all role assignments matching the given assignment identifier. func (s *Store) ListRoleAssignments(accountUUID string) ([]*settingsmsg.UserRoleAssignment, error) { + if s.mdc == nil { + return defaultRoleAssignments(accountUUID), nil + } s.Init() assIDs, err := s.mdc.ReadDir(nil, accountPath(accountUUID)) if err != nil { @@ -86,6 +90,16 @@ func (s *Store) RemoveRoleAssignment(assignmentID string) error { return fmt.Errorf("assignmentID '%s' not found", assignmentID) } +func defaultRoleAssignments(accID string) []*settingsmsg.UserRoleAssignment { + var assmnts []*settingsmsg.UserRoleAssignment + for _, r := range defaults.DefaultRoleAssignments() { + if r.AccountUuid == accID { + assmnts = append(assmnts, r) + } + } + return assmnts +} + func accountPath(accountUUID string) string { return fmt.Sprintf("%s/%s", accountsFolderLocation, accountUUID) } diff --git a/settings/pkg/store/metadata/bundles.go b/settings/pkg/store/metadata/bundles.go index a94b69ae18b..00f5773e39f 100644 --- a/settings/pkg/store/metadata/bundles.go +++ b/settings/pkg/store/metadata/bundles.go @@ -8,35 +8,16 @@ import ( "github.com/gofrs/uuid" settingsmsg "github.com/owncloud/ocis/protogen/gen/ocis/messages/settings/v0" + "github.com/owncloud/ocis/settings/pkg/store/defaults" ) // ListBundles returns all bundles in the dataPath folder that match the given type. func (s *Store) ListBundles(bundleType settingsmsg.Bundle_Type, bundleIDs []string) ([]*settingsmsg.Bundle, error) { // TODO: this is needed for initialization - we need to find a better way to fix this - if s.mdc == nil && len(bundleIDs) == 1 && bundleIDs[0] == "71881883-1768-46bd-a24d-a356a2afdf7f" { - return []*settingsmsg.Bundle{{ - Id: "71881883-1768-46bd-a24d-a356a2afdf7f", - Settings: []*settingsmsg.Setting{ - { - Id: "8e587774-d929-4215-910b-a317b1e80f73", - Name: "account-management", - DisplayName: "Account Management", - Description: "This permission gives full access to everything that is related to account management.", - Resource: &settingsmsg.Resource{ - Type: settingsmsg.Resource_TYPE_USER, - Id: "all", - }, - Value: &settingsmsg.Setting_PermissionValue{ - PermissionValue: &settingsmsg.Permission{ - Operation: settingsmsg.Permission_OPERATION_READWRITE, - Constraint: settingsmsg.Permission_CONSTRAINT_ALL, - }, - }, - }, - }, - }}, nil + if s.mdc == nil { + return defaultBundle(bundleType, bundleIDs[0]), nil } - s.Init() + //s.Init() var bundles []*settingsmsg.Bundle for _, id := range bundleIDs { b, err := s.mdc.SimpleDownload(nil, bundlePath(id)) @@ -113,3 +94,13 @@ func (s *Store) RemoveSettingFromBundle(bundleID string, settingID string) error func bundlePath(id string) string { return fmt.Sprintf("%s/%s", bundleFolderLocation, id) } + +func defaultBundle(bundleType settingsmsg.Bundle_Type, bundleID string) []*settingsmsg.Bundle { + var bundles []*settingsmsg.Bundle + for _, b := range defaults.GenerateBundlesDefaultRoles() { + if b.Type == bundleType && b.Id == bundleID { + bundles = append(bundles, b) + } + } + return bundles +} diff --git a/settings/pkg/store/metadata/store.go b/settings/pkg/store/metadata/store.go index 84e09b74ef5..b77a6770fec 100644 --- a/settings/pkg/store/metadata/store.go +++ b/settings/pkg/store/metadata/store.go @@ -47,25 +47,22 @@ type Store struct { // Init initialize the store once, later calls are noops func (s *Store) Init() { - if s.mdc != nil { - return - } - s.l.Lock() defer s.l.Unlock() + var err error - s.init.Do(func() { - //b := backoff.NewExponentialBackOff() - //b.MaxElapsedTime = 4 * time.Second - //backoff.Retry(func() error { - err = s.initMetadataClient(NewMetadataClient(s.cfg)) - //return err + //s.init.Do(func() { + //b := backoff.NewExponentialBackOff() + //b.MaxElapsedTime = 4 * time.Second + //backoff.Retry(func() error { + err = s.initMetadataClient(NewMetadataClient(s.cfg)) + //return err - //}, b) + //}, b) - }) + //}) if err != nil { - log.Fatal(err) + log.Fatal("error initializing metadata client: ", err) } } @@ -98,10 +95,7 @@ func NewMetadataClient(cfg *config.Config) MetadataClient { // we need to lazy initialize the MetadataClient because metadata service might not be ready func (s *Store) initMetadataClient(mdc MetadataClient) error { - s.mdc = mdc - - // TODO: this fails because of authentication issues - err := s.mdc.Init(nil, settingsSpaceID) + err := mdc.Init(nil, settingsSpaceID) if err != nil { return err } @@ -112,12 +106,13 @@ func (s *Store) initMetadataClient(mdc MetadataClient) error { bundleFolderLocation, valuesFolderLocation, } { - err = s.mdc.MakeDirIfNotExist(nil, p) + err = mdc.MakeDirIfNotExist(nil, p) if err != nil { return err } } + s.mdc = mdc if s.initStore != nil { s.initStore(s) }