Bump reva to v2.19.5

For https://github.com/cs3org/reva/pull/4634
2026-03-18 07:27:12 -04:00 · 2024-04-16 17:20:29 +02:00
parent 6df5f45c0e
commit 042ec41edd
10 changed files with 40 additions and 24 deletions
--- a/vendor/github.com/cs3org/reva/v2/internal/grpc/interceptors/auth/scope.go
+++ b/vendor/github.com/cs3org/reva/v2/internal/grpc/interceptors/auth/scope.go
@@ -264,7 +264,15 @@ func checkIfNestedResource(ctx context.Context, ref *provider.Reference, parent
 	if statResponse.Status.Code != rpc.Code_CODE_OK {
 		return false, statuspkg.NewErrorFromCode(statResponse.Status.Code, "auth interceptor")
 	}
-	parentPath := statResponse.Info.Path
+
+	pathResp, err := client.GetPath(ctx, &provider.GetPathRequest{ResourceId: statResponse.GetInfo().GetId()})
+	if err != nil {
+		return false, err
+	}
+	if pathResp.Status.Code != rpc.Code_CODE_OK {
+		return false, statuspkg.NewErrorFromCode(pathResp.Status.Code, "auth interceptor")
+	}
+	parentPath := pathResp.Path

 	childPath := ref.GetPath()
 	if childPath != "" && childPath != "." && strings.HasPrefix(childPath, parentPath) {
@@ -308,7 +316,7 @@ func checkIfNestedResource(ctx context.Context, ref *provider.Reference, parent
 	if childStat.Status.Code != rpc.Code_CODE_OK {
 		return false, statuspkg.NewErrorFromCode(childStat.Status.Code, "auth interceptor")
 	}
-	pathResp, err := client.GetPath(ctx, &provider.GetPathRequest{ResourceId: childStat.GetInfo().GetId()})
+	pathResp, err = client.GetPath(ctx, &provider.GetPathRequest{ResourceId: childStat.GetInfo().GetId()})
 	if err != nil {
 		return false, err
 	}
--- a/vendor/github.com/cs3org/reva/v2/internal/grpc/services/publicshareprovider/publicshareprovider.go
+++ b/vendor/github.com/cs3org/reva/v2/internal/grpc/services/publicshareprovider/publicshareprovider.go
@@ -554,12 +554,24 @@ func (s *service) UpdatePublicShare(ctx context.Context, req *link.UpdatePublicS
 	}
 	updatePassword := req.GetUpdate().GetType() == link.UpdatePublicShareRequest_Update_TYPE_PASSWORD
 	setPassword := grant.GetPassword()
+
+	// we update permissions with an empty password and password is not set on the public share
+	emptyPasswordInPermissionUpdate := len(setPassword) == 0 && updatePermissions && !ps.PasswordProtected
+
+	// password is updated, we use the current permissions to check if the user can opt out
 	if updatePassword && !isInternalLink && enforcePassword(canOptOut, ps.GetPermissions().GetPermissions(), s.conf) && len(setPassword) == 0 {
 		return &link.UpdatePublicShareResponse{
 			Status: status.NewInvalidArg(ctx, "password protection is enforced"),
 		}, nil
 	}

+	// permissions are updated, we use the new permissions to check if the user can opt out
+	if emptyPasswordInPermissionUpdate && !isInternalLink && enforcePassword(canOptOut, grant.GetPermissions().GetPermissions(), s.conf) && len(setPassword) == 0 {
+		return &link.UpdatePublicShareResponse{
+			Status: status.NewInvalidArg(ctx, "password protection is enforced"),
+		}, nil
+	}
+
 	// validate password policy
 	if updatePassword && len(setPassword) > 0 {
 		if err := s.passwordValidator.Validate(setPassword); err != nil {
--- a/vendor/github.com/cs3org/reva/v2/internal/http/services/archiver/manager/archiver.go
+++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/archiver/manager/archiver.go
@@ -29,6 +29,7 @@ import (
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	"github.com/cs3org/reva/v2/pkg/storage/utils/downloader"
 	"github.com/cs3org/reva/v2/pkg/storage/utils/walker"
+	"github.com/cs3org/reva/v2/pkg/utils"
 )

 // Config is the config for the Archiver
@@ -77,7 +78,7 @@ func (a *Archiver) CreateTar(ctx context.Context, dst io.Writer) (func(), error)
 			}

 			// when archiving a space we can omit the spaceroot
-			if isSpaceRoot(info) {
+			if utils.IsSpaceRoot(info) {
 				return nil
 			}

@@ -152,7 +153,7 @@ func (a *Archiver) CreateZip(ctx context.Context, dst io.Writer) (func(), error)
 			}

 			// when archiving a space we can omit the spaceroot
-			if isSpaceRoot(info) {
+			if utils.IsSpaceRoot(info) {
 				return nil
 			}

@@ -205,9 +206,3 @@ func (a *Archiver) CreateZip(ctx context.Context, dst io.Writer) (func(), error)
 	}
 	return closer, nil
 }
-
-func isSpaceRoot(info *provider.ResourceInfo) bool {
-	f := info.GetId()
-	s := info.GetSpace().GetRoot()
-	return f.GetOpaqueId() == s.GetOpaqueId() && f.GetSpaceId() == s.GetSpaceId()
-}
--- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/copy.go
+++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/copy.go
@@ -610,7 +610,7 @@ func (s *svc) prepareCopy(ctx context.Context, w http.ResponseWriter, r *http.Re
 		errors.HandleErrorStatus(log, w, srcStatRes.Status)
 		return nil
 	}
-	if isSpaceRoot(srcStatRes.GetInfo()) {
+	if utils.IsSpaceRoot(srcStatRes.GetInfo()) {
 		log.Error().Msg("the source is disallowed")
 		w.WriteHeader(http.StatusBadRequest)
 		return nil
@@ -632,7 +632,7 @@ func (s *svc) prepareCopy(ctx context.Context, w http.ResponseWriter, r *http.Re
 	if dstStatRes.Status.Code == rpc.Code_CODE_OK {
 		successCode = http.StatusNoContent // 204 if target already existed, see https://tools.ietf.org/html/rfc4918#section-9.8.5

-		if isSpaceRoot(dstStatRes.GetInfo()) {
+		if utils.IsSpaceRoot(dstStatRes.GetInfo()) {
 			log.Error().Msg("overwriting is not allowed")
 			w.WriteHeader(http.StatusBadRequest)
 			return nil
--- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/move.go
+++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/move.go
@@ -196,7 +196,7 @@ func (s *svc) handleMove(ctx context.Context, w http.ResponseWriter, r *http.Req
 		errors.HandleErrorStatus(&log, w, srcStatRes.Status)
 		return
 	}
-	if isSpaceRoot(srcStatRes.GetInfo()) {
+	if utils.IsSpaceRoot(srcStatRes.GetInfo()) {
 		log.Error().Msg("the source is disallowed")
 		w.WriteHeader(http.StatusBadRequest)
 		return
@@ -219,7 +219,7 @@ func (s *svc) handleMove(ctx context.Context, w http.ResponseWriter, r *http.Req
 	if dstStatRes.Status.Code == rpc.Code_CODE_OK {
 		successCode = http.StatusNoContent // 204 if target already existed, see https://tools.ietf.org/html/rfc4918#section-9.9.4

-		if isSpaceRoot(dstStatRes.GetInfo()) {
+		if utils.IsSpaceRoot(dstStatRes.GetInfo()) {
 			log.Error().Msg("overwriting is not allowed")
 			w.WriteHeader(http.StatusBadRequest)
 			return
--- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/ocdav.go
+++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/ocdav.go
@@ -418,9 +418,3 @@ func (s *svc) referenceIsChildOf(ctx context.Context, selector pool.Selectable[g
 	pp := path.Join(parentPathRes.Path, parent.Path) + "/"
 	return strings.HasPrefix(cp, pp), nil
 }
-
-func isSpaceRoot(info *provider.ResourceInfo) bool {
-	f := info.GetId()
-	s := info.GetSpace().GetRoot()
-	return f.GetOpaqueId() == s.GetOpaqueId() && f.GetSpaceId() == s.GetSpaceId()
-}
--- a/vendor/github.com/cs3org/reva/v2/pkg/utils/grpc.go
+++ b/vendor/github.com/cs3org/reva/v2/pkg/utils/grpc.go
@@ -201,6 +201,13 @@ func IsStatusCodeError(err error, code rpc.Code) bool {
 	return sce.code == code
 }

+// IsSpaceRoot checks if the given resource info is referring to a space root
+func IsSpaceRoot(ri *storageprovider.ResourceInfo) bool {
+	f := ri.GetId()
+	s := ri.GetSpace().GetRoot()
+	return f.GetOpaqueId() == s.GetOpaqueId() && f.GetSpaceId() == s.GetSpaceId()
+}
+
 func checkStatusCode(reason string, code rpc.Code) error {
 	if code == rpc.Code_CODE_OK {
 		return nil