diff --git a/services/graph/pkg/service/v0/base.go b/services/graph/pkg/service/v0/base.go index 630f1127b2..cfe4d6d087 100644 --- a/services/graph/pkg/service/v0/base.go +++ b/services/graph/pkg/service/v0/base.go @@ -208,6 +208,12 @@ func (g BaseGraphService) cs3SpacePermissionsToLibreGraph(ctx context.Context, s } } + // if there is no role, we need to set the actions as a fallback + // this could happen if a role is disabled or unknown + if !p.HasRoles() { + p.SetLibreGraphPermissionsActions(unifiedrole.CS3ResourcePermissionsToLibregraphActions(perm)) + } + permissions = append(permissions, p) } return permissions @@ -398,7 +404,6 @@ func (g BaseGraphService) cs3UserShareToPermission(ctx context.Context, share *c if share.GetCtime() != nil { perm.SetCreatedDateTime(cs3TimestampToTime(share.GetCtime())) } - // fixMe: should we use all roles? role := unifiedrole.CS3ResourcePermissionsToRole( unifiedrole.GetRoles(unifiedrole.RoleFilterIDs(g.config.UnifiedRoles.AvailableRoles...)), share.GetPermissions().GetPermissions(), diff --git a/services/graph/pkg/service/v0/export_test.go b/services/graph/pkg/service/v0/export_test.go new file mode 100644 index 0000000000..dab043632f --- /dev/null +++ b/services/graph/pkg/service/v0/export_test.go @@ -0,0 +1,5 @@ +package svc + +var ( + CS3ReceivedShareToLibreGraphPermissions = cs3ReceivedShareToLibreGraphPermissions +) diff --git a/services/graph/pkg/service/v0/utils_test.go b/services/graph/pkg/service/v0/utils_test.go index 24f97497e9..03b56197f2 100644 --- a/services/graph/pkg/service/v0/utils_test.go +++ b/services/graph/pkg/service/v0/utils_test.go @@ -5,17 +5,22 @@ import ( "net/http" "net/http/httptest" + collaboration "github.com/cs3org/go-cs3apis/cs3/sharing/collaboration/v1beta1" + rConversions "github.com/cs3org/reva/v2/pkg/conversions" "github.com/cs3org/reva/v2/pkg/utils" "github.com/go-chi/chi/v5" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + libregraph "github.com/owncloud/libre-graph-api-go" provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1" "github.com/cs3org/reva/v2/pkg/storagespace" "github.com/owncloud/ocis/v2/ocis-pkg/conversions" "github.com/owncloud/ocis/v2/ocis-pkg/log" + "github.com/owncloud/ocis/v2/services/graph/pkg/identity" service "github.com/owncloud/ocis/v2/services/graph/pkg/service/v0" + "github.com/owncloud/ocis/v2/services/graph/pkg/unifiedrole" ) var _ = Describe("Utils", func() { @@ -104,4 +109,44 @@ var _ = Describe("Utils", func() { SpaceId: "123", }, false), ) + + DescribeTable("_cs3ReceivedShareToLibreGraphPermissions", + func(permissionSet *provider.ResourcePermissions, match func(*libregraph.Permission)) { + permission, err := service.CS3ReceivedShareToLibreGraphPermissions( + context.Background(), + nil, + identity.IdentityCache{}, + &collaboration.ReceivedShare{ + Share: &collaboration.Share{ + Permissions: &collaboration.SharePermissions{ + Permissions: permissionSet, + }, + }, + }, &provider.ResourceInfo{ + Type: provider.ResourceType_RESOURCE_TYPE_FILE, + }, + unifiedrole.GetRoles(unifiedrole.RoleFilterAll()), + ) + Expect(err).ToNot(HaveOccurred()) + match(permission) + }, + Entry( + "permissions match a role", + rConversions.NewViewerRole().CS3ResourcePermissions(), + func(p *libregraph.Permission) { + Expect(p.GetRoles()).To(HaveExactElements([]string{unifiedrole.UnifiedRoleViewerID})) + Expect(p.GetLibreGraphPermissionsActions()).To(BeNil()) + }, + ), + Entry( + "permissions do not match any role", + &provider.ResourcePermissions{ + AddGrant: true, + }, + func(p *libregraph.Permission) { + Expect(p.GetRoles()).To(BeNil()) + Expect(p.GetLibreGraphPermissionsActions()).To(HaveExactElements([]string{unifiedrole.DriveItemPermissionsCreate})) + }, + ), + ) })