diff --git a/go.mod b/go.mod index b2e5abed39..8ef934c820 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/coreos/go-oidc v2.2.1+incompatible github.com/coreos/go-oidc/v3 v3.6.0 github.com/cs3org/go-cs3apis v0.0.0-20230516150832-730ac860c71d - github.com/cs3org/reva/v2 v2.13.4-0.20230526111208-d62d1497abb9 + github.com/cs3org/reva/v2 v2.13.4-0.20230531095732-bc9a3b635ec3 github.com/disintegration/imaging v1.6.2 github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e github.com/egirna/icap-client v0.1.1 diff --git a/go.sum b/go.sum index dc33f5e691..03fc0831dc 100644 --- a/go.sum +++ b/go.sum @@ -629,8 +629,8 @@ github.com/crewjam/httperr v0.2.0 h1:b2BfXR8U3AlIHwNeFFvZ+BV1LFvKLlzMjzaTnZMybNo github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4= github.com/crewjam/saml v0.4.13 h1:TYHggH/hwP7eArqiXSJUvtOPNzQDyQ7vwmwEqlFWhMc= github.com/crewjam/saml v0.4.13/go.mod h1:igEejV+fihTIlHXYP8zOec3V5A8y3lws5bQBFsTm4gA= -github.com/cs3org/reva/v2 v2.13.4-0.20230526111208-d62d1497abb9 h1:JuZPMzFl6Yr2PIlT7mIYJ+S++AS3PQoRcYyA1tsH2DI= -github.com/cs3org/reva/v2 v2.13.4-0.20230526111208-d62d1497abb9/go.mod h1:vMQqSn30fEPHO/GKC2WmGimlOPqvfSy4gdhRSpbvrWc= +github.com/cs3org/reva/v2 v2.13.4-0.20230531095732-bc9a3b635ec3 h1:T+W3zPmlPAaHlKhzBcW809PvcGUJJ+v1QF+JzdPRegU= +github.com/cs3org/reva/v2 v2.13.4-0.20230531095732-bc9a3b635ec3/go.mod h1:vMQqSn30fEPHO/GKC2WmGimlOPqvfSy4gdhRSpbvrWc= github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8 h1:Z9lwXumT5ACSmJ7WGnFl+OMLLjpz5uR2fyz7dC255FI= github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8/go.mod h1:4abs/jPXcmJzYoYGF91JF9Uq9s/KL5n1jvFDix8KcqY= github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= diff --git a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/spaces.go b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/spaces.go index 39a2cd97c6..90d34f561e 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/spaces.go +++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/spaces.go @@ -125,6 +125,33 @@ func (h *Handler) addSpaceMember(w http.ResponseWriter, r *http.Request, info *p Nanos: uint32(expiration.UnixNano() % int64(time.Second)), } } + + if role.Name != conversions.RoleManager { + ref := provider.Reference{ResourceId: info.GetId()} + p, err := h.findProvider(ctx, &ref) + if err != nil { + response.WriteOCSError(w, r, response.MetaNotFound.StatusCode, "error getting storage provider", err) + return + } + + providerClient, err := h.getStorageProviderClient(p) + if err != nil { + response.WriteOCSError(w, r, response.MetaNotFound.StatusCode, "error getting storage provider client", err) + return + } + + lgRes, err := providerClient.ListGrants(ctx, &provider.ListGrantsRequest{Ref: &ref}) + if err != nil || lgRes.Status.Code != rpc.Code_CODE_OK { + response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error listing space grants", err) + return + } + + if !isSpaceManagerRemaining(lgRes.Grants, grantee) { + response.WriteOCSError(w, r, http.StatusForbidden, "the space must have at least one manager", nil) + return + } + } + createShareRes, err := client.CreateShare(ctx, &collaborationv1beta1.CreateShareRequest{ ResourceInfo: info, Grant: &collaborationv1beta1.ShareGrant{ diff --git a/vendor/github.com/cs3org/reva/v2/pkg/permission/permission.go b/vendor/github.com/cs3org/reva/v2/pkg/permission/permission.go index c34589b24a..405f72bbc8 100644 --- a/vendor/github.com/cs3org/reva/v2/pkg/permission/permission.go +++ b/vendor/github.com/cs3org/reva/v2/pkg/permission/permission.go @@ -24,9 +24,9 @@ import ( const ( // ListAllSpaces is the hardcoded name for the list all spaces permission - ListAllSpaces string = "list-all-spaces" + ListAllSpaces string = "Drives.List" // CreateSpace is the hardcoded name for the create space permission - CreateSpace string = "create-space" + CreateSpace string = "Drives.Create" // WritePublicLink is the hardcoded name for the PublicLink.Write permission WritePublicLink string = "PublicLink.Write" ) diff --git a/vendor/github.com/cs3org/reva/v2/pkg/storage/utils/decomposedfs/spacepermissions.go b/vendor/github.com/cs3org/reva/v2/pkg/storage/utils/decomposedfs/spacepermissions.go index ce764f8e0e..31043239ad 100644 --- a/vendor/github.com/cs3org/reva/v2/pkg/storage/utils/decomposedfs/spacepermissions.go +++ b/vendor/github.com/cs3org/reva/v2/pkg/storage/utils/decomposedfs/spacepermissions.go @@ -41,7 +41,7 @@ func (p Permissions) AssemblePermissions(ctx context.Context, n *node.Node) (pro // CreateSpace returns true when the user is allowed to create the space func (p Permissions) CreateSpace(ctx context.Context, spaceid string) bool { - return p.checkPermission(ctx, "create-space", spaceRef(spaceid)) + return p.checkPermission(ctx, "Drives.Create", spaceRef(spaceid)) } // SetSpaceQuota returns true when the user is allowed to change the spaces quota @@ -50,25 +50,25 @@ func (p Permissions) SetSpaceQuota(ctx context.Context, spaceid string, spaceTyp default: return false // only quotas of personal and project space may be changed case _spaceTypePersonal: - return p.checkPermission(ctx, "set-space-quota", spaceRef(spaceid)) + return p.checkPermission(ctx, "Drives.ReadWritePersonalQuota", spaceRef(spaceid)) case _spaceTypeProject: - return p.checkPermission(ctx, "Drive.ReadWriteQuota.Project", spaceRef(spaceid)) + return p.checkPermission(ctx, "Drives.ReadWriteProjectQuota", spaceRef(spaceid)) } } // ManageSpaceProperties returns true when the user is allowed to change space properties (name/subtitle) func (p Permissions) ManageSpaceProperties(ctx context.Context, spaceid string) bool { - return p.checkPermission(ctx, "Drive.ReadWrite", spaceRef(spaceid)) + return p.checkPermission(ctx, "Drives.ReadWrite", spaceRef(spaceid)) } // SpaceAbility returns true when the user is allowed to enable/disable the space func (p Permissions) SpaceAbility(ctx context.Context, spaceid string) bool { - return p.checkPermission(ctx, "Drive.ReadWriteEnabled", spaceRef(spaceid)) + return p.checkPermission(ctx, "Drives.ReadWriteEnabled", spaceRef(spaceid)) } // ListAllSpaces returns true when the user is allowed to list all spaces func (p Permissions) ListAllSpaces(ctx context.Context) bool { - return p.checkPermission(ctx, "list-all-spaces", nil) + return p.checkPermission(ctx, "Drives.List", nil) } // ListSpacesOfUser returns true when the user is allowed to list the spaces of the given user @@ -86,12 +86,12 @@ func (p Permissions) ListSpacesOfUser(ctx context.Context, userid *userv1beta1.U // DeleteAllSpaces returns true when the user is allowed to delete all spaces func (p Permissions) DeleteAllSpaces(ctx context.Context) bool { - return p.checkPermission(ctx, "delete-all-spaces", nil) + return p.checkPermission(ctx, "Drives.DeleteProject", nil) } // DeleteAllHomeSpaces returns true when the user is allowed to delete all home spaces func (p Permissions) DeleteAllHomeSpaces(ctx context.Context) bool { - return p.checkPermission(ctx, "delete-all-home-spaces", nil) + return p.checkPermission(ctx, "Drives.DeletePersonal", nil) } // checkPermission is used to check a users space permissions diff --git a/vendor/modules.txt b/vendor/modules.txt index 6e20a8ff43..c435c0cbc1 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -352,7 +352,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1 github.com/cs3org/go-cs3apis/cs3/types/v1beta1 -# github.com/cs3org/reva/v2 v2.13.4-0.20230526111208-d62d1497abb9 +# github.com/cs3org/reva/v2 v2.13.4-0.20230531095732-bc9a3b635ec3 ## explicit; go 1.19 github.com/cs3org/reva/v2/cmd/revad/internal/grace github.com/cs3org/reva/v2/cmd/revad/runtime