mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-04-04 23:54:03 -04:00
Code Issues Packages Projects Releases Wiki Activity

Permissions for deleting spaces (#3716)

Browse Source 
* check permissions when deleting space

Signed-off-by: jkoberg <jkoberg@owncloud.com>

* changelog

Signed-off-by: jkoberg <jkoberg@owncloud.com>

* bump feature reva

Signed-off-by: jkoberg <jkoberg@owncloud.com>
This commit is contained in:
kobergj
2022-05-09 11:35:52 +02:00
committed by GitHub
parent 93b54b9144
commit 74139f6c52
4 changed files with 26 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
changelog/unreleased/deleteSpacePermissions.md Normal file
View File

@@ -0,0 +1,6 @@
Bugfix: Check permissions when deleting Space
Check for manager permissions when deleting spaces.
Do not allow deleting spaces via dav service
https://github.com/owncloud/ocis/pull/3709

26
extensions/graph/pkg/service/v0/drives.go
View File

@@ -793,18 +793,30 @@ func (g Graph) DeleteDrive(w http.ResponseWriter, r *http.Request) {
OpaqueId: root.StorageId,
},
})
switch {
case dRes.Status.Code == cs3rpc.Code_CODE_INVALID_ARGUMENT:
errorcode.GeneralException.Render(w, r, http.StatusBadRequest, dRes.Status.Message)
w.WriteHeader(http.StatusBadRequest)
return
case err != nil || dRes.Status.Code != cs3rpc.Code_CODE_OK:
if err != nil {
g.logger.Error().Err(err).Msg("error deleting storage space")
w.WriteHeader(http.StatusInternalServerError)
return
}
switch dRes.GetStatus().GetCode() {
case cs3rpc.Code_CODE_OK:
w.WriteHeader(http.StatusNoContent)
return
case cs3rpc.Code_CODE_INVALID_ARGUMENT:
errorcode.GeneralException.Render(w, r, http.StatusBadRequest, dRes.Status.Message)
w.WriteHeader(http.StatusBadRequest)
return
case cs3rpc.Code_CODE_PERMISSION_DENIED:
w.WriteHeader(http.StatusForbidden)
return
// don't expose internal error codes to the outside world
default:
g.logger.Error().Err(err).Msg("error deleting storage space")
w.WriteHeader(http.StatusInternalServerError)
return
}
w.WriteHeader(http.StatusNoContent)
}
func sortSpaces(req *godata.GoDataRequest, spaces []*libregraph.Drive) ([]*libregraph.Drive, error) {

4
tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md
View File

@@ -22,7 +22,3 @@ The expected failures in this file are from features in the owncloud/ocis repo.
#### [Overwriting a file in the space within the allowed quota does not work](https://github.com/owncloud/ocis/issues/2829)
- [apiSpaces/quota.feature:56](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/quota.feature#L56)
#### [Viewer and editor has the possibility to disable the space](https://github.com/owncloud/ocis/issues/3031)
- [apiSpaces/removeSpaceObjects.feature:74](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/removeSpaceObjects.feature#L74)
- [apiSpaces/deleteSpaces.feature:73](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/deleteSpaces.feature#L73)
- [apiSpaces/deleteSpaces.feature:84](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/deleteSpaces.feature#L84)

2
tests/acceptance/features/apiSpaces/removeSpaceObjects.feature
View File

@@ -74,7 +74,7 @@ Feature: Remove files, folder
Scenario: An user is unable to delete a Space via the webDav API
Given user "Alice" has created a space "user deletes a space" of type "project" with quota "20"
When user "Alice" removes the folder "" from space "user deletes a space"
Then the HTTP status code should be "405"
Then the HTTP status code should be "400"
When user "Alice" lists all available spaces via the GraphApi
Then the json responded should contain a space "user deletes a space" with these key and value pairs:
| key | value |