implement sharing roles (#7524)

Co-authored-by: Roman Perekhod <rperekhod@owncloud.com>

changelog/unreleased/implement-sharing-roles.md

@@ -0,0 +1,6 @@
+Enhancement: Implement sharing roles
+
+Implement libre graph sharing roles
+
+https://github.com/owncloud/ocis/pull/7524
+https://github.com/owncloud/ocis/issues/7418

services/frontend/pkg/config/config.go

@@ -33,7 +33,7 @@ type Config struct {
 	UploadMaxChunkSize             int    `yaml:"upload_max_chunk_size" env:"FRONTEND_UPLOAD_MAX_CHUNK_SIZE" desc:"Sets the max chunk sizes in bytes for uploads via the clients."`
 	UploadHTTPMethodOverride       string `yaml:"upload_http_method_override" env:"FRONTEND_UPLOAD_HTTP_METHOD_OVERRIDE" desc:"Advise TUS to replace PATCH requests by POST requests."`
 	DefaultUploadProtocol          string `yaml:"default_upload_protocol" env:"FRONTEND_DEFAULT_UPLOAD_PROTOCOL" desc:"The default upload protocol to use in the clients (e.g. tus)."`
-	EnableResharing                bool   `yaml:"enable_resharing" env:"FRONTEND_ENABLE_RESHARING" desc:"Changing this value is NOT supported. Enables the support for resharing in the clients."`
+	EnableResharing                bool   `yaml:"enable_resharing" env:"OCIS_ENABLE_RESHARING;FRONTEND_ENABLE_RESHARING" desc:"Changing this value is NOT supported. Enables the support for resharing in the clients."`
 	EnableFederatedSharingIncoming bool   `yaml:"enable_federated_sharing_incoming" env:"FRONTEND_ENABLE_FEDERATED_SHARING_INCOMING" desc:"Changing this value is NOT supported. Enables support for incoming federated sharing for clients. The backend behaviour is not changed."`
 	EnableFederatedSharingOutgoing bool   `yaml:"enable_federated_sharing_outgoing" env:"FRONTEND_ENABLE_FEDERATED_SHARING_OUTGOING" desc:"Changing this value is NOT supported. Enables support for outgoing federated sharing for clients. The backend behaviour is not changed."`
 	SearchMinLength                int    `yaml:"search_min_length" env:"FRONTEND_SEARCH_MIN_LENGTH" desc:"Minimum number of characters to enter before a client should start a search for Share receivers. This setting can be used to customize the user experience if e.g too many results are displayed."`

services/graph/pkg/config/config.go

@@ -33,6 +33,8 @@ type Config struct {
 	Keycloak       Keycloak       `yaml:"keycloak"`
 	ServiceAccount ServiceAccount `yaml:"service_account"`
 
+	FilesSharing FilesSharing `yaml:"files_sharing"`
+
 	Context context.Context `yaml:"-"`
 }
 
@@ -143,3 +145,8 @@ type ServiceAccount struct {
 	ServiceAccountID     string `yaml:"service_account_id" env:"OCIS_SERVICE_ACCOUNT_ID;GRAPH_SERVICE_ACCOUNT_ID" desc:"The ID of the service account the service should use. See the 'auth-service' service description for more details."`
 	ServiceAccountSecret string `yaml:"service_account_secret" env:"OCIS_SERVICE_ACCOUNT_SECRET;GRAPH_SERVICE_ACCOUNT_SECRET" desc:"The service account secret."`
 }
+
+// FilesSharing is the configuration for the files sharing
+type FilesSharing struct {
+	EnableResharing bool `yaml:"enable_resharing" env:"OCIS_ENABLE_RESHARING;GRAPH_ENABLE_RESHARING" desc:"Changing this value is NOT supported. Enables the support for resharing."`
+}

services/graph/pkg/config/defaults/defaultconfig.go

@@ -105,6 +105,9 @@ func DefaultConfig() *config.Config {
 			Cluster:   "ocis-cluster",
 			EnableTLS: false,
 		},
+		FilesSharing: config.FilesSharing{
+			EnableResharing: true,
+		},
 	}
 }
 

services/graph/pkg/service/v0/rolemanagement.go

@@ -0,0 +1,61 @@
+package svc
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+
+	"github.com/cs3org/reva/v2/pkg/conversions"
+	"github.com/go-chi/chi/v5"
+	"github.com/go-chi/render"
+	libregraph "github.com/owncloud/libre-graph-api-go"
+	"github.com/owncloud/ocis/v2/services/graph/pkg/service/v0/errorcode"
+)
+
+// GetRoleDefinitions a list of permission roles than can be used when sharing with users or groups
+func (g Graph) GetRoleDefinitions(w http.ResponseWriter, r *http.Request) {
+	render.Status(r, http.StatusOK)
+	render.JSON(w, r, getRoleDefinitionList(g.config.FilesSharing.EnableResharing))
+}
+
+// GetRoleDefinition a permission role than can be used when sharing with users or groups
+func (g Graph) GetRoleDefinition(w http.ResponseWriter, r *http.Request) {
+	logger := g.logger.SubloggerWithRequestID(r.Context())
+	roleID, err := url.PathUnescape(chi.URLParam(r, "roleID"))
+	if err != nil {
+		logger.Debug().Err(err).Str("roleID", chi.URLParam(r, "roleID")).Msg("could not get roleID: unescaping is failed")
+		errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "unescaping role id failed")
+		return
+	}
+	role, err := getRoleDefinition(roleID, g.config.FilesSharing.EnableResharing)
+	if err != nil {
+		logger.Debug().Str("roleID", roleID).Msg("could not get role: not found")
+		errorcode.ItemNotFound.Render(w, r, http.StatusNotFound, err.Error())
+		return
+	}
+	render.Status(r, http.StatusOK)
+	render.JSON(w, r, role)
+}
+
+func getRoleDefinitionList(resharing bool) []*libregraph.UnifiedRoleDefinition {
+	return []*libregraph.UnifiedRoleDefinition{
+		conversions.NewViewerUnifiedRole(resharing),
+		conversions.NewSpaceViewerUnifiedRole(),
+		conversions.NewEditorUnifiedRole(resharing),
+		conversions.NewSpaceEditorUnifiedRole(),
+		conversions.NewFileEditorUnifiedRole(),
+		conversions.NewCoownerUnifiedRole(),
+		conversions.NewUploaderUnifiedRole(),
+		conversions.NewManagerUnifiedRole(),
+	}
+}
+
+func getRoleDefinition(roleID string, resharing bool) (*libregraph.UnifiedRoleDefinition, error) {
+	roleList := getRoleDefinitionList(resharing)
+	for _, role := range roleList {
+		if role != nil && role.Id != nil && *role.Id == roleID {
+			return role, nil
+		}
+	}
+	return nil, fmt.Errorf("role not found")
+}

services/graph/pkg/service/v0/service.go

@@ -310,6 +310,10 @@ func NewService(opts ...Option) (Graph, error) {
 					})
 				})
 			})
+			r.Route("/roleManagement/permissions/roleDefinitions", func(r chi.Router) {
+				r.Get("/", svc.GetRoleDefinitions)
+				r.Get("/{roleID}", svc.GetRoleDefinition)
+			})
 		})
 	})