diff --git a/changelog/unreleased/implement-sharing-roles.md b/changelog/unreleased/implement-sharing-roles.md new file mode 100644 index 0000000000..f0000fb284 --- /dev/null +++ b/changelog/unreleased/implement-sharing-roles.md @@ -0,0 +1,6 @@ +Enhancement: Implement sharing roles + +Implement libre graph sharing roles + +https://github.com/owncloud/ocis/pull/7524 +https://github.com/owncloud/ocis/issues/7418 diff --git a/services/frontend/pkg/config/config.go b/services/frontend/pkg/config/config.go index 535d87a582..663d87c476 100644 --- a/services/frontend/pkg/config/config.go +++ b/services/frontend/pkg/config/config.go @@ -33,7 +33,7 @@ type Config struct { UploadMaxChunkSize int `yaml:"upload_max_chunk_size" env:"FRONTEND_UPLOAD_MAX_CHUNK_SIZE" desc:"Sets the max chunk sizes in bytes for uploads via the clients."` UploadHTTPMethodOverride string `yaml:"upload_http_method_override" env:"FRONTEND_UPLOAD_HTTP_METHOD_OVERRIDE" desc:"Advise TUS to replace PATCH requests by POST requests."` DefaultUploadProtocol string `yaml:"default_upload_protocol" env:"FRONTEND_DEFAULT_UPLOAD_PROTOCOL" desc:"The default upload protocol to use in the clients (e.g. tus)."` - EnableResharing bool `yaml:"enable_resharing" env:"FRONTEND_ENABLE_RESHARING" desc:"Changing this value is NOT supported. Enables the support for resharing in the clients."` + EnableResharing bool `yaml:"enable_resharing" env:"OCIS_ENABLE_RESHARING;FRONTEND_ENABLE_RESHARING" desc:"Changing this value is NOT supported. Enables the support for resharing in the clients."` EnableFederatedSharingIncoming bool `yaml:"enable_federated_sharing_incoming" env:"FRONTEND_ENABLE_FEDERATED_SHARING_INCOMING" desc:"Changing this value is NOT supported. Enables support for incoming federated sharing for clients. The backend behaviour is not changed."` EnableFederatedSharingOutgoing bool `yaml:"enable_federated_sharing_outgoing" env:"FRONTEND_ENABLE_FEDERATED_SHARING_OUTGOING" desc:"Changing this value is NOT supported. Enables support for outgoing federated sharing for clients. The backend behaviour is not changed."` SearchMinLength int `yaml:"search_min_length" env:"FRONTEND_SEARCH_MIN_LENGTH" desc:"Minimum number of characters to enter before a client should start a search for Share receivers. This setting can be used to customize the user experience if e.g too many results are displayed."` diff --git a/services/graph/pkg/config/config.go b/services/graph/pkg/config/config.go index 8c72e13efb..ebf7eed83a 100644 --- a/services/graph/pkg/config/config.go +++ b/services/graph/pkg/config/config.go @@ -33,6 +33,8 @@ type Config struct { Keycloak Keycloak `yaml:"keycloak"` ServiceAccount ServiceAccount `yaml:"service_account"` + FilesSharing FilesSharing `yaml:"files_sharing"` + Context context.Context `yaml:"-"` } @@ -143,3 +145,8 @@ type ServiceAccount struct { ServiceAccountID string `yaml:"service_account_id" env:"OCIS_SERVICE_ACCOUNT_ID;GRAPH_SERVICE_ACCOUNT_ID" desc:"The ID of the service account the service should use. See the 'auth-service' service description for more details."` ServiceAccountSecret string `yaml:"service_account_secret" env:"OCIS_SERVICE_ACCOUNT_SECRET;GRAPH_SERVICE_ACCOUNT_SECRET" desc:"The service account secret."` } + +// FilesSharing is the configuration for the files sharing +type FilesSharing struct { + EnableResharing bool `yaml:"enable_resharing" env:"OCIS_ENABLE_RESHARING;GRAPH_ENABLE_RESHARING" desc:"Changing this value is NOT supported. Enables the support for resharing."` +} diff --git a/services/graph/pkg/config/defaults/defaultconfig.go b/services/graph/pkg/config/defaults/defaultconfig.go index 004a031b5c..730ce442d5 100644 --- a/services/graph/pkg/config/defaults/defaultconfig.go +++ b/services/graph/pkg/config/defaults/defaultconfig.go @@ -105,6 +105,9 @@ func DefaultConfig() *config.Config { Cluster: "ocis-cluster", EnableTLS: false, }, + FilesSharing: config.FilesSharing{ + EnableResharing: true, + }, } } diff --git a/services/graph/pkg/service/v0/rolemanagement.go b/services/graph/pkg/service/v0/rolemanagement.go new file mode 100644 index 0000000000..0a3f9034bc --- /dev/null +++ b/services/graph/pkg/service/v0/rolemanagement.go @@ -0,0 +1,61 @@ +package svc + +import ( + "fmt" + "net/http" + "net/url" + + "github.com/cs3org/reva/v2/pkg/conversions" + "github.com/go-chi/chi/v5" + "github.com/go-chi/render" + libregraph "github.com/owncloud/libre-graph-api-go" + "github.com/owncloud/ocis/v2/services/graph/pkg/service/v0/errorcode" +) + +// GetRoleDefinitions a list of permission roles than can be used when sharing with users or groups +func (g Graph) GetRoleDefinitions(w http.ResponseWriter, r *http.Request) { + render.Status(r, http.StatusOK) + render.JSON(w, r, getRoleDefinitionList(g.config.FilesSharing.EnableResharing)) +} + +// GetRoleDefinition a permission role than can be used when sharing with users or groups +func (g Graph) GetRoleDefinition(w http.ResponseWriter, r *http.Request) { + logger := g.logger.SubloggerWithRequestID(r.Context()) + roleID, err := url.PathUnescape(chi.URLParam(r, "roleID")) + if err != nil { + logger.Debug().Err(err).Str("roleID", chi.URLParam(r, "roleID")).Msg("could not get roleID: unescaping is failed") + errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "unescaping role id failed") + return + } + role, err := getRoleDefinition(roleID, g.config.FilesSharing.EnableResharing) + if err != nil { + logger.Debug().Str("roleID", roleID).Msg("could not get role: not found") + errorcode.ItemNotFound.Render(w, r, http.StatusNotFound, err.Error()) + return + } + render.Status(r, http.StatusOK) + render.JSON(w, r, role) +} + +func getRoleDefinitionList(resharing bool) []*libregraph.UnifiedRoleDefinition { + return []*libregraph.UnifiedRoleDefinition{ + conversions.NewViewerUnifiedRole(resharing), + conversions.NewSpaceViewerUnifiedRole(), + conversions.NewEditorUnifiedRole(resharing), + conversions.NewSpaceEditorUnifiedRole(), + conversions.NewFileEditorUnifiedRole(), + conversions.NewCoownerUnifiedRole(), + conversions.NewUploaderUnifiedRole(), + conversions.NewManagerUnifiedRole(), + } +} + +func getRoleDefinition(roleID string, resharing bool) (*libregraph.UnifiedRoleDefinition, error) { + roleList := getRoleDefinitionList(resharing) + for _, role := range roleList { + if role != nil && role.Id != nil && *role.Id == roleID { + return role, nil + } + } + return nil, fmt.Errorf("role not found") +} diff --git a/services/graph/pkg/service/v0/service.go b/services/graph/pkg/service/v0/service.go index 93cbeebe0f..88ba09c089 100644 --- a/services/graph/pkg/service/v0/service.go +++ b/services/graph/pkg/service/v0/service.go @@ -310,6 +310,10 @@ func NewService(opts ...Option) (Graph, error) { }) }) }) + r.Route("/roleManagement/permissions/roleDefinitions", func(r chi.Router) { + r.Get("/", svc.GetRoleDefinitions) + r.Get("/{roleID}", svc.GetRoleDefinition) + }) }) })