Merge pull request #6047 from owncloud/excds/feature/add_capabilities_indicating_read-only_attributes

reva/frontend: Add capabilities to indicate attributes that are read-only
2026-03-15 22:17:59 -04:00 · 2023-04-19 10:33:43 +02:00
parent 1f19462d44 78d7381a71
commit dd8e752fd3
5 changed files with 21 additions and 8 deletions
--- a/go.mod
+++ b/go.mod
@@ -13,7 +13,7 @@ require (
 	github.com/blevesearch/bleve/v2 v2.3.7
 	github.com/coreos/go-oidc/v3 v3.4.0
 	github.com/cs3org/go-cs3apis v0.0.0-20221012090518-ef2996678965
-	github.com/cs3org/reva/v2 v2.12.1-0.20230404090709-bb973fae26ae
+	github.com/cs3org/reva/v2 v2.12.1-0.20230417084429-b3d96f9db80c
 	github.com/disintegration/imaging v1.6.2
 	github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e
 	github.com/egirna/icap-client v0.1.1
--- a/go.sum
+++ b/go.sum
@@ -629,6 +629,8 @@ github.com/crewjam/saml v0.4.13 h1:TYHggH/hwP7eArqiXSJUvtOPNzQDyQ7vwmwEqlFWhMc=
 github.com/crewjam/saml v0.4.13/go.mod h1:igEejV+fihTIlHXYP8zOec3V5A8y3lws5bQBFsTm4gA=
 github.com/cs3org/reva/v2 v2.12.1-0.20230404090709-bb973fae26ae h1:APfYubzIYqCTXtmX6cAm4c8wBYS3R/cZwomX8IlXLaI=
 github.com/cs3org/reva/v2 v2.12.1-0.20230404090709-bb973fae26ae/go.mod h1:FNAYs5H3xs8v0OFmNgZtiMAzIMXd/6TJmO0uZuNn8pQ=
+github.com/cs3org/reva/v2 v2.12.1-0.20230417084429-b3d96f9db80c h1:H6OjKTaRowZfAU/Hwvv4W0pLFFH/KNbHaNVNw3ANoHU=
+github.com/cs3org/reva/v2 v2.12.1-0.20230417084429-b3d96f9db80c/go.mod h1:FNAYs5H3xs8v0OFmNgZtiMAzIMXd/6TJmO0uZuNn8pQ=
 github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8 h1:Z9lwXumT5ACSmJ7WGnFl+OMLLjpz5uR2fyz7dC255FI=
 github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8/go.mod h1:4abs/jPXcmJzYoYGF91JF9Uq9s/KL5n1jvFDix8KcqY=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
--- a/services/frontend/README.md
+++ b/services/frontend/README.md
@@ -1,6 +1,6 @@
 # Frontend

-The frontend service translates various owncloud related HTTP APIs to CS3 requests. 
+The frontend service translates various owncloud related HTTP APIs to CS3 requests.

 ## Endpoints Overview

@@ -25,3 +25,7 @@ The ocs endpoint, by default `/ocs`, implements the ownCloud 10 Open Collaborati
 ## Scalability

 While the frontend service does not persist any data it does cache `Stat()` responses and user information. Therefore, multiple instances of this service can be spawned in a bigger deployment like when using container orchestration with Kubernetes, when configuring `FRONTEND_OCS_RESOURCE_INFO_CACHE_TYPE=redis` and the related config options.
+
+## Define Read-Only Attributes
+
+A lot of user management is made via the standardized libregraph API. Depending on how the system is configured, there might be some user attributes that an ocis instance admin can't change because of properties coming from an external LDAP server, or similar. This can be the case when the ocis admin is not the LDAP admin. To ease life for admins, there are hints as capabilites telling the frontend which attributes are read-only to enable a different optical representation like being grayed out. To configure these hints, use the environment variable `FRONTEND_READONLY_USER_ATTRIBUTES`, which takes a comma separated list of attributes.
--- a/services/frontend/pkg/config/config.go
+++ b/services/frontend/pkg/config/config.go
@@ -39,11 +39,12 @@ type Config struct {

 	PublicURL string `yaml:"public_url" env:"OCIS_URL;FRONTEND_PUBLIC_URL" desc:"The public facing URL of the oCIS frontend."`

-	AppHandler  AppHandler  `yaml:"app_handler"`
-	Archiver    Archiver    `yaml:"archiver"`
-	DataGateway DataGateway `yaml:"data_gateway"`
-	OCS         OCS         `yaml:"ocs"`
-	Checksums   Checksums   `yaml:"checksums"`
+	AppHandler             AppHandler  `yaml:"app_handler"`
+	Archiver               Archiver    `yaml:"archiver"`
+	DataGateway            DataGateway `yaml:"data_gateway"`
+	OCS                    OCS         `yaml:"ocs"`
+	Checksums              Checksums   `yaml:"checksums"`
+	ReadOnlyUserAttributes []string    `yaml:"read_only_user_attributes" env:"FRONTEND_READONLY_USER_ATTRIBUTES" desc:"Comma separated list of user attributes to indicate as read-only."`

 	Middleware Middleware `yaml:"middleware"`

--- a/services/frontend/pkg/revaconfig/config.go
+++ b/services/frontend/pkg/revaconfig/config.go
@@ -63,6 +63,11 @@ func FrontendConfigFromStruct(cfg *config.Config) (map[string]interface{}, error
 		}
 	}

+	readOnlyUserAttributes := []string{}
+	if cfg.ReadOnlyUserAttributes != nil {
+		readOnlyUserAttributes = cfg.ReadOnlyUserAttributes
+	}
+
 	return map[string]interface{}{
 		"core": map[string]interface{}{
 			"tracing_enabled":      cfg.Tracing.Enabled,
@@ -198,7 +203,8 @@ func FrontendConfigFromStruct(cfg *config.Config) (map[string]interface{}, error
 								"support_url_signing": true,
 							},
 							"graph": map[string]interface{}{
-								"personal_data_export": true,
+								"personal_data_export":      true,
+								"read_only_user_attributes": readOnlyUserAttributes,
 							},
 							"checksums": map[string]interface{}{
 								"supported_types":       cfg.Checksums.SupportedTypes,