From 68f1d5897bc7c59fd5e41b819368cbc9297726ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Sw=C3=A4rd?= Date: Thu, 13 Apr 2023 12:23:08 +0200 Subject: [PATCH 1/5] reva/frontend: Add capabilities to indicate attributes that are read-only. --- services/frontend/README.md | 21 +++++++++++++++++- services/frontend/pkg/config/config.go | 22 ++++++++++++++----- .../pkg/config/defaults/defaultconfig.go | 10 +++++++++ services/frontend/pkg/revaconfig/config.go | 19 ++++++++++++++++ 4 files changed, 66 insertions(+), 6 deletions(-) diff --git a/services/frontend/README.md b/services/frontend/README.md index d8597106ed..1ddb3ccf0e 100644 --- a/services/frontend/README.md +++ b/services/frontend/README.md @@ -1,6 +1,6 @@ # Frontend -The frontend service translates various owncloud related HTTP APIs to CS3 requests. +The frontend service translates various owncloud related HTTP APIs to CS3 requests. ## Endpoints Overview @@ -25,3 +25,22 @@ The ocs endpoint, by default `/ocs`, implements the ownCloud 10 Open Collaborati ## Scalability While the frontend service does not persist any data it does cache `Stat()` responses and user information. Therefore, multiple instances of this service can be spawned in a bigger deployment like when using container orchestration with Kubernetes, when configuring `FRONTEND_OCS_RESOURCE_INFO_CACHE_TYPE=redis` and the related config options. + +## libregraph service interactions + +A lot of user management is done via a standardized libregraph API. +Depending on how the system is configured there might be some attributes +for users that an instance admin user can't change because of properties +coming from an external LDAP server, or similar. To make life easier for +admin users there are hints as capabilites telling which attributes are +read-only or not. To configure these hints we have the following +environment variables: + +- FRONTEND_READONLY_ATTRIBUTES_ACCOUNT_ENABLED: Default is false +- FRONTEND_READONLY_ATTRIBUTES_DISPLAY_NAME: Default is true +- FRONTEND_READONLY_ATTRIBUTES_GIVEN_NAME: Default is true +- FRONTEND_READONLY_ATTRIBUTES_ID: Default is true +- FRONTEND_READONLY_ATTRIBUTES_MAIL: Default is true +- FRONTEND_READONLY_ATTRIBUTES_ON_PREMISES_SAM_ACCOUNT_NAME: Default is true +- FRONTEND_READONLY_ATTRIBUTES_SURNAME: Default is true +- FRONTEND_READONLY_ATTRIBUTES_QUOTA: Default is false diff --git a/services/frontend/pkg/config/config.go b/services/frontend/pkg/config/config.go index a039dad253..99767629be 100644 --- a/services/frontend/pkg/config/config.go +++ b/services/frontend/pkg/config/config.go @@ -39,11 +39,12 @@ type Config struct { PublicURL string `yaml:"public_url" env:"OCIS_URL;FRONTEND_PUBLIC_URL" desc:"The public facing URL of the oCIS frontend."` - AppHandler AppHandler `yaml:"app_handler"` - Archiver Archiver `yaml:"archiver"` - DataGateway DataGateway `yaml:"data_gateway"` - OCS OCS `yaml:"ocs"` - Checksums Checksums `yaml:"checksums"` + AppHandler AppHandler `yaml:"app_handler"` + Archiver Archiver `yaml:"archiver"` + DataGateway DataGateway `yaml:"data_gateway"` + OCS OCS `yaml:"ocs"` + Checksums Checksums `yaml:"checksums"` + ReadyOnlyAttributes ReadyOnlyAttributes `yaml:"read_only_attributes"` Middleware Middleware `yaml:"middleware"` @@ -160,3 +161,14 @@ type Checksums struct { SupportedTypes []string `yaml:"supported_types" env:"FRONTEND_CHECKSUMS_SUPPORTED_TYPES" desc:"Define the checksum types that indicate to clients which hashes the server can use to verify upload integrity. You can provide multiple types separated by blank or comma. Supported types are 'sha1', 'md5' and 'adler32'."` PreferredUploadType string `yaml:"preferred_upload_type" env:"FRONTEND_CHECKSUMS_PREFERRED_UPLOAD_TYPE" desc:"The supported checksum type for uploads that indicates to clients supporting multiple hash algorithms which one is preferred by the server. Must be one out of the defined list of SUPPORTED_TYPES."` } + +type ReadyOnlyAttributes struct { + AccountEnabled bool `yaml:"account_enabled" env:"FRONTEND_READONLY_ATTRIBUTES_ACCOUNT_ENABLED" desc:"Flag to indicate if account_enabled attribute is read-only. Default is false."` + DisplayName bool `yaml:"display_name" env:"FRONTEND_READONLY_ATTRIBUTES_DISPLAY_NAME" desc:"Flag to indicate if display_name attribute is read-only. Default is true."` + GivenName bool `yaml:"given_name" env:"FRONTEND_READONLY_ATTRIBUTES_GIVEN_NAME" desc:"Flag to indicate if given_name attribute is read-only. Default is true."` + ID bool `yaml:"id" env:"FRONTEND_READONLY_ATTRIBUTES_ID" desc:"Flag to indicate if id attribute is read-only. Default is true."` + Mail bool `yaml:"mail" env:"FRONTEND_READONLY_ATTRIBUTES_MAIL" desc:"Flag to indicate if mail attribute is read-only. Default is true."` + OnPremisesSamAccountName bool `yaml:"on_premises_sam_account_name" env:"FRONTEND_READONLY_ATTRIBUTES_ON_PREMISES_SAM_ACCOUNT_NAME" desc:"Flag to indicate if on_premises_sam_account_name attribute is read-only. Default is true."` + Surname bool `yaml:"surname" env:"FRONTEND_READONLY_ATTRIBUTES_SURNAME" desc:"Flag to indicate if surname attribute is read-only. Default is true."` + Quota bool `yaml:"quota" env:"FRONTEND_READONLY_ATTRIBUTES_QUOTA" desc:"Flag to indicate if quota attribute read-only. Default is false."` +} diff --git a/services/frontend/pkg/config/defaults/defaultconfig.go b/services/frontend/pkg/config/defaults/defaultconfig.go index ed03512773..589e2f8345 100644 --- a/services/frontend/pkg/config/defaults/defaultconfig.go +++ b/services/frontend/pkg/config/defaults/defaultconfig.go @@ -89,6 +89,16 @@ func DefaultConfig() *config.Config { SupportedTypes: []string{"sha1", "md5", "adler32"}, PreferredUploadType: "sha1", }, + ReadyOnlyAttributes: config.ReadyOnlyAttributes{ + AccountEnabled: false, + DisplayName: true, + GivenName: true, + ID: true, + Mail: true, + OnPremisesSamAccountName: true, + Surname: true, + Quota: false, + }, AppHandler: config.AppHandler{ Prefix: "app", }, diff --git a/services/frontend/pkg/revaconfig/config.go b/services/frontend/pkg/revaconfig/config.go index 0b415ddec3..2c0f22c83b 100644 --- a/services/frontend/pkg/revaconfig/config.go +++ b/services/frontend/pkg/revaconfig/config.go @@ -63,6 +63,24 @@ func FrontendConfigFromStruct(cfg *config.Config) (map[string]interface{}, error } } + read_only_attributes_map := map[string]bool{ + "account_enabled": cfg.ReadyOnlyAttributes.AccountEnabled, + "display_name": cfg.ReadyOnlyAttributes.DisplayName, + "given_name": cfg.ReadyOnlyAttributes.GivenName, + "id": cfg.ReadyOnlyAttributes.ID, + "mail": cfg.ReadyOnlyAttributes.Mail, + "on_premises_sam_account_name": cfg.ReadyOnlyAttributes.OnPremisesSamAccountName, + "surname": cfg.ReadyOnlyAttributes.Surname, + "quota": cfg.ReadyOnlyAttributes.Quota, + } + + var read_only_attributes []string + for k, v := range read_only_attributes_map { + if v { + read_only_attributes = append(read_only_attributes, k) + } + } + return map[string]interface{}{ "core": map[string]interface{}{ "tracing_enabled": cfg.Tracing.Enabled, @@ -199,6 +217,7 @@ func FrontendConfigFromStruct(cfg *config.Config) (map[string]interface{}, error }, "graph": map[string]interface{}{ "personal_data_export": true, + "read_only_attributes": read_only_attributes, }, "checksums": map[string]interface{}{ "supported_types": cfg.Checksums.SupportedTypes, From 6433fc8d80bdb50f6b26896cdd5e2ff009f09be5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Sw=C3=A4rd?= Date: Fri, 14 Apr 2023 11:05:53 +0200 Subject: [PATCH 2/5] Apply suggestions from code review Co-authored-by: Martin --- services/frontend/README.md | 27 +++++++++++--------------- services/frontend/pkg/config/config.go | 16 +++++++-------- 2 files changed, 19 insertions(+), 24 deletions(-) diff --git a/services/frontend/README.md b/services/frontend/README.md index 1ddb3ccf0e..fd2f1cf3d3 100644 --- a/services/frontend/README.md +++ b/services/frontend/README.md @@ -26,21 +26,16 @@ The ocs endpoint, by default `/ocs`, implements the ownCloud 10 Open Collaborati While the frontend service does not persist any data it does cache `Stat()` responses and user information. Therefore, multiple instances of this service can be spawned in a bigger deployment like when using container orchestration with Kubernetes, when configuring `FRONTEND_OCS_RESOURCE_INFO_CACHE_TYPE=redis` and the related config options. -## libregraph service interactions +## Libregraph Service Interactions -A lot of user management is done via a standardized libregraph API. -Depending on how the system is configured there might be some attributes -for users that an instance admin user can't change because of properties -coming from an external LDAP server, or similar. To make life easier for -admin users there are hints as capabilites telling which attributes are -read-only or not. To configure these hints we have the following -environment variables: +A lot of user management is done via a standardized libregraph API. Depending on how the system is configured, there might be some attributes for users that an ocis instance admin user can't change because of properties +coming from an external LDAP server, or similar. This can be the case when the ocis admin is not the LDAP admin. To make life easier for admin users, there are hints as capabilites telling the frontend which attributes are read-only or not, so they can be shown in the frontend differently. To configure these hints the following environment variables are available: -- FRONTEND_READONLY_ATTRIBUTES_ACCOUNT_ENABLED: Default is false -- FRONTEND_READONLY_ATTRIBUTES_DISPLAY_NAME: Default is true -- FRONTEND_READONLY_ATTRIBUTES_GIVEN_NAME: Default is true -- FRONTEND_READONLY_ATTRIBUTES_ID: Default is true -- FRONTEND_READONLY_ATTRIBUTES_MAIL: Default is true -- FRONTEND_READONLY_ATTRIBUTES_ON_PREMISES_SAM_ACCOUNT_NAME: Default is true -- FRONTEND_READONLY_ATTRIBUTES_SURNAME: Default is true -- FRONTEND_READONLY_ATTRIBUTES_QUOTA: Default is false +- FRONTEND_READONLY_ATTRIBUTES_ACCOUNT_ENABLED: Defaults to false +- FRONTEND_READONLY_ATTRIBUTES_DISPLAY_NAME: Defaults to true +- FRONTEND_READONLY_ATTRIBUTES_GIVEN_NAME: Defaults to true +- FRONTEND_READONLY_ATTRIBUTES_ID: Defaults to true +- FRONTEND_READONLY_ATTRIBUTES_MAIL: Defaults to true +- FRONTEND_READONLY_ATTRIBUTES_ON_PREMISES_SAM_ACCOUNT_NAME: Defaults to true +- FRONTEND_READONLY_ATTRIBUTES_SURNAME: Defaults to true +- FRONTEND_READONLY_ATTRIBUTES_QUOTA: Defaults to false diff --git a/services/frontend/pkg/config/config.go b/services/frontend/pkg/config/config.go index 99767629be..0dc0dfd204 100644 --- a/services/frontend/pkg/config/config.go +++ b/services/frontend/pkg/config/config.go @@ -163,12 +163,12 @@ type Checksums struct { } type ReadyOnlyAttributes struct { - AccountEnabled bool `yaml:"account_enabled" env:"FRONTEND_READONLY_ATTRIBUTES_ACCOUNT_ENABLED" desc:"Flag to indicate if account_enabled attribute is read-only. Default is false."` - DisplayName bool `yaml:"display_name" env:"FRONTEND_READONLY_ATTRIBUTES_DISPLAY_NAME" desc:"Flag to indicate if display_name attribute is read-only. Default is true."` - GivenName bool `yaml:"given_name" env:"FRONTEND_READONLY_ATTRIBUTES_GIVEN_NAME" desc:"Flag to indicate if given_name attribute is read-only. Default is true."` - ID bool `yaml:"id" env:"FRONTEND_READONLY_ATTRIBUTES_ID" desc:"Flag to indicate if id attribute is read-only. Default is true."` - Mail bool `yaml:"mail" env:"FRONTEND_READONLY_ATTRIBUTES_MAIL" desc:"Flag to indicate if mail attribute is read-only. Default is true."` - OnPremisesSamAccountName bool `yaml:"on_premises_sam_account_name" env:"FRONTEND_READONLY_ATTRIBUTES_ON_PREMISES_SAM_ACCOUNT_NAME" desc:"Flag to indicate if on_premises_sam_account_name attribute is read-only. Default is true."` - Surname bool `yaml:"surname" env:"FRONTEND_READONLY_ATTRIBUTES_SURNAME" desc:"Flag to indicate if surname attribute is read-only. Default is true."` - Quota bool `yaml:"quota" env:"FRONTEND_READONLY_ATTRIBUTES_QUOTA" desc:"Flag to indicate if quota attribute read-only. Default is false."` + AccountEnabled bool `yaml:"account_enabled" env:"FRONTEND_READONLY_ATTRIBUTES_ACCOUNT_ENABLED" desc:"Flag to indicate if account_enabled attribute is read-only. Defaults to false."` + DisplayName bool `yaml:"display_name" env:"FRONTEND_READONLY_ATTRIBUTES_DISPLAY_NAME" desc:"Flag to indicate if display_name attribute is read-only. Defaults to true."` + GivenName bool `yaml:"given_name" env:"FRONTEND_READONLY_ATTRIBUTES_GIVEN_NAME" desc:"Flag to indicate if given_name attribute is read-only. Defaults to true."` + ID bool `yaml:"id" env:"FRONTEND_READONLY_ATTRIBUTES_ID" desc:"Flag to indicate if id attribute is read-only. Defaults to true."` + Mail bool `yaml:"mail" env:"FRONTEND_READONLY_ATTRIBUTES_MAIL" desc:"Flag to indicate if mail attribute is read-only. Defaults to true."` + OnPremisesSamAccountName bool `yaml:"on_premises_sam_account_name" env:"FRONTEND_READONLY_ATTRIBUTES_ON_PREMISES_SAM_ACCOUNT_NAME" desc:"Flag to indicate if on_premises_sam_account_name attribute is read-only. Defaults to true."` + Surname bool `yaml:"surname" env:"FRONTEND_READONLY_ATTRIBUTES_SURNAME" desc:"Flag to indicate if surname attribute is read-only. Defaults to true."` + Quota bool `yaml:"quota" env:"FRONTEND_READONLY_ATTRIBUTES_QUOTA" desc:"Flag to indicate if quota attribute read-only. Defaults to false."` } From 1938495a894de9d52dbbda9d0b986b7ce6752c7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Sw=C3=A4rd?= Date: Mon, 17 Apr 2023 10:38:51 +0200 Subject: [PATCH 3/5] Change to single env variable and list of strings as suggested in review. --- services/frontend/README.md | 12 ++-------- services/frontend/pkg/config/config.go | 23 +++++-------------- .../pkg/config/defaults/defaultconfig.go | 10 -------- services/frontend/pkg/revaconfig/config.go | 23 ++++--------------- 4 files changed, 12 insertions(+), 56 deletions(-) diff --git a/services/frontend/README.md b/services/frontend/README.md index fd2f1cf3d3..2c606acf14 100644 --- a/services/frontend/README.md +++ b/services/frontend/README.md @@ -29,13 +29,5 @@ While the frontend service does not persist any data it does cache `Stat()` resp ## Libregraph Service Interactions A lot of user management is done via a standardized libregraph API. Depending on how the system is configured, there might be some attributes for users that an ocis instance admin user can't change because of properties -coming from an external LDAP server, or similar. This can be the case when the ocis admin is not the LDAP admin. To make life easier for admin users, there are hints as capabilites telling the frontend which attributes are read-only or not, so they can be shown in the frontend differently. To configure these hints the following environment variables are available: - -- FRONTEND_READONLY_ATTRIBUTES_ACCOUNT_ENABLED: Defaults to false -- FRONTEND_READONLY_ATTRIBUTES_DISPLAY_NAME: Defaults to true -- FRONTEND_READONLY_ATTRIBUTES_GIVEN_NAME: Defaults to true -- FRONTEND_READONLY_ATTRIBUTES_ID: Defaults to true -- FRONTEND_READONLY_ATTRIBUTES_MAIL: Defaults to true -- FRONTEND_READONLY_ATTRIBUTES_ON_PREMISES_SAM_ACCOUNT_NAME: Defaults to true -- FRONTEND_READONLY_ATTRIBUTES_SURNAME: Defaults to true -- FRONTEND_READONLY_ATTRIBUTES_QUOTA: Defaults to false +coming from an external LDAP server, or similar. This can be the case when the ocis admin is not the LDAP admin. To make life easier for admin users, there are hints as capabilites telling the frontend which attributes are read-only or not, so they can be shown in the frontend differently. To configure these hints we have the environment variable FRONTEND_READONLY_USER_ATTRIBUTES, +which takes a comma separated list of attributes. diff --git a/services/frontend/pkg/config/config.go b/services/frontend/pkg/config/config.go index 0dc0dfd204..07adb2289b 100644 --- a/services/frontend/pkg/config/config.go +++ b/services/frontend/pkg/config/config.go @@ -39,12 +39,12 @@ type Config struct { PublicURL string `yaml:"public_url" env:"OCIS_URL;FRONTEND_PUBLIC_URL" desc:"The public facing URL of the oCIS frontend."` - AppHandler AppHandler `yaml:"app_handler"` - Archiver Archiver `yaml:"archiver"` - DataGateway DataGateway `yaml:"data_gateway"` - OCS OCS `yaml:"ocs"` - Checksums Checksums `yaml:"checksums"` - ReadyOnlyAttributes ReadyOnlyAttributes `yaml:"read_only_attributes"` + AppHandler AppHandler `yaml:"app_handler"` + Archiver Archiver `yaml:"archiver"` + DataGateway DataGateway `yaml:"data_gateway"` + OCS OCS `yaml:"ocs"` + Checksums Checksums `yaml:"checksums"` + ReadOnlyUserAttributes string `yaml:"read_only_user_attributes" env:"FRONTEND_READONLY_USER_ATTRIBUTES" desc:"Comma separated list of user attributes to indicate as read-only."` Middleware Middleware `yaml:"middleware"` @@ -161,14 +161,3 @@ type Checksums struct { SupportedTypes []string `yaml:"supported_types" env:"FRONTEND_CHECKSUMS_SUPPORTED_TYPES" desc:"Define the checksum types that indicate to clients which hashes the server can use to verify upload integrity. You can provide multiple types separated by blank or comma. Supported types are 'sha1', 'md5' and 'adler32'."` PreferredUploadType string `yaml:"preferred_upload_type" env:"FRONTEND_CHECKSUMS_PREFERRED_UPLOAD_TYPE" desc:"The supported checksum type for uploads that indicates to clients supporting multiple hash algorithms which one is preferred by the server. Must be one out of the defined list of SUPPORTED_TYPES."` } - -type ReadyOnlyAttributes struct { - AccountEnabled bool `yaml:"account_enabled" env:"FRONTEND_READONLY_ATTRIBUTES_ACCOUNT_ENABLED" desc:"Flag to indicate if account_enabled attribute is read-only. Defaults to false."` - DisplayName bool `yaml:"display_name" env:"FRONTEND_READONLY_ATTRIBUTES_DISPLAY_NAME" desc:"Flag to indicate if display_name attribute is read-only. Defaults to true."` - GivenName bool `yaml:"given_name" env:"FRONTEND_READONLY_ATTRIBUTES_GIVEN_NAME" desc:"Flag to indicate if given_name attribute is read-only. Defaults to true."` - ID bool `yaml:"id" env:"FRONTEND_READONLY_ATTRIBUTES_ID" desc:"Flag to indicate if id attribute is read-only. Defaults to true."` - Mail bool `yaml:"mail" env:"FRONTEND_READONLY_ATTRIBUTES_MAIL" desc:"Flag to indicate if mail attribute is read-only. Defaults to true."` - OnPremisesSamAccountName bool `yaml:"on_premises_sam_account_name" env:"FRONTEND_READONLY_ATTRIBUTES_ON_PREMISES_SAM_ACCOUNT_NAME" desc:"Flag to indicate if on_premises_sam_account_name attribute is read-only. Defaults to true."` - Surname bool `yaml:"surname" env:"FRONTEND_READONLY_ATTRIBUTES_SURNAME" desc:"Flag to indicate if surname attribute is read-only. Defaults to true."` - Quota bool `yaml:"quota" env:"FRONTEND_READONLY_ATTRIBUTES_QUOTA" desc:"Flag to indicate if quota attribute read-only. Defaults to false."` -} diff --git a/services/frontend/pkg/config/defaults/defaultconfig.go b/services/frontend/pkg/config/defaults/defaultconfig.go index 589e2f8345..ed03512773 100644 --- a/services/frontend/pkg/config/defaults/defaultconfig.go +++ b/services/frontend/pkg/config/defaults/defaultconfig.go @@ -89,16 +89,6 @@ func DefaultConfig() *config.Config { SupportedTypes: []string{"sha1", "md5", "adler32"}, PreferredUploadType: "sha1", }, - ReadyOnlyAttributes: config.ReadyOnlyAttributes{ - AccountEnabled: false, - DisplayName: true, - GivenName: true, - ID: true, - Mail: true, - OnPremisesSamAccountName: true, - Surname: true, - Quota: false, - }, AppHandler: config.AppHandler{ Prefix: "app", }, diff --git a/services/frontend/pkg/revaconfig/config.go b/services/frontend/pkg/revaconfig/config.go index 2c0f22c83b..8eeca607d4 100644 --- a/services/frontend/pkg/revaconfig/config.go +++ b/services/frontend/pkg/revaconfig/config.go @@ -4,6 +4,7 @@ import ( "net/url" "path" "strconv" + "strings" "github.com/owncloud/ocis/v2/ocis-pkg/version" "github.com/owncloud/ocis/v2/services/frontend/pkg/config" @@ -63,23 +64,7 @@ func FrontendConfigFromStruct(cfg *config.Config) (map[string]interface{}, error } } - read_only_attributes_map := map[string]bool{ - "account_enabled": cfg.ReadyOnlyAttributes.AccountEnabled, - "display_name": cfg.ReadyOnlyAttributes.DisplayName, - "given_name": cfg.ReadyOnlyAttributes.GivenName, - "id": cfg.ReadyOnlyAttributes.ID, - "mail": cfg.ReadyOnlyAttributes.Mail, - "on_premises_sam_account_name": cfg.ReadyOnlyAttributes.OnPremisesSamAccountName, - "surname": cfg.ReadyOnlyAttributes.Surname, - "quota": cfg.ReadyOnlyAttributes.Quota, - } - - var read_only_attributes []string - for k, v := range read_only_attributes_map { - if v { - read_only_attributes = append(read_only_attributes, k) - } - } + ReadOnlyUserAttributes := strings.Split(cfg.ReadOnlyUserAttributes, ",") return map[string]interface{}{ "core": map[string]interface{}{ @@ -216,8 +201,8 @@ func FrontendConfigFromStruct(cfg *config.Config) (map[string]interface{}, error "support_url_signing": true, }, "graph": map[string]interface{}{ - "personal_data_export": true, - "read_only_attributes": read_only_attributes, + "personal_data_export": true, + "read_only_user_attributes": ReadOnlyUserAttributes, }, "checksums": map[string]interface{}{ "supported_types": cfg.Checksums.SupportedTypes, From 8e5ff030f72644954906b9d923dd4947e420a444 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Sw=C3=A4rd?= Date: Tue, 18 Apr 2023 12:25:45 +0200 Subject: [PATCH 4/5] Change config value to list of strings and bump reva. --- go.mod | 2 +- go.sum | 2 ++ services/frontend/pkg/config/config.go | 2 +- services/frontend/pkg/revaconfig/config.go | 8 +++++--- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 6d5c559ef9..3a81ee2b86 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/blevesearch/bleve/v2 v2.3.7 github.com/coreos/go-oidc/v3 v3.4.0 github.com/cs3org/go-cs3apis v0.0.0-20221012090518-ef2996678965 - github.com/cs3org/reva/v2 v2.12.1-0.20230404090709-bb973fae26ae + github.com/cs3org/reva/v2 v2.12.1-0.20230417084429-b3d96f9db80c github.com/disintegration/imaging v1.6.2 github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e github.com/egirna/icap-client v0.1.1 diff --git a/go.sum b/go.sum index fc5f4d0b7d..cb50a8d889 100644 --- a/go.sum +++ b/go.sum @@ -629,6 +629,8 @@ github.com/crewjam/saml v0.4.13 h1:TYHggH/hwP7eArqiXSJUvtOPNzQDyQ7vwmwEqlFWhMc= github.com/crewjam/saml v0.4.13/go.mod h1:igEejV+fihTIlHXYP8zOec3V5A8y3lws5bQBFsTm4gA= github.com/cs3org/reva/v2 v2.12.1-0.20230404090709-bb973fae26ae h1:APfYubzIYqCTXtmX6cAm4c8wBYS3R/cZwomX8IlXLaI= github.com/cs3org/reva/v2 v2.12.1-0.20230404090709-bb973fae26ae/go.mod h1:FNAYs5H3xs8v0OFmNgZtiMAzIMXd/6TJmO0uZuNn8pQ= +github.com/cs3org/reva/v2 v2.12.1-0.20230417084429-b3d96f9db80c h1:H6OjKTaRowZfAU/Hwvv4W0pLFFH/KNbHaNVNw3ANoHU= +github.com/cs3org/reva/v2 v2.12.1-0.20230417084429-b3d96f9db80c/go.mod h1:FNAYs5H3xs8v0OFmNgZtiMAzIMXd/6TJmO0uZuNn8pQ= github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8 h1:Z9lwXumT5ACSmJ7WGnFl+OMLLjpz5uR2fyz7dC255FI= github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8/go.mod h1:4abs/jPXcmJzYoYGF91JF9Uq9s/KL5n1jvFDix8KcqY= github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= diff --git a/services/frontend/pkg/config/config.go b/services/frontend/pkg/config/config.go index 07adb2289b..445ddc31c2 100644 --- a/services/frontend/pkg/config/config.go +++ b/services/frontend/pkg/config/config.go @@ -44,7 +44,7 @@ type Config struct { DataGateway DataGateway `yaml:"data_gateway"` OCS OCS `yaml:"ocs"` Checksums Checksums `yaml:"checksums"` - ReadOnlyUserAttributes string `yaml:"read_only_user_attributes" env:"FRONTEND_READONLY_USER_ATTRIBUTES" desc:"Comma separated list of user attributes to indicate as read-only."` + ReadOnlyUserAttributes []string `yaml:"read_only_user_attributes" env:"FRONTEND_READONLY_USER_ATTRIBUTES" desc:"Comma separated list of user attributes to indicate as read-only."` Middleware Middleware `yaml:"middleware"` diff --git a/services/frontend/pkg/revaconfig/config.go b/services/frontend/pkg/revaconfig/config.go index 8eeca607d4..00456fa2ce 100644 --- a/services/frontend/pkg/revaconfig/config.go +++ b/services/frontend/pkg/revaconfig/config.go @@ -4,7 +4,6 @@ import ( "net/url" "path" "strconv" - "strings" "github.com/owncloud/ocis/v2/ocis-pkg/version" "github.com/owncloud/ocis/v2/services/frontend/pkg/config" @@ -64,7 +63,10 @@ func FrontendConfigFromStruct(cfg *config.Config) (map[string]interface{}, error } } - ReadOnlyUserAttributes := strings.Split(cfg.ReadOnlyUserAttributes, ",") + readOnlyUserAttributes := []string{} + if cfg.ReadOnlyUserAttributes != nil { + readOnlyUserAttributes = cfg.ReadOnlyUserAttributes + } return map[string]interface{}{ "core": map[string]interface{}{ @@ -202,7 +204,7 @@ func FrontendConfigFromStruct(cfg *config.Config) (map[string]interface{}, error }, "graph": map[string]interface{}{ "personal_data_export": true, - "read_only_user_attributes": ReadOnlyUserAttributes, + "read_only_user_attributes": readOnlyUserAttributes, }, "checksums": map[string]interface{}{ "supported_types": cfg.Checksums.SupportedTypes, From 78d7381a71a2e059a9507da8c0098b16eb6f0a62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Sw=C3=A4rd?= Date: Wed, 19 Apr 2023 09:32:53 +0200 Subject: [PATCH 5/5] Apply suggestions from code review Co-authored-by: Martin --- services/frontend/README.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/services/frontend/README.md b/services/frontend/README.md index 2c606acf14..55b4bace40 100644 --- a/services/frontend/README.md +++ b/services/frontend/README.md @@ -26,8 +26,6 @@ The ocs endpoint, by default `/ocs`, implements the ownCloud 10 Open Collaborati While the frontend service does not persist any data it does cache `Stat()` responses and user information. Therefore, multiple instances of this service can be spawned in a bigger deployment like when using container orchestration with Kubernetes, when configuring `FRONTEND_OCS_RESOURCE_INFO_CACHE_TYPE=redis` and the related config options. -## Libregraph Service Interactions +## Define Read-Only Attributes -A lot of user management is done via a standardized libregraph API. Depending on how the system is configured, there might be some attributes for users that an ocis instance admin user can't change because of properties -coming from an external LDAP server, or similar. This can be the case when the ocis admin is not the LDAP admin. To make life easier for admin users, there are hints as capabilites telling the frontend which attributes are read-only or not, so they can be shown in the frontend differently. To configure these hints we have the environment variable FRONTEND_READONLY_USER_ATTRIBUTES, -which takes a comma separated list of attributes. +A lot of user management is made via the standardized libregraph API. Depending on how the system is configured, there might be some user attributes that an ocis instance admin can't change because of properties coming from an external LDAP server, or similar. This can be the case when the ocis admin is not the LDAP admin. To ease life for admins, there are hints as capabilites telling the frontend which attributes are read-only to enable a different optical representation like being grayed out. To configure these hints, use the environment variable `FRONTEND_READONLY_USER_ATTRIBUTES`, which takes a comma separated list of attributes.