Merge pull request #9881 from 2403905/issue-9699

Added a new role space editor without versions

changelog/unreleased/new-role-editor-wo-versions.md

@@ -0,0 +1,7 @@
+Enhancement: Added a new role space editor without versions
+
+We add a new role space editor without list and restore version permissions.
+
+
+https://github.com/owncloud/ocis/pull/9880
+https://github.com/owncloud/ocis/issues/9699

go.mod

@@ -15,7 +15,7 @@ require (
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/coreos/go-oidc/v3 v3.11.0
 	github.com/cs3org/go-cs3apis v0.0.0-20240724121416-062c4e3046cb
-	github.com/cs3org/reva/v2 v2.23.1-0.20240826144102-af5123b523cf
+	github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89
 	github.com/dhowden/tag v0.0.0-20230630033851-978a0926ee25
 	github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e
 	github.com/egirna/icap-client v0.1.1

go.sum

@@ -255,8 +255,8 @@ github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c=
 github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME=
 github.com/cs3org/go-cs3apis v0.0.0-20240724121416-062c4e3046cb h1:KmYZDReplv/yfwc1LNYpDcVhVujC3Pasv6WjXx1haSU=
 github.com/cs3org/go-cs3apis v0.0.0-20240724121416-062c4e3046cb/go.mod h1:yyP8PRo0EZou3nSH7H4qjlzQwaydPeIRNgX50npQHpE=
-github.com/cs3org/reva/v2 v2.23.1-0.20240826144102-af5123b523cf h1:VMg9uATNCBjJhU0dJJ5wgchLCCkZr/6IxjJxY+8hAAs=
-github.com/cs3org/reva/v2 v2.23.1-0.20240826144102-af5123b523cf/go.mod h1:p7CHBXcg6sSqB+0JMNDfC1S7TSh9FghXkw1kTV3KcJI=
+github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89 h1:fHQzCRgnsullqFcX9Equ/MKJdbBRSDfn2FtdSpbkdaw=
+github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89/go.mod h1:p7CHBXcg6sSqB+0JMNDfC1S7TSh9FghXkw1kTV3KcJI=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
 github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
 github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=

services/graph/pkg/config/defaults/defaultconfig.go

@@ -15,7 +15,7 @@ import (
 var (
 	// _disabledByDefaultUnifiedRoleRoleIDs contains all roles that are not enabled by default,
 	// but can be enabled by the user.
-	_disabledByDefaultUnifiedRoleRoleIDs = []string{unifiedrole.UnifiedRoleSecureViewerID}
+	_disabledByDefaultUnifiedRoleRoleIDs = []string{unifiedrole.UnifiedRoleSecureViewerID, unifiedrole.UnifiedRoleSpaceEditorWithoutVersionsID}
 )
 
 // FullDefaultConfig returns a fully initialized default configuration

services/graph/pkg/unifiedrole/conversion.go

@@ -210,6 +210,8 @@ func cs3RoleToDisplayName(role *conversions.Role) string {
 		return _editorUnifiedRoleDisplayName
 	case conversions.RoleSpaceEditor:
 		return _spaceEditorUnifiedRoleDisplayName
+	case conversions.RoleSpaceEditorWithoutVersions:
+		return _spaceEditorWithoutVersionsUnifiedRoleDisplayName
 	case conversions.RoleFileEditor:
 		return _fileEditorUnifiedRoleDisplayName
 	case conversions.RoleEditorLite:

services/graph/pkg/unifiedrole/export_test.go

@@ -1,14 +1,15 @@
 package unifiedrole
 
 var (
-	RoleViewer       = roleViewer
-	RoleSpaceViewer  = roleSpaceViewer
-	RoleEditor       = roleEditor
-	RoleSpaceEditor  = roleSpaceEditor
-	RoleFileEditor   = roleFileEditor
-	RoleEditorLite   = roleEditorLite
-	RoleManager      = roleManager
-	RoleSecureViewer = roleSecureViewer
+	RoleViewer                     = roleViewer
+	RoleSpaceViewer                = roleSpaceViewer
+	RoleEditor                     = roleEditor
+	RoleSpaceEditor                = roleSpaceEditor
+	RoleSpaceEditorWithoutVersions = roleSpaceEditorWithoutVersions
+	RoleFileEditor                 = roleFileEditor
+	RoleEditorLite                 = roleEditorLite
+	RoleManager                    = roleManager
+	RoleSecureViewer               = roleSecureViewer
 
 	BuildInRoles = buildInRoles
 

services/graph/pkg/unifiedrole/roles.go

@@ -22,6 +22,8 @@ const (
 	UnifiedRoleEditorID = "fb6c3e19-e378-47e5-b277-9732f9de6e21"
 	// UnifiedRoleSpaceEditorID Unified role space editor id.
 	UnifiedRoleSpaceEditorID = "58c63c02-1d89-4572-916a-870abc5a1b7d"
+	// UnifiedRoleSpaceEditorWithoutVersionsID Unified role space editor without list/restore versions id.
+	UnifiedRoleSpaceEditorWithoutVersionsID = "3284f2d5-0070-4ad8-ac40-c247f7c1fb27"
 	// UnifiedRoleFileEditorID Unified role file editor id.
 	UnifiedRoleFileEditorID = "2d00ce52-1fc2-4dbc-8b95-a73b73395f5a"
 	// UnifiedRoleEditorLiteID Unified role editor-lite id.
@@ -109,6 +111,12 @@ var (
 	// UnifiedRole SpaseEditor, Role DisplayName (resolves directly)
 	_spaceEditorUnifiedRoleDisplayName = l10n.Template("Can edit")
 
+	// UnifiedRole SpaseEditorWithoutVersions, Role Description (resolves directly)
+	_spaceEditorWithoutVersionsUnifiedRoleDescription = l10n.Template("View, download, upload, edit, add and delete.")
+
+	// UnifiedRole SpaseEditorWithoutVersions, Role DisplayName (resolves directly)
+	_spaceEditorWithoutVersionsUnifiedRoleDisplayName = l10n.Template("Can edit without versions")
+
 	// UnifiedRole FileEditor, Role Description (resolves directly)
 	_fileEditorUnifiedRoleDescription = l10n.Template("View, download and edit.")
 
@@ -138,13 +146,14 @@ var (
 		UnifiedRoleViewerID: conversions.RoleViewer,
 		// one V1 api the "spaceviewer" role was call "viewer" and the "spaceeditor" was "editor",
 		// we need to stay compatible with that
-		UnifiedRoleSpaceViewerID:  "viewer",
-		UnifiedRoleSpaceEditorID:  "editor",
-		UnifiedRoleEditorID:       conversions.RoleEditor,
-		UnifiedRoleFileEditorID:   conversions.RoleFileEditor,
-		UnifiedRoleEditorLiteID:   conversions.RoleEditorLite,
-		UnifiedRoleManagerID:      conversions.RoleManager,
-		UnifiedRoleSecureViewerID: conversions.RoleSecureViewer,
+		UnifiedRoleSpaceViewerID:                "viewer",
+		UnifiedRoleSpaceEditorID:                "editor",
+		UnifiedRoleSpaceEditorWithoutVersionsID: conversions.RoleSpaceEditorWithoutVersions,
+		UnifiedRoleEditorID:                     conversions.RoleEditor,
+		UnifiedRoleFileEditorID:                 conversions.RoleFileEditor,
+		UnifiedRoleEditorLiteID:                 conversions.RoleEditorLite,
+		UnifiedRoleManagerID:                    conversions.RoleManager,
+		UnifiedRoleSecureViewerID:               conversions.RoleSecureViewer,
 	}
 
 	// buildInRoles contains the built-in roles.
@@ -153,6 +162,7 @@ var (
 		roleSpaceViewer,
 		roleEditor,
 		roleSpaceEditor,
+		roleSpaceEditorWithoutVersions,
 		roleFileEditor,
 		roleEditorLite,
 		roleManager,
@@ -243,6 +253,23 @@ var (
 		}
 	}()
 
+	// roleSpaceEditorWithoutVersions creates an editor without versions role
+	roleSpaceEditorWithoutVersions = func() *libregraph.UnifiedRoleDefinition {
+		r := conversions.NewSpaceEditorWithoutVersionsRole()
+		return &libregraph.UnifiedRoleDefinition{
+			Id:          proto.String(UnifiedRoleSpaceEditorWithoutVersionsID),
+			Description: proto.String(_spaceEditorWithoutVersionsUnifiedRoleDescription),
+			DisplayName: proto.String(cs3RoleToDisplayName(r)),
+			RolePermissions: []libregraph.UnifiedRolePermission{
+				{
+					AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
+					Condition:              proto.String(UnifiedRoleConditionDrive),
+				},
+			},
+			LibreGraphWeight: proto.Int32(0),
+		}
+	}()
+
 	// roleFileEditor creates a file-editor role
 	roleFileEditor = func() *libregraph.UnifiedRoleDefinition {
 		r := conversions.NewFileEditorRole()

services/graph/pkg/unifiedrole/roles_test.go

@@ -181,6 +181,7 @@ func TestGetRolesByPermissions(t *testing.T) {
 			constraints:  unifiedrole.UnifiedRoleConditionDrive,
 			unifiedRoleDefinition: []*libregraph.UnifiedRoleDefinition{
 				unifiedrole.RoleSpaceViewer,
+				unifiedrole.RoleSpaceEditorWithoutVersions,
 				unifiedrole.RoleSpaceEditor,
 				unifiedrole.RoleManager,
 			},

services/web/pkg/theme/theme.go

@@ -37,6 +37,10 @@ var themeDefaults = KV{
 				"label":    "UnifiedRoleSpaceEditor",
 				"iconName": "pencil",
 			},
+			unifiedrole.UnifiedRoleSpaceEditorWithoutVersionsID: KV{
+				"label":    "UnifiedRoleSpaceEditorWithoutVersions",
+				"iconName": "pencil",
+			},
 			unifiedrole.UnifiedRoleManagerID: KV{
 				"label":    "UnifiedRoleManager",
 				"iconName": "user-star",

vendor/github.com/cs3org/reva/v2/pkg/conversions/role.go

@@ -43,6 +43,8 @@ const (
 	RoleEditor = "editor"
 	// RoleSpaceEditor grants editor permission on a space.
 	RoleSpaceEditor = "spaceeditor"
+	// RoleSpaceEditorWithoutVersions grants editor permission without list/restore versions on a space.
+	RoleSpaceEditorWithoutVersions = "spaceeditor-without-versions"
 	// RoleFileEditor grants editor permission on a single file.
 	RoleFileEditor = "file-editor"
 	// RoleCoowner grants co-owner permissions on a resource.
@@ -272,6 +274,28 @@ func NewSpaceEditorRole() *Role {
 	}
 }
 
+// NewSpaceEditorWithoutVersionsRole creates an editor without list/restore versions role
+func NewSpaceEditorWithoutVersionsRole() *Role {
+	return &Role{
+		Name: RoleSpaceEditorWithoutVersions,
+		cS3ResourcePermissions: &provider.ResourcePermissions{
+			CreateContainer:      true,
+			Delete:               true,
+			GetPath:              true,
+			GetQuota:             true,
+			InitiateFileDownload: true,
+			InitiateFileUpload:   true,
+			ListContainer:        true,
+			ListGrants:           true,
+			ListRecycle:          true,
+			Move:                 true,
+			RestoreRecycleItem:   true,
+			Stat:                 true,
+		},
+		ocsPermissions: PermissionRead | PermissionCreate | PermissionWrite | PermissionDelete,
+	}
+}
+
 // NewFileEditorRole creates a file-editor role
 func NewFileEditorRole() *Role {
 	p := PermissionRead | PermissionWrite

vendor/github.com/cs3org/reva/v2/pkg/events/users.go

@@ -102,3 +102,16 @@ func (BackchannelLogout) Unmarshal(v []byte) (interface{}, error) {
 	err := json.Unmarshal(v, &e)
 	return e, err
 }
+
+// UserSignedIn is emitted when a user signs in
+type UserSignedIn struct {
+	Executant *user.UserId
+	Timestamp *types.Timestamp
+}
+
+// Unmarshal to fulfill umarshaller interface
+func (UserSignedIn) Unmarshal(v []byte) (interface{}, error) {
+	e := UserSignedIn{}
+	err := json.Unmarshal(v, &e)
+	return e, err
+}

vendor/modules.txt

@@ -367,7 +367,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1
 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1
 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1
 github.com/cs3org/go-cs3apis/cs3/types/v1beta1
-# github.com/cs3org/reva/v2 v2.23.1-0.20240826144102-af5123b523cf
+# github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89
 ## explicit; go 1.21
 github.com/cs3org/reva/v2/cmd/revad/internal/grace
 github.com/cs3org/reva/v2/cmd/revad/runtime