From 6319d986ebb389c1496e16f2ca4587c2853d2674 Mon Sep 17 00:00:00 2001 From: Roman Perekhod Date: Wed, 28 Aug 2024 14:05:55 +0200 Subject: [PATCH] [full-ci] Added a new role space editor without versions --- .../new-role-editor-wo-versions.md | 7 ++++ go.mod | 2 +- go.sum | 4 +- .../pkg/config/defaults/defaultconfig.go | 2 +- services/graph/pkg/unifiedrole/conversion.go | 2 + services/graph/pkg/unifiedrole/export_test.go | 17 ++++---- services/graph/pkg/unifiedrole/roles.go | 41 +++++++++++++++---- services/graph/pkg/unifiedrole/roles_test.go | 1 + services/web/pkg/theme/theme.go | 4 ++ .../cs3org/reva/v2/pkg/conversions/role.go | 24 +++++++++++ .../cs3org/reva/v2/pkg/events/users.go | 13 ++++++ vendor/modules.txt | 2 +- 12 files changed, 99 insertions(+), 20 deletions(-) create mode 100644 changelog/unreleased/new-role-editor-wo-versions.md diff --git a/changelog/unreleased/new-role-editor-wo-versions.md b/changelog/unreleased/new-role-editor-wo-versions.md new file mode 100644 index 0000000000..939b1ef1fb --- /dev/null +++ b/changelog/unreleased/new-role-editor-wo-versions.md @@ -0,0 +1,7 @@ +Enhancement: Added a new role space editor without versions + +We add a new role space editor without list and restore version permissions. + + +https://github.com/owncloud/ocis/pull/9880 +https://github.com/owncloud/ocis/issues/9699 diff --git a/go.mod b/go.mod index a078df56d5..028ac51c66 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/cenkalti/backoff v2.2.1+incompatible github.com/coreos/go-oidc/v3 v3.11.0 github.com/cs3org/go-cs3apis v0.0.0-20240724121416-062c4e3046cb - github.com/cs3org/reva/v2 v2.23.1-0.20240826144102-af5123b523cf + github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89 github.com/dhowden/tag v0.0.0-20230630033851-978a0926ee25 github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e github.com/egirna/icap-client v0.1.1 diff --git a/go.sum b/go.sum index 1f1271bc4e..b8907502c9 100644 --- a/go.sum +++ b/go.sum @@ -255,8 +255,8 @@ github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c= github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME= github.com/cs3org/go-cs3apis v0.0.0-20240724121416-062c4e3046cb h1:KmYZDReplv/yfwc1LNYpDcVhVujC3Pasv6WjXx1haSU= github.com/cs3org/go-cs3apis v0.0.0-20240724121416-062c4e3046cb/go.mod h1:yyP8PRo0EZou3nSH7H4qjlzQwaydPeIRNgX50npQHpE= -github.com/cs3org/reva/v2 v2.23.1-0.20240826144102-af5123b523cf h1:VMg9uATNCBjJhU0dJJ5wgchLCCkZr/6IxjJxY+8hAAs= -github.com/cs3org/reva/v2 v2.23.1-0.20240826144102-af5123b523cf/go.mod h1:p7CHBXcg6sSqB+0JMNDfC1S7TSh9FghXkw1kTV3KcJI= +github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89 h1:fHQzCRgnsullqFcX9Equ/MKJdbBRSDfn2FtdSpbkdaw= +github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89/go.mod h1:p7CHBXcg6sSqB+0JMNDfC1S7TSh9FghXkw1kTV3KcJI= github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= diff --git a/services/graph/pkg/config/defaults/defaultconfig.go b/services/graph/pkg/config/defaults/defaultconfig.go index 57aaed57be..47722871aa 100644 --- a/services/graph/pkg/config/defaults/defaultconfig.go +++ b/services/graph/pkg/config/defaults/defaultconfig.go @@ -15,7 +15,7 @@ import ( var ( // _disabledByDefaultUnifiedRoleRoleIDs contains all roles that are not enabled by default, // but can be enabled by the user. - _disabledByDefaultUnifiedRoleRoleIDs = []string{unifiedrole.UnifiedRoleSecureViewerID} + _disabledByDefaultUnifiedRoleRoleIDs = []string{unifiedrole.UnifiedRoleSecureViewerID, unifiedrole.UnifiedRoleSpaceEditorWithoutVersionsID} ) // FullDefaultConfig returns a fully initialized default configuration diff --git a/services/graph/pkg/unifiedrole/conversion.go b/services/graph/pkg/unifiedrole/conversion.go index 24b263f544..71ba8cff09 100644 --- a/services/graph/pkg/unifiedrole/conversion.go +++ b/services/graph/pkg/unifiedrole/conversion.go @@ -210,6 +210,8 @@ func cs3RoleToDisplayName(role *conversions.Role) string { return _editorUnifiedRoleDisplayName case conversions.RoleSpaceEditor: return _spaceEditorUnifiedRoleDisplayName + case conversions.RoleSpaceEditorWithoutVersions: + return _spaceEditorWithoutVersionsUnifiedRoleDisplayName case conversions.RoleFileEditor: return _fileEditorUnifiedRoleDisplayName case conversions.RoleEditorLite: diff --git a/services/graph/pkg/unifiedrole/export_test.go b/services/graph/pkg/unifiedrole/export_test.go index f834bcc554..2812173886 100644 --- a/services/graph/pkg/unifiedrole/export_test.go +++ b/services/graph/pkg/unifiedrole/export_test.go @@ -1,14 +1,15 @@ package unifiedrole var ( - RoleViewer = roleViewer - RoleSpaceViewer = roleSpaceViewer - RoleEditor = roleEditor - RoleSpaceEditor = roleSpaceEditor - RoleFileEditor = roleFileEditor - RoleEditorLite = roleEditorLite - RoleManager = roleManager - RoleSecureViewer = roleSecureViewer + RoleViewer = roleViewer + RoleSpaceViewer = roleSpaceViewer + RoleEditor = roleEditor + RoleSpaceEditor = roleSpaceEditor + RoleSpaceEditorWithoutVersions = roleSpaceEditorWithoutVersions + RoleFileEditor = roleFileEditor + RoleEditorLite = roleEditorLite + RoleManager = roleManager + RoleSecureViewer = roleSecureViewer BuildInRoles = buildInRoles diff --git a/services/graph/pkg/unifiedrole/roles.go b/services/graph/pkg/unifiedrole/roles.go index 99c15e2a45..de945ba6fb 100644 --- a/services/graph/pkg/unifiedrole/roles.go +++ b/services/graph/pkg/unifiedrole/roles.go @@ -22,6 +22,8 @@ const ( UnifiedRoleEditorID = "fb6c3e19-e378-47e5-b277-9732f9de6e21" // UnifiedRoleSpaceEditorID Unified role space editor id. UnifiedRoleSpaceEditorID = "58c63c02-1d89-4572-916a-870abc5a1b7d" + // UnifiedRoleSpaceEditorWithoutVersionsID Unified role space editor without list/restore versions id. + UnifiedRoleSpaceEditorWithoutVersionsID = "3284f2d5-0070-4ad8-ac40-c247f7c1fb27" // UnifiedRoleFileEditorID Unified role file editor id. UnifiedRoleFileEditorID = "2d00ce52-1fc2-4dbc-8b95-a73b73395f5a" // UnifiedRoleEditorLiteID Unified role editor-lite id. @@ -109,6 +111,12 @@ var ( // UnifiedRole SpaseEditor, Role DisplayName (resolves directly) _spaceEditorUnifiedRoleDisplayName = l10n.Template("Can edit") + // UnifiedRole SpaseEditorWithoutVersions, Role Description (resolves directly) + _spaceEditorWithoutVersionsUnifiedRoleDescription = l10n.Template("View, download, upload, edit, add and delete.") + + // UnifiedRole SpaseEditorWithoutVersions, Role DisplayName (resolves directly) + _spaceEditorWithoutVersionsUnifiedRoleDisplayName = l10n.Template("Can edit without versions") + // UnifiedRole FileEditor, Role Description (resolves directly) _fileEditorUnifiedRoleDescription = l10n.Template("View, download and edit.") @@ -138,13 +146,14 @@ var ( UnifiedRoleViewerID: conversions.RoleViewer, // one V1 api the "spaceviewer" role was call "viewer" and the "spaceeditor" was "editor", // we need to stay compatible with that - UnifiedRoleSpaceViewerID: "viewer", - UnifiedRoleSpaceEditorID: "editor", - UnifiedRoleEditorID: conversions.RoleEditor, - UnifiedRoleFileEditorID: conversions.RoleFileEditor, - UnifiedRoleEditorLiteID: conversions.RoleEditorLite, - UnifiedRoleManagerID: conversions.RoleManager, - UnifiedRoleSecureViewerID: conversions.RoleSecureViewer, + UnifiedRoleSpaceViewerID: "viewer", + UnifiedRoleSpaceEditorID: "editor", + UnifiedRoleSpaceEditorWithoutVersionsID: conversions.RoleSpaceEditorWithoutVersions, + UnifiedRoleEditorID: conversions.RoleEditor, + UnifiedRoleFileEditorID: conversions.RoleFileEditor, + UnifiedRoleEditorLiteID: conversions.RoleEditorLite, + UnifiedRoleManagerID: conversions.RoleManager, + UnifiedRoleSecureViewerID: conversions.RoleSecureViewer, } // buildInRoles contains the built-in roles. @@ -153,6 +162,7 @@ var ( roleSpaceViewer, roleEditor, roleSpaceEditor, + roleSpaceEditorWithoutVersions, roleFileEditor, roleEditorLite, roleManager, @@ -243,6 +253,23 @@ var ( } }() + // roleSpaceEditorWithoutVersions creates an editor without versions role + roleSpaceEditorWithoutVersions = func() *libregraph.UnifiedRoleDefinition { + r := conversions.NewSpaceEditorWithoutVersionsRole() + return &libregraph.UnifiedRoleDefinition{ + Id: proto.String(UnifiedRoleSpaceEditorWithoutVersionsID), + Description: proto.String(_spaceEditorWithoutVersionsUnifiedRoleDescription), + DisplayName: proto.String(cs3RoleToDisplayName(r)), + RolePermissions: []libregraph.UnifiedRolePermission{ + { + AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()), + Condition: proto.String(UnifiedRoleConditionDrive), + }, + }, + LibreGraphWeight: proto.Int32(0), + } + }() + // roleFileEditor creates a file-editor role roleFileEditor = func() *libregraph.UnifiedRoleDefinition { r := conversions.NewFileEditorRole() diff --git a/services/graph/pkg/unifiedrole/roles_test.go b/services/graph/pkg/unifiedrole/roles_test.go index 2d1a4e8d8d..1d4127a0e6 100644 --- a/services/graph/pkg/unifiedrole/roles_test.go +++ b/services/graph/pkg/unifiedrole/roles_test.go @@ -181,6 +181,7 @@ func TestGetRolesByPermissions(t *testing.T) { constraints: unifiedrole.UnifiedRoleConditionDrive, unifiedRoleDefinition: []*libregraph.UnifiedRoleDefinition{ unifiedrole.RoleSpaceViewer, + unifiedrole.RoleSpaceEditorWithoutVersions, unifiedrole.RoleSpaceEditor, unifiedrole.RoleManager, }, diff --git a/services/web/pkg/theme/theme.go b/services/web/pkg/theme/theme.go index 6d93078bc5..72739dcb75 100644 --- a/services/web/pkg/theme/theme.go +++ b/services/web/pkg/theme/theme.go @@ -37,6 +37,10 @@ var themeDefaults = KV{ "label": "UnifiedRoleSpaceEditor", "iconName": "pencil", }, + unifiedrole.UnifiedRoleSpaceEditorWithoutVersionsID: KV{ + "label": "UnifiedRoleSpaceEditorWithoutVersions", + "iconName": "pencil", + }, unifiedrole.UnifiedRoleManagerID: KV{ "label": "UnifiedRoleManager", "iconName": "user-star", diff --git a/vendor/github.com/cs3org/reva/v2/pkg/conversions/role.go b/vendor/github.com/cs3org/reva/v2/pkg/conversions/role.go index 7d7e0fcd89..edb4609ae3 100644 --- a/vendor/github.com/cs3org/reva/v2/pkg/conversions/role.go +++ b/vendor/github.com/cs3org/reva/v2/pkg/conversions/role.go @@ -43,6 +43,8 @@ const ( RoleEditor = "editor" // RoleSpaceEditor grants editor permission on a space. RoleSpaceEditor = "spaceeditor" + // RoleSpaceEditorWithoutVersions grants editor permission without list/restore versions on a space. + RoleSpaceEditorWithoutVersions = "spaceeditor-without-versions" // RoleFileEditor grants editor permission on a single file. RoleFileEditor = "file-editor" // RoleCoowner grants co-owner permissions on a resource. @@ -272,6 +274,28 @@ func NewSpaceEditorRole() *Role { } } +// NewSpaceEditorWithoutVersionsRole creates an editor without list/restore versions role +func NewSpaceEditorWithoutVersionsRole() *Role { + return &Role{ + Name: RoleSpaceEditorWithoutVersions, + cS3ResourcePermissions: &provider.ResourcePermissions{ + CreateContainer: true, + Delete: true, + GetPath: true, + GetQuota: true, + InitiateFileDownload: true, + InitiateFileUpload: true, + ListContainer: true, + ListGrants: true, + ListRecycle: true, + Move: true, + RestoreRecycleItem: true, + Stat: true, + }, + ocsPermissions: PermissionRead | PermissionCreate | PermissionWrite | PermissionDelete, + } +} + // NewFileEditorRole creates a file-editor role func NewFileEditorRole() *Role { p := PermissionRead | PermissionWrite diff --git a/vendor/github.com/cs3org/reva/v2/pkg/events/users.go b/vendor/github.com/cs3org/reva/v2/pkg/events/users.go index 79ea2add7e..44a898f72d 100644 --- a/vendor/github.com/cs3org/reva/v2/pkg/events/users.go +++ b/vendor/github.com/cs3org/reva/v2/pkg/events/users.go @@ -102,3 +102,16 @@ func (BackchannelLogout) Unmarshal(v []byte) (interface{}, error) { err := json.Unmarshal(v, &e) return e, err } + +// UserSignedIn is emitted when a user signs in +type UserSignedIn struct { + Executant *user.UserId + Timestamp *types.Timestamp +} + +// Unmarshal to fulfill umarshaller interface +func (UserSignedIn) Unmarshal(v []byte) (interface{}, error) { + e := UserSignedIn{} + err := json.Unmarshal(v, &e) + return e, err +} diff --git a/vendor/modules.txt b/vendor/modules.txt index ad69db0d8e..87ec7f9fa1 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -367,7 +367,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1 github.com/cs3org/go-cs3apis/cs3/types/v1beta1 -# github.com/cs3org/reva/v2 v2.23.1-0.20240826144102-af5123b523cf +# github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89 ## explicit; go 1.21 github.com/cs3org/reva/v2/cmd/revad/internal/grace github.com/cs3org/reva/v2/cmd/revad/runtime