from now on, not all unified roles are enabled by default, instead the available roles are hand-picked in the default setup.
For advanced use-cases, the administrator is capable to enable the desired set of available roles.
Picking roles is not easy since the uid is NOT humanly readable, therefore a cli is contained which lists the available, disabled and enabled roles.
This switches our hardcode unfied role conditions to better reflect what
we're actually using them before. The new conditions also allow to differentiate
between roles elgitible for files, folders or drive roots.
Which means that the `/permissions` endpoint is now able to populate the
`roles.allowedValues` field with the correct roles for type of the resource
it is called for.
Fixes: #8331
This reworks the cs3PermissionsToLibreGraph() so that it is able to return
the libreGraph.Permissions in the legacy and the new v1beta1 format. The main
differences between both are that v1beta1 returns the identities in the
'grantedToV2' property and the 'roles' are returned as IDs instead of the
legacy role names.
This is an initial implementation of PATCH support on drives/{driveid}/items/{itemid}/permissions/{id}.
It focusses on updating user shares for now. It's possible to update the
expirationDate, roles and/or libregraphResourceActions.
Updating the permissions of a space root or a public link share is currently
not implemeted.
* feature: add beta drive listing endpoints to the graph api and hydrate them to contain the new grantedtoV2 property and use unified roles instead of the cs3 roles
* enhancement: make use of owner conditions for drive listing
* enhancement: provide GetDrivesV1Beta1 and GetAllDrivesV1Beta1 graph endpoint tests
* enhancement: add graph beta listPermissions endpoint
besides the new api endpoint it includes several utilities to simplify the graph api development.
* resolve drive and item id from the request path
* generic pointer and value utilities
* space root detection
* update GetDriveAndItemIDParam signature to return a error
* move errorcode package
* enhancement: add generic error code handling
* fix: rebase
* unifiedrole: Add CS3ResourcePermissionsToLibregraphActions
Add function to convert CS3ResourcePermsissions to libregraph actions
* unifiedrole: Fix strings for the UnifiedRoleConditionSelf
The "Self/Owner/Grantee" string are not part the the constraint value
* graph: Move getRoleDefinitionList to unifiedrole module
rename it to GetBuiltinRoleDefinitionList and make it public
* graph: turn libregraph resource actions into string constants
* graph/sharedbyme: Set the correct roles (or actions) on permissions
Try to map CS3 resource permissions on a share to one of the default libregraph
UnifiedRoleDefinitions. If a match if found return the roleid in 'permissions.roles'
attribute of the response. If no match if found convert the
ResourcePermissions in to `libre.graph.permissions.actions` and return
those in the response.
* bump reva to latest edge
To get https://github.com/cs3org/reva/pull/4336
* graph: Import unified role related code from reva
The UnifiedRole related types are pretty specific to the graph service.
Maintaining them as part of reva makes things more complex that required.
* chore: add failing cases to the expected failures
---------
Co-authored-by: Florian Schade <f.schade@icloud.com>
