Merge branch 'bugfix/cannot-change-share-permission' into 'devel'

Fix for not being able to change sharing permission for a container Closes #1145 and #1144 See merge request sds-dev/sd-connect/swift-browser-ui!185
CSCfi · Oct 26, 2023 · a710b00 · a710b00
2 parents 1ce78c5 + 7837ee8
commit a710b00
Show file tree

Hide file tree

Showing 5 changed files with 88 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -78,6 +78,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Separate upload and download workers
   - Use direct file system writes if available on system
   - Move upload, download fetch calls to workers to reduce messaging overhead
+- (GL #1145) Added new api for modifying write access from container's access control list
 
 ### Changed
 

diff --git a/swift_browser_ui/ui/api.py b/swift_browser_ui/ui/api.py
@@ -685,6 +685,55 @@ async def remove_container_acl(request: aiohttp.web.Request) -> aiohttp.web.Resp
             raise aiohttp.web.HTTPNotFound()
 
 
+async def modify_container_write_acl(
+    request: aiohttp.web.Request,
+) -> aiohttp.web.Response:
+    """Modify write access for a project from container acl."""
+    session = await aiohttp_session.get_session(request)
+    request.app["Log"].info(
+        "API call to modify projects fom container ACL from "
+        f"{request.remote}, sess: {session} :: {time.ctime()}"
+    )
+    client = request.app["api_client"]
+    project = request.match_info["project"]
+    container = request.match_info["container"]
+    receivers = request.query["projects"].split(",")
+    rights = request.query["rights"].split(",")
+
+    headers = {"X-Auth-Token": session["projects"][project]["token"]}
+    read_acl = ""
+    write_acl = ""
+
+    async with client.head(
+        f"{session['projects'][project]['endpoint']}/{container}",
+        headers=headers,
+    ) as ret:
+        if "X-Container-Read" in ret.headers:
+            read_acl = ret.headers["X-Container-Read"]
+        if "X-Container-Write" in ret.headers:
+            write_acl = ret.headers["X-Container-Write"]
+    if "w" in rights:
+        for receiver in receivers:
+            write_acl += f",{receiver}:*"
+    else:
+        for receiver in receivers:
+            write_acl = write_acl.replace(f"{receiver}:*", "")
+
+    read_acl = read_acl.replace(",,", ",").strip(",")
+    write_acl = write_acl.replace(",,", ",").strip(",")
+
+    headers["X-Container-Read"] = read_acl
+    headers["X-Container-Write"] = write_acl
+
+    async with client.post(
+        f"{session['projects'][project]['endpoint']}/{container}", headers=headers
+    ) as ret:
+        if ret.status == 204:
+            return aiohttp.web.Response(status=200)
+        else:
+            raise aiohttp.web.HTTPNotFound()
+
+
 async def add_project_container_acl(
     request: aiohttp.web.Request,
 ) -> aiohttp.web.Response:

diff --git a/swift_browser_ui/ui/server.py b/swift_browser_ui/ui/server.py
@@ -27,6 +27,7 @@
     get_os_user,
     get_shared_container_address,
     get_upload_session,
+    modify_container_write_acl,
     os_list_projects,
     remove_container_acl,
     remove_project_container_acl,
@@ -244,6 +245,9 @@ async def on_prepare(
                 "/api/access/{project}/{container}/{receiver}",
                 remove_project_container_acl,
             ),
+            aiohttp.web.put(
+                "/api/access/{project}/{container}", modify_container_write_acl
+            ),
             aiohttp.web.get("/api/meta/{project}", swift_get_project_metadata),
             aiohttp.web.get(
                 "/api/meta/{project}/{container}", swift_get_metadata_container

diff --git a/swift_browser_ui_frontend/src/common/api.js b/swift_browser_ui_frontend/src/common/api.js
@@ -284,6 +284,25 @@ export async function removeAccessControlMeta(
   await DELETE(aclURL);
 }
 
+export async function modifyAccessControlMeta(
+  project,
+  container,
+  receivers,
+  rights,
+) {
+  // Modify access control metadata from the specified container
+  let url = "/api/access/".concat(
+    encodeURI(project), "/",
+    encodeURI(container),
+  );
+  const projects_csv = receivers.toString();
+  const aclURL = new URL(url, document.location.origin);
+  aclURL.searchParams.append("rights", rights);
+  aclURL.searchParams.append("projects", projects_csv);
+
+  await PUT(aclURL);
+}
+
 export async function addAccessControlMeta(
   project,
   container,

diff --git a/swift_browser_ui_frontend/src/components/ShareModalTable.vue b/swift_browser_ui_frontend/src/components/ShareModalTable.vue
@@ -22,6 +22,7 @@
 
 <script>
 import {
+  modifyAccessControlMeta,
   removeAccessControlMeta,
   GET,
 } from "@/common/api";
@@ -173,6 +174,20 @@ export default {
       else if (val === "read") rights.push("r");
       else rights.push("r", "w");
 
+      await modifyAccessControlMeta(
+        this.projectId,
+        this.folderName,
+        [sharedProjectId],
+        rights,
+      );
+
+      await modifyAccessControlMeta(
+        this.projectId,
+        `${this.folderName}_segments`,
+        [sharedProjectId],
+        rights,
+      );
+
       await this.$store.state.client.shareEditAccess(
         this.projectId,
         this.folderName,