Skip to content

Commit

Permalink
Merge user ACLs from EOS to sys ACLs
Browse files Browse the repository at this point in the history
  • Loading branch information
ishank011 committed Nov 9, 2021
1 parent 80f5ec9 commit 519aa3d
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 8 deletions.
3 changes: 3 additions & 0 deletions changelog/unreleased/eos-file-perms.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Bugfix: Merge user ACLs from EOS to sys ACLs

https://github.com/cs3org/reva/pull/2247
5 changes: 3 additions & 2 deletions pkg/cbox/storage/eoswrapper/eoswrapper.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ import (
"github.com/Masterminds/sprig"
provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
ctxpkg "github.com/cs3org/reva/pkg/ctx"
"github.com/cs3org/reva/pkg/errtypes"
"github.com/cs3org/reva/pkg/storage"
"github.com/cs3org/reva/pkg/storage/fs/registry"
"github.com/cs3org/reva/pkg/storage/utils/eosfs"
Expand Down Expand Up @@ -154,7 +153,9 @@ func (w *wrapper) setProjectSharingPermissions(ctx context.Context, r *provider.
// Extract project name from the path resembling /c/cernbox or /c/cernbox/minutes/..
parts := strings.SplitN(r.Path, "/", 4)
if len(parts) != 4 && len(parts) != 3 {
return errtypes.BadRequest("eoswrapper: path does not follow the allowed format")
// The request might be for / or /$letter
// Nothing to do in that case
return nil
}
adminGroup := projectSpaceGroupsPrefix + parts[2] + projectSpaceAdminGroupsSuffix
user := ctxpkg.ContextMustGetUser(ctx)
Expand Down
33 changes: 27 additions & 6 deletions pkg/eosclient/eosbinary/eosbinary.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ import (
const (
versionPrefix = ".sys.v#."
lwShareAttrKey = "reva.lwshare"
userACLEvalKey = "eval.useracl"
)

const (
Expand Down Expand Up @@ -296,7 +297,7 @@ func (c *Client) AddACL(ctx context.Context, auth, rootAuth eosclient.Authorizat

if a.Type == acl.TypeLightweight {
sysACL := ""
aclStr, ok := finfo.Attrs[lwShareAttrKey]
aclStr, ok := finfo.Attrs["sys."+lwShareAttrKey]
if ok {
acls, err := acl.Parse(aclStr, acl.ShortTextForm)
if err != nil {
Expand Down Expand Up @@ -330,7 +331,7 @@ func (c *Client) AddACL(ctx context.Context, auth, rootAuth eosclient.Authorizat
args = append(args, "--user")
userACLAttr := &eosclient.Attribute{
Type: SystemAttr,
Key: "eval.useracl",
Key: userACLEvalKey,
Val: "1",
}
if err = c.SetAttr(ctx, auth, userACLAttr, false, path); err != nil {
Expand Down Expand Up @@ -360,7 +361,7 @@ func (c *Client) RemoveACL(ctx context.Context, auth, rootAuth eosclient.Authori

if a.Type == acl.TypeLightweight {
sysACL := ""
aclStr, ok := finfo.Attrs[lwShareAttrKey]
aclStr, ok := finfo.Attrs["sys."+lwShareAttrKey]
if ok {
acls, err := acl.Parse(aclStr, acl.ShortTextForm)
if err != nil {
Expand Down Expand Up @@ -979,7 +980,10 @@ func (c *Client) parseFileInfo(raw string) (*eosclient.FileInfo, error) {
// handle xattrn and xattrv special cases
switch {
case partsByEqual[0] == "xattrn":
previousXAttr = strings.Replace(partsByEqual[1], "user.", "", 1)
previousXAttr = partsByEqual[1]
if previousXAttr != "user.acl" {
previousXAttr = strings.Replace(previousXAttr, "user.", "", 1)
}
case partsByEqual[0] == "xattrv":
attrs[previousXAttr] = partsByEqual[1]
previousXAttr = ""
Expand Down Expand Up @@ -1090,8 +1094,25 @@ func (c *Client) mapToFileInfo(kv, attrs map[string]string) (*eosclient.FileInfo
if err != nil {
return nil, err
}
lwACLStr, ok := attrs[lwShareAttrKey]
if ok {

// Read user ACLs if sys.eval.useracl is set
if userACLEval, ok := attrs["sys."+userACLEvalKey]; ok && userACLEval == "1" {
if userACL, ok := attrs["user.acl"]; ok {
userAcls, err := acl.Parse(userACL, acl.ShortTextForm)
if err != nil {
return nil, err
}
for _, e := range userAcls.Entries {
err = sysACL.SetEntry(e.Type, e.Qualifier, e.Permissions)
if err != nil {
return nil, err
}
}
}
}

// Read lightweight ACLs recognized by the sys.reva.lwshare attr
if lwACLStr, ok := attrs["sys."+lwShareAttrKey]; ok {
lwAcls, err := acl.Parse(lwACLStr, acl.ShortTextForm)
if err != nil {
return nil, err
Expand Down

0 comments on commit 519aa3d

Please sign in to comment.