Skip to content

Commit

Permalink
remove resharing
Browse files Browse the repository at this point in the history
Signed-off-by: jkoberg <[email protected]>
  • Loading branch information
kobergj committed Apr 2, 2024
1 parent 9c04f2d commit 86e87fd
Show file tree
Hide file tree
Showing 20 changed files with 40 additions and 92 deletions.
5 changes: 5 additions & 0 deletions changelog/unreleased/remove-resharing.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Enhancement: Remove resharing

Removed all code related to resharing

https://github.com/cs3org/reva/pull/4606
Original file line number Diff line number Diff line change
Expand Up @@ -327,7 +327,7 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
ProviderID: ocmshare.Id.OpaqueId,
Owner: formatOCMUser(&userpb.UserId{
OpaqueId: info.Owner.OpaqueId,
Idp: s.conf.ProviderDomain, // FIXME: this is not generally true in case of resharing
Idp: s.conf.ProviderDomain,
}),
Sender: formatOCMUser(&userpb.UserId{
OpaqueId: user.Id.OpaqueId,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -593,7 +593,7 @@ func isInternalLink(req *link.UpdatePublicShareRequest, ps *link.PublicShare) bo
}

func enforcePassword(canOptOut bool, permissions *provider.ResourcePermissions, conf *config) bool {
isReadOnly := conversions.SufficientCS3Permissions(conversions.NewViewerRole(true).CS3ResourcePermissions(), permissions)
isReadOnly := conversions.SufficientCS3Permissions(conversions.NewViewerRole().CS3ResourcePermissions(), permissions)
if isReadOnly && canOptOut {
return false
}
Expand Down
19 changes: 8 additions & 11 deletions internal/grpc/services/usershareprovider/usershareprovider.go
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,6 @@ type config struct {
Drivers map[string]map[string]interface{} `mapstructure:"drivers"`
GatewayAddr string `mapstructure:"gateway_addr"`
AllowedPathsForShares []string `mapstructure:"allowed_paths_for_shares"`
DisableResharing bool `mapstructure:"disable_resharing"`
}

func (c *config) init() {
Expand All @@ -68,7 +67,6 @@ type service struct {
sm share.Manager
gatewaySelector pool.Selectable[gateway.GatewayAPIClient]
allowedPathsForShares []*regexp.Regexp
disableResharing bool
}

func getShareManager(c *config) (share.Manager, error) {
Expand Down Expand Up @@ -129,16 +127,15 @@ func NewDefault(m map[string]interface{}, ss *grpc.Server) (rgrpc.Service, error
return nil, err
}

return New(gatewaySelector, sm, allowedPathsForShares, c.DisableResharing), nil
return New(gatewaySelector, sm, allowedPathsForShares), nil
}

// New creates a new user share provider svc
func New(gatewaySelector pool.Selectable[gateway.GatewayAPIClient], sm share.Manager, allowedPathsForShares []*regexp.Regexp, disableResharing bool) rgrpc.Service {
func New(gatewaySelector pool.Selectable[gateway.GatewayAPIClient], sm share.Manager, allowedPathsForShares []*regexp.Regexp) rgrpc.Service {
service := &service{
sm: sm,
gatewaySelector: gatewaySelector,
allowedPathsForShares: allowedPathsForShares,
disableResharing: disableResharing,
}

return service
Expand All @@ -160,10 +157,10 @@ func (s *service) CreateShare(ctx context.Context, req *collaboration.CreateShar
log := appctx.GetLogger(ctx)
user := ctxpkg.ContextMustGetUser(ctx)

// when resharing is disabled grants must not allow grant permissions
if s.disableResharing && HasGrantPermissions(req.GetGrant().GetPermissions().GetPermissions()) {
// Grants must not allow grant permissions
if HasGrantPermissions(req.GetGrant().GetPermissions().GetPermissions()) {
return &collaboration.CreateShareResponse{
Status: status.NewInvalidArg(ctx, "resharing not supported"),
Status: status.NewInvalidArg(ctx, "resharing not allowed"),
}, nil
}

Expand Down Expand Up @@ -342,10 +339,10 @@ func (s *service) UpdateShare(ctx context.Context, req *collaboration.UpdateShar
log := appctx.GetLogger(ctx)
user := ctxpkg.ContextMustGetUser(ctx)

// when resharing is disabled grants must not allow grant permissions
if s.disableResharing && HasGrantPermissions(req.GetShare().GetPermissions().GetPermissions()) {
// Grants must not allow grant permissions
if HasGrantPermissions(req.GetShare().GetPermissions().GetPermissions()) {
return &collaboration.UpdateShareResponse{
Status: status.NewInvalidArg(ctx, "resharing not supported"),
Status: status.NewInvalidArg(ctx, "resharing not allowed"),
}, nil
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -183,10 +183,9 @@ var _ = Describe("user share provider service", func() {
0,
),
)
Context("resharing disabled", func() {
Context("resharing is not allowed", func() {
JustBeforeEach(func() {
// disable resharing
rgrpcService := usershareprovider.New(gatewaySelector, manager, []*regexp.Regexp{}, true)
rgrpcService := usershareprovider.New(gatewaySelector, manager, []*regexp.Regexp{})

provider = rgrpcService.(collaborationpb.CollaborationAPIServer)
Expect(provider).ToNot(BeNil())
Expand Down
1 change: 0 additions & 1 deletion internal/http/services/owncloud/ocs/data/capabilities.go
Original file line number Diff line number Diff line change
Expand Up @@ -209,7 +209,6 @@ type CapabilitiesDav struct {
// CapabilitiesFilesSharing TODO document
type CapabilitiesFilesSharing struct {
APIEnabled ocsBool `json:"api_enabled" xml:"api_enabled" mapstructure:"api_enabled"`
Resharing ocsBool `json:"resharing" xml:"resharing"`
GroupSharing ocsBool `json:"group_sharing" xml:"group_sharing" mapstructure:"group_sharing"`
SharingRoles ocsBool `json:"sharing_roles" xml:"sharing_roles" mapstructure:"sharing_roles"`
DenyAccess ocsBool `json:"deny_access" xml:"deny_access" mapstructure:"deny_access"`
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -69,8 +69,6 @@ import (

const (
storageIDPrefix string = "shared::"

_resharingDefault bool = false
)

var (
Expand All @@ -92,7 +90,6 @@ type Handler struct {
userIdentifierCache *ttlcache.Cache
statCache cache.StatCache
deniable bool
resharing bool
publicPasswordEnforced passwordEnforced
passwordValidator password.Validator

Expand Down Expand Up @@ -146,7 +143,6 @@ func (h *Handler) Init(c *config.Config) error {
h.userIdentifierCache = ttlcache.NewCache()
_ = h.userIdentifierCache.SetTTL(time.Second * time.Duration(c.UserIdentifierCacheTTL))
h.deniable = c.EnableDenials
h.resharing = resharing(c)
h.publicPasswordEnforced = publicPwdEnforced(c)
h.passwordValidator = passwordPolicies(c)

Expand Down Expand Up @@ -320,7 +316,7 @@ func (h *Handler) CreateShare(w http.ResponseWriter, r *http.Request) {
response.WriteOCSSuccess(w, r, s)
case int(conversions.ShareTypePublicLink):
// public links default to read only
_, _, ocsErr := h.extractPermissions(reqRole, reqPermissions, statRes.Info, conversions.NewViewerRole(h.resharing))
_, _, ocsErr := h.extractPermissions(reqRole, reqPermissions, statRes.Info, conversions.NewViewerRole())
if ocsErr != nil && ocsErr.Error != conversions.ErrZeroPermission {
response.WriteOCSError(w, r, http.StatusForbidden, "No share permission", nil)
return
Expand All @@ -339,7 +335,7 @@ func (h *Handler) CreateShare(w http.ResponseWriter, r *http.Request) {
response.WriteOCSSuccess(w, r, s)
case int(conversions.ShareTypeFederatedCloudShare):
// federated shares default to read only
if role, val, err := h.extractPermissions(reqRole, reqPermissions, statRes.Info, conversions.NewViewerRole(h.resharing)); err == nil {
if role, val, err := h.extractPermissions(reqRole, reqPermissions, statRes.Info, conversions.NewViewerRole()); err == nil {
h.createFederatedCloudShare(w, r, statRes.Info, role, val)
}
case int(conversions.ShareTypeSpaceMembershipUser), int(conversions.ShareTypeSpaceMembershipGroup):
Expand Down Expand Up @@ -429,7 +425,7 @@ func (h *Handler) extractPermissions(reqRole string, reqPermissions string, ri *

// the share role overrides the requested permissions
if reqRole != "" {
role = conversions.RoleFromName(reqRole, h.resharing)
role = conversions.RoleFromName(reqRole)
}

// if the role is unknown - fall back to reqPermissions or defaultPermissions
Expand Down Expand Up @@ -1685,10 +1681,3 @@ func sufficientPermissions(existing, requested *provider.ResourcePermissions, is
rp := conversions.RoleFromResourcePermissions(requested, islink).OCSPermissions()
return ep.Contain(rp)
}

func resharing(c *config.Config) bool {
if c != nil && c.Capabilities.Capabilities != nil && c.Capabilities.Capabilities.FilesSharing != nil {
return bool(c.Capabilities.Capabilities.FilesSharing.Resharing)
}
return _resharingDefault
}
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,8 @@ func TestMarshal(t *testing.T) {
},
}

jsonExpect := `{"capabilities":{"core":null,"checksums":null,"files":null,"dav":null,"files_sharing":{"api_enabled":true,"resharing":false,"group_sharing":false,"sharing_roles":false,"deny_access":false,"auto_accept_share":false,"share_with_group_members_only":false,"share_with_membership_groups_only":false,"search_min_length":0,"default_permissions":0,"user_enumeration":null,"federation":null,"public":null,"user":null}},"version":null}`
xmlExpect := `<CapabilitiesData><capabilities><files_sharing><api_enabled>1</api_enabled><resharing>0</resharing><group_sharing>0</group_sharing><sharing_roles>0</sharing_roles><deny_access>0</deny_access><auto_accept_share>0</auto_accept_share><share_with_group_members_only>0</share_with_group_members_only><share_with_membership_groups_only>0</share_with_membership_groups_only><search_min_length>0</search_min_length><default_permissions>0</default_permissions></files_sharing></capabilities></CapabilitiesData>`
jsonExpect := `{"capabilities":{"core":null,"checksums":null,"files":null,"dav":null,"files_sharing":{"api_enabled":true,"group_sharing":false,"sharing_roles":false,"deny_access":false,"auto_accept_share":false,"share_with_group_members_only":false,"share_with_membership_groups_only":false,"search_min_length":0,"default_permissions":0,"user_enumeration":null,"federation":null,"public":null,"user":null}},"version":null}`
xmlExpect := `<CapabilitiesData><capabilities><files_sharing><api_enabled>1</api_enabled><group_sharing>0</group_sharing><sharing_roles>0</sharing_roles><deny_access>0</deny_access><auto_accept_share>0</auto_accept_share><share_with_group_members_only>0</share_with_group_members_only><share_with_membership_groups_only>0</share_with_membership_groups_only><search_min_length>0</search_min_length><default_permissions>0</default_permissions></files_sharing></capabilities></CapabilitiesData>`

jsonData, err := json.Marshal(&cd)
if err != nil {
Expand Down
4 changes: 2 additions & 2 deletions internal/http/services/sciencemesh/share.go
Original file line number Diff line number Diff line change
Expand Up @@ -150,9 +150,9 @@ func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
func getPermissionsByRole(role string) (*providerpb.ResourcePermissions, appprovider.ViewMode) {
switch role {
case "viewer":
return conversions.NewViewerRole(false).CS3ResourcePermissions(), appprovider.ViewMode_VIEW_MODE_READ_ONLY
return conversions.NewViewerRole().CS3ResourcePermissions(), appprovider.ViewMode_VIEW_MODE_READ_ONLY
case "editor":
return conversions.NewEditorRole(false).CS3ResourcePermissions(), appprovider.ViewMode_VIEW_MODE_READ_WRITE
return conversions.NewEditorRole().CS3ResourcePermissions(), appprovider.ViewMode_VIEW_MODE_READ_WRITE
}
return nil, 0
}
Expand Down
6 changes: 3 additions & 3 deletions pkg/cbox/utils/conversions.go
Original file line number Diff line number Diff line change
Expand Up @@ -145,12 +145,12 @@ func SharePermToInt(p *provider.ResourcePermissions) int {
func IntTosharePerm(p int, itemType string) *provider.ResourcePermissions {
switch p {
case 1:
return conversions.NewViewerRole(false).CS3ResourcePermissions()
return conversions.NewViewerRole().CS3ResourcePermissions()
case 15:
if itemType == "folder" {
return conversions.NewEditorRole(false).CS3ResourcePermissions()
return conversions.NewEditorRole().CS3ResourcePermissions()
}
return conversions.NewFileEditorRole(false).CS3ResourcePermissions()
return conversions.NewFileEditorRole().CS3ResourcePermissions()
case 4:
return conversions.NewUploaderRole().CS3ResourcePermissions()
default:
Expand Down
36 changes: 11 additions & 25 deletions pkg/conversions/role.go
Original file line number Diff line number Diff line change
Expand Up @@ -141,20 +141,20 @@ func (r *Role) WebDAVPermissions(isDir, isShared, isMountpoint, isPublic bool) s
}

// RoleFromName creates a role from the name
func RoleFromName(name string, sharing bool) *Role {
func RoleFromName(name string) *Role {
switch name {
case RoleDenied:
return NewDeniedRole()
case RoleViewer:
return NewViewerRole(sharing)
return NewViewerRole()
case RoleSpaceViewer:
return NewSpaceViewerRole()
case RoleEditor:
return NewEditorRole(sharing)
return NewEditorRole()
case RoleSpaceEditor:
return NewSpaceEditorRole()
case RoleFileEditor:
return NewFileEditorRole(sharing)
return NewFileEditorRole()
case RoleUploader:
return NewUploaderRole()
case RoleManager:
Expand Down Expand Up @@ -183,15 +183,11 @@ func NewDeniedRole() *Role {
}

// NewViewerRole creates a viewer role. `sharing` indicates if sharing permission should be added
func NewViewerRole(sharing bool) *Role {
func NewViewerRole() *Role {
p := PermissionRead
if sharing {
p |= PermissionShare
}
return &Role{
Name: RoleViewer,
cS3ResourcePermissions: &provider.ResourcePermissions{
AddGrant: sharing,
GetPath: true,
GetQuota: true,
InitiateFileDownload: true,
Expand Down Expand Up @@ -221,15 +217,11 @@ func NewSpaceViewerRole() *Role {
}

// NewEditorRole creates an editor role. `sharing` indicates if sharing permission should be added
func NewEditorRole(sharing bool) *Role {
func NewEditorRole() *Role {
p := PermissionRead | PermissionCreate | PermissionWrite | PermissionDelete
if sharing {
p |= PermissionShare
}
return &Role{
Name: RoleEditor,
cS3ResourcePermissions: &provider.ResourcePermissions{
AddGrant: sharing,
CreateContainer: true,
Delete: true,
GetPath: true,
Expand Down Expand Up @@ -271,15 +263,11 @@ func NewSpaceEditorRole() *Role {
}

// NewFileEditorRole creates a file-editor role
func NewFileEditorRole(sharing bool) *Role {
func NewFileEditorRole() *Role {
p := PermissionRead | PermissionWrite
if sharing {
p |= PermissionShare
}
return &Role{
Name: RoleEditor,
cS3ResourcePermissions: &provider.ResourcePermissions{
AddGrant: sharing,
GetPath: true,
GetQuota: true,
InitiateFileDownload: true,
Expand Down Expand Up @@ -384,21 +372,19 @@ func RoleFromOCSPermissions(p Permissions, ri *provider.ResourceInfo) *Role {

if p.Contain(PermissionRead) {
if p.Contain(PermissionWrite) && p.Contain(PermissionCreate) && p.Contain(PermissionDelete) {
if p.Contain(PermissionShare) {
return NewEditorRole(true)
}

if isSpaceRoot(ri) {
return NewSpaceEditorRole()
}

return NewEditorRole()
}

if p == PermissionRead && isSpaceRoot(ri) {
return NewSpaceViewerRole()
}

if p == PermissionRead|PermissionShare && !isSpaceRoot(ri) {
return NewViewerRole(true)
if p == PermissionRead && !isSpaceRoot(ri) {
return NewViewerRole()
}
}
if p == PermissionCreate {
Expand Down
6 changes: 2 additions & 4 deletions pkg/storage/utils/eosfs/eosfs.go
Original file line number Diff line number Diff line change
Expand Up @@ -83,8 +83,6 @@ const LockTypeKey = "reva.lock.type"

var hiddenReg = regexp.MustCompile(`\.sys\..#.`)

var _resharing = false

func (c *Config) init() {
c.Namespace = path.Clean(c.Namespace)
if !strings.HasPrefix(c.Namespace, "/") {
Expand Down Expand Up @@ -2129,12 +2127,12 @@ func (fs *eosfs) permissionSet(ctx context.Context, eosFileInfo *eosclient.FileI
// The role names should not be hardcoded any more as they will come from config in the future
if publicShare, ok := u.Opaque.Map["public-share-role"]; ok {
if string(publicShare.Value) == "editor" {
return conversions.NewEditorRole(_resharing).CS3ResourcePermissions()
return conversions.NewEditorRole().CS3ResourcePermissions()
} else if string(publicShare.Value) == "uploader" {
return conversions.NewUploaderRole().CS3ResourcePermissions()
}
// Default to viewer role
return conversions.NewViewerRole(_resharing).CS3ResourcePermissions()
return conversions.NewViewerRole().CS3ResourcePermissions()
}
}

Expand Down
18 changes: 0 additions & 18 deletions tests/integration/grpc/ocm_share_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -687,24 +687,6 @@ var _ = Describe("ocm share", func() {
})
Expect(err).ToNot(HaveOccurred())
Expect(createShareRes.Status.Code).To(Equal(rpcv1beta1.Code_CODE_OK))

By("resharing the same file with marie")

createShareRes2, err := cernboxgw.CreateOCMShare(ctxEinstein, &ocmv1beta1.CreateOCMShareRequest{
ResourceId: info.Id,
Grantee: &provider.Grantee{
Type: provider.GranteeType_GRANTEE_TYPE_USER,
Id: &provider.Grantee_UserId{
UserId: federatedMarieID,
},
},
AccessMethods: []*ocmv1beta1.AccessMethod{
share.NewWebDavAccessMethod(conversions.NewEditorRole(false).CS3ResourcePermissions()),
},
RecipientMeshProvider: cesnet.ProviderInfo,
})
Expect(err).ToNot(HaveOccurred())
Expect(createShareRes2.Status.Code).To(Equal(rpcv1beta1.Code_CODE_ALREADY_EXISTS))
})
})

Expand Down
1 change: 0 additions & 1 deletion tests/oc-integration-tests/drone/frontend-global.toml
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,6 @@ versionstring = "10.0.11"

[http.services.ocs.capabilities.capabilities.files_sharing]
api_enabled = true
resharing = true
group_sharing = true
auto_accept_share = true
share_with_group_members_only = true
Expand Down
1 change: 0 additions & 1 deletion tests/oc-integration-tests/drone/frontend.toml
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,6 @@ versionstring = "10.0.11"

[http.services.ocs.capabilities.capabilities.files_sharing]
api_enabled = true
resharing = true
group_sharing = true
auto_accept_share = true
share_with_group_members_only = true
Expand Down
1 change: 0 additions & 1 deletion tests/oc-integration-tests/local-mesh/frontend-global.toml
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,6 @@ versionstring = "10.0.11"

[http.services.ocs.capabilities.capabilities.files_sharing]
api_enabled = true
resharing = true
group_sharing = true
auto_accept_share = true
share_with_group_members_only = true
Expand Down
1 change: 0 additions & 1 deletion tests/oc-integration-tests/local-mesh/frontend.toml
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,6 @@ versionstring = "10.0.11"

[http.services.ocs.capabilities.capabilities.files_sharing]
api_enabled = true
resharing = true
group_sharing = true
auto_accept_share = true
share_with_group_members_only = true
Expand Down
Loading

0 comments on commit 86e87fd

Please sign in to comment.