Skip to content

Commit

Permalink
Merge pull request #3922 from kobergj/PermissionRenaming
Browse files Browse the repository at this point in the history
Rename Permissions
  • Loading branch information
kobergj authored May 31, 2023
2 parents c353eb1 + d7a7a10 commit bc9a3b6
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 14 deletions.
5 changes: 5 additions & 0 deletions changelog/unreleased/rename-permissions.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Enhancement: Rename permissions

Rename permissions to be consistent and future proof

https://github.com/cs3org/reva/pull/3922
4 changes: 2 additions & 2 deletions pkg/permission/permission.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,9 @@ import (

const (
// ListAllSpaces is the hardcoded name for the list all spaces permission
ListAllSpaces string = "list-all-spaces"
ListAllSpaces string = "Drives.List"
// CreateSpace is the hardcoded name for the create space permission
CreateSpace string = "create-space"
CreateSpace string = "Drives.Create"
// WritePublicLink is the hardcoded name for the PublicLink.Write permission
WritePublicLink string = "PublicLink.Write"
)
Expand Down
16 changes: 8 additions & 8 deletions pkg/storage/utils/decomposedfs/spacepermissions.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ func (p Permissions) AssemblePermissions(ctx context.Context, n *node.Node) (pro

// CreateSpace returns true when the user is allowed to create the space
func (p Permissions) CreateSpace(ctx context.Context, spaceid string) bool {
return p.checkPermission(ctx, "create-space", spaceRef(spaceid))
return p.checkPermission(ctx, "Drives.Create", spaceRef(spaceid))
}

// SetSpaceQuota returns true when the user is allowed to change the spaces quota
Expand All @@ -50,25 +50,25 @@ func (p Permissions) SetSpaceQuota(ctx context.Context, spaceid string, spaceTyp
default:
return false // only quotas of personal and project space may be changed
case _spaceTypePersonal:
return p.checkPermission(ctx, "set-space-quota", spaceRef(spaceid))
return p.checkPermission(ctx, "Drives.ReadWritePersonalQuota", spaceRef(spaceid))
case _spaceTypeProject:
return p.checkPermission(ctx, "Drive.ReadWriteQuota.Project", spaceRef(spaceid))
return p.checkPermission(ctx, "Drives.ReadWriteProjectQuota", spaceRef(spaceid))
}
}

// ManageSpaceProperties returns true when the user is allowed to change space properties (name/subtitle)
func (p Permissions) ManageSpaceProperties(ctx context.Context, spaceid string) bool {
return p.checkPermission(ctx, "Drive.ReadWrite", spaceRef(spaceid))
return p.checkPermission(ctx, "Drives.ReadWrite", spaceRef(spaceid))
}

// SpaceAbility returns true when the user is allowed to enable/disable the space
func (p Permissions) SpaceAbility(ctx context.Context, spaceid string) bool {
return p.checkPermission(ctx, "Drive.ReadWriteEnabled", spaceRef(spaceid))
return p.checkPermission(ctx, "Drives.ReadWriteEnabled", spaceRef(spaceid))
}

// ListAllSpaces returns true when the user is allowed to list all spaces
func (p Permissions) ListAllSpaces(ctx context.Context) bool {
return p.checkPermission(ctx, "list-all-spaces", nil)
return p.checkPermission(ctx, "Drives.List", nil)
}

// ListSpacesOfUser returns true when the user is allowed to list the spaces of the given user
Expand All @@ -86,12 +86,12 @@ func (p Permissions) ListSpacesOfUser(ctx context.Context, userid *userv1beta1.U

// DeleteAllSpaces returns true when the user is allowed to delete all spaces
func (p Permissions) DeleteAllSpaces(ctx context.Context) bool {
return p.checkPermission(ctx, "delete-all-spaces", nil)
return p.checkPermission(ctx, "Drives.DeleteProject", nil)
}

// DeleteAllHomeSpaces returns true when the user is allowed to delete all home spaces
func (p Permissions) DeleteAllHomeSpaces(ctx context.Context) bool {
return p.checkPermission(ctx, "delete-all-home-spaces", nil)
return p.checkPermission(ctx, "Drives.DeletePersonal", nil)
}

// checkPermission is used to check a users space permissions
Expand Down
8 changes: 4 additions & 4 deletions pkg/storage/utils/decomposedfs/spaces_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,13 +49,13 @@ var _ = Describe("Spaces", func() {
Expect(err).ToNot(HaveOccurred())
env.PermissionsClient.On("CheckPermission", mock.Anything, mock.Anything, mock.Anything).Return(
func(ctx context.Context, in *cs3permissions.CheckPermissionRequest, opts ...grpc.CallOption) *cs3permissions.CheckPermissionResponse {
if in.Permission == "delete-all-home-spaces" && ctxpkg.ContextMustGetUser(ctx).Id.GetOpaqueId() == env.DeleteHomeSpacesUser.Id.OpaqueId {
if in.Permission == "Drives.DeletePersonal" && ctxpkg.ContextMustGetUser(ctx).Id.GetOpaqueId() == env.DeleteHomeSpacesUser.Id.OpaqueId {
return &cs3permissions.CheckPermissionResponse{Status: &rpcv1beta1.Status{Code: rpcv1beta1.Code_CODE_OK}}
}
if in.Permission == "delete-all-spaces" && ctxpkg.ContextMustGetUser(ctx).Id.GetOpaqueId() == env.DeleteAllSpacesUser.Id.OpaqueId {
if in.Permission == "Drives.DeleteProject" && ctxpkg.ContextMustGetUser(ctx).Id.GetOpaqueId() == env.DeleteAllSpacesUser.Id.OpaqueId {
return &cs3permissions.CheckPermissionResponse{Status: &rpcv1beta1.Status{Code: rpcv1beta1.Code_CODE_OK}}
}
if (in.Permission == "create-space" || in.Permission == "list-all-spaces") && ctxpkg.ContextMustGetUser(ctx).Id.GetOpaqueId() == helpers.OwnerID {
if (in.Permission == "Drives.Create" || in.Permission == "Drives.List") && ctxpkg.ContextMustGetUser(ctx).Id.GetOpaqueId() == helpers.OwnerID {
return &cs3permissions.CheckPermissionResponse{Status: &rpcv1beta1.Status{Code: rpcv1beta1.Code_CODE_OK}}
}
// any other user
Expand Down Expand Up @@ -316,7 +316,7 @@ var _ = Describe("Spaces", func() {
switch ctxpkg.ContextMustGetUser(ctx).GetId().GetOpaqueId() {
case manager.GetId().GetOpaqueId():
switch in.Permission {
case "create-space":
case "Drives.Create":
return &cs3permissions.CheckPermissionResponse{Status: &rpcv1beta1.Status{Code: rpcv1beta1.Code_CODE_OK}}
default:
return &cs3permissions.CheckPermissionResponse{Status: &rpcv1beta1.Status{Code: rpcv1beta1.Code_CODE_PERMISSION_DENIED}}
Expand Down

0 comments on commit bc9a3b6

Please sign in to comment.