fix: dav delete via resource id

Fixes an issue where deleting a resource via its id, using the `/dav/spaces/{fileId}` endpoint, wouldn't work. The issue was happening because the code was checking for an empty path to prevent spaces from being deleted this way (because spaces have an empty path). When only providing a resource id however, the path will be empty for regular resources as well. For this reason we now additionally check for the resource's `opaqueId`. If the resource doesn't have such and the path is empty, we can assume that it's a space and prevent deletion via the dav endpoint.
cs3org · Jul 19, 2024 · e165045 · e165045
1 parent 11ee452
commit e165045
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/changelog/unreleased/fix-dav-id-based-delete.md b/changelog/unreleased/fix-dav-id-based-delete.md
@@ -0,0 +1,6 @@
+Bugfix: Deleting resources via their id
+
+We fixed a bug where deleting resources by using their id via the `/dav/spaces/` endpoint would not work.
+
+https://github.com/cs3org/reva/pull/4771
+https://github.com/owncloud/ocis/issues/9619
diff --git a/internal/http/services/owncloud/ocdav/delete.go b/internal/http/services/owncloud/ocdav/delete.go
@@ -137,8 +137,8 @@ func (s *svc) handleSpacesDelete(w http.ResponseWriter, r *http.Request, spaceID
 
 	// do not allow deleting spaces via dav endpoint - use graph endpoint instead
 	// we get a relative reference coming from the space root
-	// so if the path is "empty" we a referencing the space
-	if ref.GetPath() == "." {
+	// so if the path is "empty" and no opaque id is present, we are referencing the space
+	if ref.GetPath() == "." && ref.GetResourceId().GetOpaqueId() == "" {
 		return http.StatusMethodNotAllowed, errors.New("deleting spaces via dav is not allowed")
 	}