-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhancement: calculate and expose actual file permission set #1368
Enhancement: calculate and expose actual file permission set #1368
Conversation
Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes. |
Note: drone CI is not running for some reason today. So we are not getting results to know if the behaviour is improved or not. |
This pull request introduces 1 alert when merging 761ca60 into e791b55 - view on LGTM.com new alerts:
|
87713dd
to
9637661
Compare
15f25f8
to
8238918
Compare
8238918
to
b976591
Compare
79a0ae9
to
3855e0e
Compare
@butonic looks good to me. We'll take care of the EOS implementation. There is a conflict to be resolved, maybe just rebase on top of master. |
3855e0e
to
bbceb1c
Compare
@labkode looking at public links I see that we need to add permission checks and permission set filters to the publicstorageprovider.go from @refs because in the case of public shares ... the storage providers currently cannot determine the permissions ... because only the publicshare manager persists them. We could implement a publicshare manager that persists shares in the storage ... which would be trivial for ocis. I asume you could persist additional metadata like expiry etc in eos as well ... the question is where should the code live that limits the cs3 permissions set to what the currently logged in user is allowed to do? We should let the underlying storage system handle as many permission checks as possible, which is would allow a tight eos integration. On the other hand permissions for public links need to be handled in the cs3 publicstorageprovider, based on the share permissions... For the ocis driver we handle permission checks in the driver because we don't integrate with the underlying posix filesystem on purpose. @labkode do you see my problem with the sharing responsibilities? |
anyway ... this PR can go in as is |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome! 👍
fb3c5b3
to
6063f11
Compare
bug while testing:
expected: admin should be able to delete the file as she is the owner of the shared folder |
|
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
763de06
to
074d616
Compare
This pull request introduces 1 alert when merging 074d616 into 23e52dc - view on LGTM.com new alerts:
|
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
now at 200+ fixed features:
|
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
d367114
to
c69f470
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, the permissions are much better than before. IMO after merging this, people can work on more of the "ToDo"
A later analysis at https://lgtm.com/projects/g/cs3org/reva/rev/pr-6affa6881c70272cacb9a1b528350a524a4c180d no longer complains about that. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can merge this. I'll add the ACL traversal for eos. Since we don't really have permissions support for localfs, we can just let it be.
// files never have the create container permission | ||
if md.Type == provider.ResourceType_RESOURCE_TYPE_FILE && md.PermissionSet != nil { | ||
// we need to copy the permission set in case it was reused when passing it in while listing a collection | ||
md.PermissionSet = copyPermissionSet(md.PermissionSet) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since we're assigning the permissions to the same variable, we do lose the original value. Why are we making a separate copy then?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PermissionSet is a struct which is passed by reference. There are code paths that will change the PermissionSet for files, because they never have delete or create permission IIRC. When listing a folder this would change the default PermissionSet and folders that are rendered after a file would retain the changed default. 💥
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes but this particular function is called only from one place and we're forgetting the original reference (since we're storing the returned struct there) so essentially there's no way to get that back.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok, you are right ... I tried cleaning the permissions and roles stuff up. I think I was confusing this with the storage drivers ...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
all tests green!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perfect!
About the EOS ACLs, EOS is different to local/ocis filesystems, EOS does not do ACL traversal, ACLs are examined on the node (not from parents). It is possible in EOS to not have any permissions on /a/b/ but have on /a/b/c. This change in respect to UNIX is one of the design choices to reach high scalability. |
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
Instead of hardcoding the permissions set for every file and folder to
ListContainer:true, CreateContainer:true
and always reporting the hardcoded stringWCKDNVR
for the WebDAV permissions we now aggregate the actual cs3 resource permissions in the storage drivers and correctly map them to ocs permissions and webdav permissions using a common role struct that encapsulates the mapping logic.use ocdav.HandleErrorStatus in more placesleft for another PR I already touched too many things.ListContainer:true, CreateContainer:true
eosI hardcoded returning all permissions, similar to what the ocs api was doing prior to this PR.localI hardcoded returning all permissions, similar to what the ocs api was doing prior to this PR.s3I hardcoded returning all permissions, similar to what the ocs api was doing prior to this PR.owncloudI hardcoded returning all permissions, similar to what the ocs api was doing prior to this PR.should fix
related
@labkode eos, localfs, and the other storages need to return a proper PermissionSet for the logged in user so the ocs api can actually return the right ocs permissions. For the ocis I implemented a
ReadUserPermissions()
that aggregates the permissions on all segments of the path.ReadUserPermissions()
is called inGetMD()
andListContainer()
. It should be possible to aggregate the permission set for the other storages in a similar manner. Can eos return the acl or permissions for the current user in the fileinfo or is that another call. ... well it might not be necessary if eos really cannot store acls on files directly (only via fuse richacls).Another option might be to push setting the permission set to the gateway. it could use the storage registry to fill in the permissions without having to stat every path segment, because it can look at the mount points of shares.
Anyway, this PR currently tries to check if the current user is the owner and returns all permissions if that is the case. This works on eos, ocis, local and owncloud AFAICT. not on s3, yet. For shared folders the ocis driver aggregates the permissions. I did not do thet for the other storages yet, but would start implementing it in the same way, unless you have a better idea how to do it more efficiently. For now I want to make it work. Profiling to make it fast comes later.