Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for lightweight user types #1744

Merged
merged 23 commits into from
Jul 12, 2021
Merged

Conversation

ishank011
Copy link
Contributor

@ishank011 ishank011 commented May 28, 2021

This PR adds support for assigning and consuming user type when setting/reading users. On top of that, support for lightweight users is added. These users have to be restricted to accessing only shares received by them, which is accomplished by expanding the existing RBAC scope.

In EOS, ACLs for such users cannot be persisted, so for keeping track of the allowed permissions, we maintain shares with lightweight accounts in an extended system xattr sys.reva.lwshare and these are enforced by minting tokens for such accounts allowing access to the shared resource on behalf of the resource owner

Test requests:

$ curl --location --request POST 'http://localhost:19001/ocs/v1.php/apps/files_sharing/api/v1/shares?shareType=0&path=/abc&shareWith=lwaccount' -u einstein:relativity # returns 200
$ curl -k GET 'http://localhost:19001/ocs/v1.php/apps/files_sharing/api/v1/shares?shared_with_me=true&state=all' -u lwaccount:lightweight # returns 200
$ curl -k -X PROPFIND http://localhost:19001/remote.php/webdav/reva/einstein/abc -u lwaccount:lightweight # returns 207
$ curl -k -X PROPFIND http://localhost:19001/remote.php/webdav/reva/einstein/pqr -u lwaccount:lightweight # returns 500 TODO: should return 403 (need to fix ocdav response codes)
$ curl -k -X GET http://localhost:19001/remote.php/webdav/reva/einstein/abc/a.txt -u lwaccount:lightweight # returns 200

@ishank011 ishank011 changed the title Assign and consume user type when setting/reading users Add support for lightweight user types Jun 1, 2021
@ishank011 ishank011 force-pushed the user-type branch 3 times, most recently from a0044f7 to 85bb7a1 Compare June 4, 2021 12:53
@ishank011 ishank011 force-pushed the user-type branch 3 times, most recently from 4e75a3d to 91cff17 Compare July 7, 2021 17:37
@ishank011 ishank011 marked this pull request as ready for review July 8, 2021 15:32
@ishank011 ishank011 requested a review from labkode as a code owner July 8, 2021 15:32
@labkode labkode merged commit f8b91e1 into cs3org:master Jul 12, 2021
@ishank011 ishank011 deleted the user-type branch July 12, 2021 18:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants