diff --git a/changelog/unreleased/fix-webdav-upload-permissions.md b/changelog/unreleased/fix-webdav-upload-permissions.md new file mode 100644 index 0000000000..757cdd91d2 --- /dev/null +++ b/changelog/unreleased/fix-webdav-upload-permissions.md @@ -0,0 +1,7 @@ +Bugfix: Fix the returned permissions for webdav uploads + +We've fixed the returned permissions for webdav uploads. It did not consider +shares and public links for the permission calculation, but does so now. + +https://github.com/cs3org/reva/pull/2179 +https://github.com/cs3org/reva/pull/2151 diff --git a/internal/http/services/owncloud/ocdav/tus.go b/internal/http/services/owncloud/ocdav/tus.go index bd1cf39b0e..b1dbc073fd 100644 --- a/internal/http/services/owncloud/ocdav/tus.go +++ b/internal/http/services/owncloud/ocdav/tus.go @@ -20,6 +20,7 @@ package ocdav import ( "context" + "encoding/json" "net/http" "path" "strconv" @@ -27,6 +28,7 @@ import ( "time" rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1" + link "github.com/cs3org/go-cs3apis/cs3/sharing/link/v1beta1" provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1" typespb "github.com/cs3org/go-cs3apis/cs3/types/v1beta1" "github.com/cs3org/reva/internal/http/services/owncloud/ocs/conversions" @@ -297,12 +299,21 @@ func (s *svc) handleTusPost(ctx context.Context, w http.ResponseWriter, r *http. } // get WebDav permissions for file + isPublic := false + if info.Opaque != nil && info.Opaque.Map != nil { + if info.Opaque.Map["link-share"] != nil && info.Opaque.Map["link-share"].Decoder == "json" { + ls := &link.PublicShare{} + _ = json.Unmarshal(info.Opaque.Map["link-share"].Value, ls) + isPublic = ls != nil + } + } + isShared := !isCurrentUserOwner(ctx, info.Owner) role := conversions.RoleFromResourcePermissions(info.PermissionSet) permissions := role.WebDAVPermissions( info.Type == provider.ResourceType_RESOURCE_TYPE_CONTAINER, + isShared, false, - false, - false, + isPublic, ) w.Header().Set(HeaderContentType, info.MimeType)