From 853c550eab0d9345331e80aa4f30bf802cfaec24 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Sat, 4 Feb 2023 20:11:55 +0100 Subject: [PATCH 1/6] do not show versions to the share receiver --- .../http/services/owncloud/ocs/conversions/role.go | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/internal/http/services/owncloud/ocs/conversions/role.go b/internal/http/services/owncloud/ocs/conversions/role.go index c854dcc18c..c06dc4c32b 100644 --- a/internal/http/services/owncloud/ocs/conversions/role.go +++ b/internal/http/services/owncloud/ocs/conversions/role.go @@ -184,7 +184,6 @@ func NewViewerRole() *Role { GetQuota: true, InitiateFileDownload: true, ListContainer: true, - ListFileVersions: true, ListRecycle: true, Stat: true, }, @@ -201,7 +200,6 @@ func NewSpaceViewerRole() *Role { GetQuota: true, InitiateFileDownload: true, ListContainer: true, - ListFileVersions: true, ListGrants: true, ListRecycle: true, Stat: true, @@ -223,11 +221,9 @@ func NewEditorRole() *Role { InitiateFileDownload: true, InitiateFileUpload: true, ListContainer: true, - ListFileVersions: true, ListRecycle: true, Move: true, PurgeRecycle: true, - RestoreFileVersion: true, RestoreRecycleItem: true, Stat: true, }, @@ -270,11 +266,9 @@ func NewFileEditorRole() *Role { InitiateFileDownload: true, ListGrants: true, ListContainer: true, - ListFileVersions: true, ListRecycle: true, Stat: true, InitiateFileUpload: true, - RestoreFileVersion: true, RestoreRecycleItem: true, }, ocsPermissions: PermissionRead | PermissionWrite, @@ -374,7 +368,7 @@ func NewLegacyRoleFromOCSPermissions(p Permissions) *Role { if p.Contain(PermissionRead) { r.cS3ResourcePermissions.ListContainer = true // r.cS3ResourcePermissions.ListGrants = true - r.cS3ResourcePermissions.ListFileVersions = true + // r.cS3ResourcePermissions.ListFileVersions = true r.cS3ResourcePermissions.ListRecycle = true r.cS3ResourcePermissions.Stat = true r.cS3ResourcePermissions.GetPath = true @@ -383,7 +377,7 @@ func NewLegacyRoleFromOCSPermissions(p Permissions) *Role { } if p.Contain(PermissionWrite) { r.cS3ResourcePermissions.InitiateFileUpload = true - r.cS3ResourcePermissions.RestoreFileVersion = true + // r.cS3ResourcePermissions.RestoreFileVersion = true r.cS3ResourcePermissions.RestoreRecycleItem = true } if p.Contain(PermissionCreate) { @@ -429,7 +423,7 @@ func RoleFromResourcePermissions(rp *provider.ResourcePermissions, islink bool) return r } if rp.ListContainer && - rp.ListFileVersions && + // rp.ListFileVersions && rp.ListRecycle && rp.Stat && rp.GetPath && @@ -438,7 +432,7 @@ func RoleFromResourcePermissions(rp *provider.ResourcePermissions, islink bool) r.ocsPermissions |= PermissionRead } if rp.InitiateFileUpload && - rp.RestoreFileVersion && + // rp.RestoreFileVersion && rp.RestoreRecycleItem { r.ocsPermissions |= PermissionWrite } From 4c4e5921bef1cee740b01935de2bfb70dae5133a Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Sat, 4 Feb 2023 20:19:06 +0100 Subject: [PATCH 2/6] add changelog --- changelog/unreleased/hide-file-versions-shares.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 changelog/unreleased/hide-file-versions-shares.md diff --git a/changelog/unreleased/hide-file-versions-shares.md b/changelog/unreleased/hide-file-versions-shares.md new file mode 100644 index 0000000000..528a4101e7 --- /dev/null +++ b/changelog/unreleased/hide-file-versions-shares.md @@ -0,0 +1,5 @@ +Change: Hide file versions for share receivers + +We needed to change the visibility of file versions and hide them to share receivers. Space Editors can still see and restore file versions. + +https://github.com/cs3org/reva/pull/3641 From 0a947d030b2ef50180c15dd1f22fee8239001914 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Wed, 8 Feb 2023 12:22:50 +0100 Subject: [PATCH 3/6] use modified test definitions --- .drone.env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.env b/.drone.env index 3a568199df..489058a2d4 100644 --- a/.drone.env +++ b/.drone.env @@ -1,4 +1,4 @@ # The test runner source for API tests -APITESTS_COMMITID=76cc388e4546d4e588515c6c7d624829a674163a -APITESTS_BRANCH=master +APITESTS_COMMITID=f4ae082265c54013f28e7facb892d6fdc943e827 +APITESTS_BRANCH=dont-share-versions APITESTS_REPO_GIT_URL=https://github.com/owncloud/ocis.git From 77ac8067882d133f5bfdbd57eecfe4f4a1e65b93 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Wed, 8 Feb 2023 16:03:50 +0100 Subject: [PATCH 4/6] adapt some return values --- .drone.env | 2 +- internal/http/services/owncloud/ocdav/versions.go | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/.drone.env b/.drone.env index 489058a2d4..f52f3ba146 100644 --- a/.drone.env +++ b/.drone.env @@ -1,4 +1,4 @@ # The test runner source for API tests -APITESTS_COMMITID=f4ae082265c54013f28e7facb892d6fdc943e827 +APITESTS_COMMITID=2cd625777122e292c92b30bc0ec0c6f4fc29a178 APITESTS_BRANCH=dont-share-versions APITESTS_REPO_GIT_URL=https://github.com/owncloud/ocis.git diff --git a/internal/http/services/owncloud/ocdav/versions.go b/internal/http/services/owncloud/ocdav/versions.go index fa47d2f8da..0eec232c07 100644 --- a/internal/http/services/owncloud/ocdav/versions.go +++ b/internal/http/services/owncloud/ocdav/versions.go @@ -149,6 +149,12 @@ func (h *VersionsHandler) doListVersions(w http.ResponseWriter, r *http.Request, return } if lvRes.Status.Code != rpc.Code_CODE_OK { + if lvRes.Status.Code == rpc.Code_CODE_PERMISSION_DENIED { + w.WriteHeader(http.StatusForbidden) + b, err := errors.Marshal(http.StatusForbidden, "You have no permission to list file versions on this resource", "") + errors.HandleWebdavError(&sublog, w, b, err) + return + } errors.HandleErrorStatus(&sublog, w, lvRes.Status) return } @@ -226,6 +232,12 @@ func (h *VersionsHandler) doRestore(w http.ResponseWriter, r *http.Request, s *s return } if res.Status.Code != rpc.Code_CODE_OK { + if res.Status.Code == rpc.Code_CODE_PERMISSION_DENIED { + w.WriteHeader(http.StatusForbidden) + b, err := errors.Marshal(http.StatusForbidden, "You have no permission to restore versions on this resource", "") + errors.HandleWebdavError(&sublog, w, b, err) + return + } errors.HandleErrorStatus(&sublog, w, res.Status) return } From 15aba64c1fa0c947bd6aef4c21bcaf246ba3ddf6 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Tue, 4 Apr 2023 09:02:56 +0200 Subject: [PATCH 5/6] adapt expected failures --- tests/acceptance/expected-failures-on-OCIS-storage.md | 3 --- tests/acceptance/expected-failures-on-S3NG-storage.md | 3 --- 2 files changed, 6 deletions(-) diff --git a/tests/acceptance/expected-failures-on-OCIS-storage.md b/tests/acceptance/expected-failures-on-OCIS-storage.md index d7358a0dd0..24917c0f10 100644 --- a/tests/acceptance/expected-failures-on-OCIS-storage.md +++ b/tests/acceptance/expected-failures-on-OCIS-storage.md @@ -325,9 +325,6 @@ _requires a [CS3 user provisioning api that can update the quota for a user](htt - [coreApiShareUpdateToShares/updateShare.feature:241](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiShareUpdateToShares/updateShare.feature#L241) - [coreApiShareUpdateToShares/updateShare.feature:242](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiShareUpdateToShares/updateShare.feature#L242) -#### [user can access version metadata of a received share before accepting it](https://github.com/owncloud/ocis/issues/760) -- [coreApiVersions/fileVersions.feature:487](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiVersions/fileVersions.feature#L487) - #### [Share lists deleted user as 'user'](https://github.com/owncloud/ocis/issues/903) - [coreApiShareManagementBasicToShares/createShareToSharesFolder.feature:676](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiShareManagementBasicToShares/createShareToSharesFolder.feature#L676) - [coreApiShareManagementBasicToShares/createShareToSharesFolder.feature:677](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiShareManagementBasicToShares/createShareToSharesFolder.feature#L677) diff --git a/tests/acceptance/expected-failures-on-S3NG-storage.md b/tests/acceptance/expected-failures-on-S3NG-storage.md index 2720fc6778..f7ffa6b3a3 100644 --- a/tests/acceptance/expected-failures-on-S3NG-storage.md +++ b/tests/acceptance/expected-failures-on-S3NG-storage.md @@ -333,9 +333,6 @@ _requires a [CS3 user provisioning api that can update the quota for a user](htt - [coreApiShareUpdateToShares/updateShare.feature:241](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiShareUpdateToShares/updateShare.feature#L241) - [coreApiShareUpdateToShares/updateShare.feature:242](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiShareUpdateToShares/updateShare.feature#L242) -#### [user can access version metadata of a received share before accepting it](https://github.com/owncloud/ocis/issues/760) -- [coreApiVersions/fileVersions.feature:487](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiVersions/fileVersions.feature#L487) - #### [Share lists deleted user as 'user'](https://github.com/owncloud/ocis/issues/903) - [coreApiShareManagementBasicToShares/createShareToSharesFolder.feature:676](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiShareManagementBasicToShares/createShareToSharesFolder.feature#L676) - [coreApiShareManagementBasicToShares/createShareToSharesFolder.feature:677](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiShareManagementBasicToShares/createShareToSharesFolder.feature#L677) From 42098460649305c1384a2ab720c211e7ca47e8eb Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Tue, 4 Apr 2023 09:05:31 +0200 Subject: [PATCH 6/6] code cleanup --- internal/http/services/owncloud/ocs/conversions/role.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/internal/http/services/owncloud/ocs/conversions/role.go b/internal/http/services/owncloud/ocs/conversions/role.go index c06dc4c32b..054ae3a81b 100644 --- a/internal/http/services/owncloud/ocs/conversions/role.go +++ b/internal/http/services/owncloud/ocs/conversions/role.go @@ -368,7 +368,6 @@ func NewLegacyRoleFromOCSPermissions(p Permissions) *Role { if p.Contain(PermissionRead) { r.cS3ResourcePermissions.ListContainer = true // r.cS3ResourcePermissions.ListGrants = true - // r.cS3ResourcePermissions.ListFileVersions = true r.cS3ResourcePermissions.ListRecycle = true r.cS3ResourcePermissions.Stat = true r.cS3ResourcePermissions.GetPath = true @@ -377,7 +376,6 @@ func NewLegacyRoleFromOCSPermissions(p Permissions) *Role { } if p.Contain(PermissionWrite) { r.cS3ResourcePermissions.InitiateFileUpload = true - // r.cS3ResourcePermissions.RestoreFileVersion = true r.cS3ResourcePermissions.RestoreRecycleItem = true } if p.Contain(PermissionCreate) { @@ -423,7 +421,6 @@ func RoleFromResourcePermissions(rp *provider.ResourcePermissions, islink bool) return r } if rp.ListContainer && - // rp.ListFileVersions && rp.ListRecycle && rp.Stat && rp.GetPath && @@ -432,7 +429,6 @@ func RoleFromResourcePermissions(rp *provider.ResourcePermissions, islink bool) r.ocsPermissions |= PermissionRead } if rp.InitiateFileUpload && - // rp.RestoreFileVersion && rp.RestoreRecycleItem { r.ocsPermissions |= PermissionWrite }