Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[full-ci] Added a new roles viewer/editor with ListGrants
Browse files Browse the repository at this point in the history
2403905 committed Aug 30, 2024
1 parent 09ffe38 commit a95047c
Showing 12 changed files with 192 additions and 12 deletions.
7 changes: 7 additions & 0 deletions changelog/unreleased/new-roles-witht-list-grants.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
Enhancement: Added a new roles viewer/editor with ListGrants

We add a new roles space viewer/editor with ListGrants permissions.


https://github.com/owncloud/ocis/pull/9943
https://github.com/owncloud/ocis/issues/9701
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
@@ -15,7 +15,7 @@ require (
github.com/cenkalti/backoff v2.2.1+incompatible
github.com/coreos/go-oidc/v3 v3.11.0
github.com/cs3org/go-cs3apis v0.0.0-20240724121416-062c4e3046cb
github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89
github.com/cs3org/reva/v2 v2.23.1-0.20240829154445-c991ee0e085f
github.com/dhowden/tag v0.0.0-20230630033851-978a0926ee25
github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e
github.com/egirna/icap-client v0.1.1
6 changes: 4 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
@@ -39,6 +39,8 @@ contrib.go.opencensus.io/exporter/prometheus v0.4.2/go.mod h1:dvEHbiKmgvbr5pjaF9
dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
github.com/2403905/reva/v2 v2.23.1-0.20240829111911-2eb5a70f9553 h1:KHoj2Gla4uI4KJ6zC4uLmmt3HZkDa88s7dch83uLLFU=
github.com/2403905/reva/v2 v2.23.1-0.20240829111911-2eb5a70f9553/go.mod h1:p7CHBXcg6sSqB+0JMNDfC1S7TSh9FghXkw1kTV3KcJI=
github.com/Acconut/go-httptest-recorder v1.0.0 h1:TAv2dfnqp/l+SUvIaMAUK4GeN4+wqb6KZsFFFTGhoJg=
github.com/Acconut/go-httptest-recorder v1.0.0/go.mod h1:CwQyhTH1kq/gLyWiRieo7c0uokpu3PXeyF/nZjUNtmM=
github.com/Azure/azure-sdk-for-go v32.4.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
@@ -255,8 +257,8 @@ github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c=
github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME=
github.com/cs3org/go-cs3apis v0.0.0-20240724121416-062c4e3046cb h1:KmYZDReplv/yfwc1LNYpDcVhVujC3Pasv6WjXx1haSU=
github.com/cs3org/go-cs3apis v0.0.0-20240724121416-062c4e3046cb/go.mod h1:yyP8PRo0EZou3nSH7H4qjlzQwaydPeIRNgX50npQHpE=
github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89 h1:fHQzCRgnsullqFcX9Equ/MKJdbBRSDfn2FtdSpbkdaw=
github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89/go.mod h1:p7CHBXcg6sSqB+0JMNDfC1S7TSh9FghXkw1kTV3KcJI=
github.com/cs3org/reva/v2 v2.23.1-0.20240829154445-c991ee0e085f h1:YHqyK+VZthBijeul54z16Kw1q6rn412jbRMUMp20h1k=
github.com/cs3org/reva/v2 v2.23.1-0.20240829154445-c991ee0e085f/go.mod h1:p7CHBXcg6sSqB+0JMNDfC1S7TSh9FghXkw1kTV3KcJI=
github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
8 changes: 7 additions & 1 deletion services/graph/pkg/config/defaults/defaultconfig.go
Original file line number Diff line number Diff line change
@@ -15,7 +15,13 @@ import (
var (
// _disabledByDefaultUnifiedRoleRoleIDs contains all roles that are not enabled by default,
// but can be enabled by the user.
_disabledByDefaultUnifiedRoleRoleIDs = []string{unifiedrole.UnifiedRoleSecureViewerID, unifiedrole.UnifiedRoleSpaceEditorWithoutVersionsID}
_disabledByDefaultUnifiedRoleRoleIDs = []string{
unifiedrole.UnifiedRoleSecureViewerID,
unifiedrole.UnifiedRoleSpaceEditorWithoutVersionsID,
unifiedrole.UnifiedRoleViewerListGrantsID,
unifiedrole.UnifiedRoleEditorListGrantsID,
unifiedrole.UnifiedRoleFileEditorListGrantsID,
}
)

// FullDefaultConfig returns a fully initialized default configuration
6 changes: 6 additions & 0 deletions services/graph/pkg/unifiedrole/conversion.go
Original file line number Diff line number Diff line change
@@ -204,16 +204,22 @@ func cs3RoleToDisplayName(role *conversions.Role) string {
switch role.Name {
case conversions.RoleViewer:
return _viewerUnifiedRoleDisplayName
case conversions.RoleViewerListGrants:
return _viewerListGrantsUnifiedRoleDisplayName
case conversions.RoleSpaceViewer:
return _spaceViewerUnifiedRoleDisplayName
case conversions.RoleEditor:
return _editorUnifiedRoleDisplayName
case conversions.RoleEditorListGrants:
return _editorListGrantsUnifiedRoleDisplayName
case conversions.RoleSpaceEditor:
return _spaceEditorUnifiedRoleDisplayName
case conversions.RoleSpaceEditorWithoutVersions:
return _spaceEditorWithoutVersionsUnifiedRoleDisplayName
case conversions.RoleFileEditor:
return _fileEditorUnifiedRoleDisplayName
case conversions.RoleFileEditorListGrants:
return _fileEditorListGrantsUnifiedRoleDisplayName
case conversions.RoleEditorLite:
return _editorLiteUnifiedRoleDisplayName
case conversions.RoleManager:
15 changes: 9 additions & 6 deletions services/graph/pkg/unifiedrole/conversion_test.go
Original file line number Diff line number Diff line change
@@ -19,12 +19,15 @@ func TestPermissionsToCS3ResourcePermissions(t *testing.T) {
unifiedRoleDefinition *libregraph.UnifiedRoleDefinition
match bool
}{
cs3Conversions.RoleViewer: {cs3Conversions.NewViewerRole(), unifiedrole.RoleViewer, true},
cs3Conversions.RoleEditor: {cs3Conversions.NewEditorRole(), unifiedrole.RoleEditor, true},
cs3Conversions.RoleFileEditor: {cs3Conversions.NewFileEditorRole(), unifiedrole.RoleFileEditor, true},
cs3Conversions.RoleManager: {cs3Conversions.NewManagerRole(), unifiedrole.RoleManager, true},
cs3Conversions.RoleSecureViewer: {cs3Conversions.NewSecureViewerRole(), unifiedrole.RoleSecureViewer, true},
"no match": {cs3Conversions.NewFileEditorRole(), unifiedrole.RoleManager, false},
cs3Conversions.RoleViewer: {cs3Conversions.NewViewerRole(), unifiedrole.RoleViewer, true},
cs3Conversions.RoleViewerListGrants: {cs3Conversions.NewViewerListGrantsRole(), unifiedrole.RoleViewerListGrants, true},
cs3Conversions.RoleEditor: {cs3Conversions.NewEditorRole(), unifiedrole.RoleEditor, true},
cs3Conversions.RoleEditorListGrants: {cs3Conversions.NewEditorListGrantsRole(), unifiedrole.RoleEditorListGrants, true},
cs3Conversions.RoleFileEditor: {cs3Conversions.NewFileEditorRole(), unifiedrole.RoleFileEditor, true},
cs3Conversions.RoleFileEditorListGrants: {cs3Conversions.NewFileEditorListGrantsRole(), unifiedrole.RoleFileEditorListGrants, true},
cs3Conversions.RoleManager: {cs3Conversions.NewManagerRole(), unifiedrole.RoleManager, true},
cs3Conversions.RoleSecureViewer: {cs3Conversions.NewSecureViewerRole(), unifiedrole.RoleSecureViewer, true},
"no match": {cs3Conversions.NewFileEditorRole(), unifiedrole.RoleManager, false},
}

for name, tc := range tests {
3 changes: 3 additions & 0 deletions services/graph/pkg/unifiedrole/export_test.go
Original file line number Diff line number Diff line change
@@ -2,11 +2,14 @@ package unifiedrole

var (
RoleViewer = roleViewer
RoleViewerListGrants = roleViewerListGrants
RoleSpaceViewer = roleSpaceViewer
RoleEditor = roleEditor
RoleEditorListGrants = roleEditorListGrants
RoleSpaceEditor = roleSpaceEditor
RoleSpaceEditorWithoutVersions = roleSpaceEditorWithoutVersions
RoleFileEditor = roleFileEditor
RoleFileEditorListGrants = roleFileEditorListGrants
RoleEditorLite = roleEditorLite
RoleManager = roleManager
RoleSecureViewer = roleSecureViewer
98 changes: 98 additions & 0 deletions services/graph/pkg/unifiedrole/roles.go
Original file line number Diff line number Diff line change
@@ -16,16 +16,22 @@ import (
const (
// UnifiedRoleViewerID Unified role viewer id.
UnifiedRoleViewerID = "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5"
// UnifiedRoleViewerListGrantsID Unified role viewer id.
UnifiedRoleViewerListGrantsID = "d5041006-ebb3-4b4a-b6a4-7c180ecfb17d"
// UnifiedRoleSpaceViewerID Unified role space viewer id.
UnifiedRoleSpaceViewerID = "a8d5fe5e-96e3-418d-825b-534dbdf22b99"
// UnifiedRoleEditorID Unified role editor id.
UnifiedRoleEditorID = "fb6c3e19-e378-47e5-b277-9732f9de6e21"
// UnifiedRoleEditorListGrantsID Unified role editor id.
UnifiedRoleEditorListGrantsID = "e8ea8b21-abd4-45d2-b893-8d1546378e9e"
// UnifiedRoleSpaceEditorID Unified role space editor id.
UnifiedRoleSpaceEditorID = "58c63c02-1d89-4572-916a-870abc5a1b7d"
// UnifiedRoleSpaceEditorWithoutVersionsID Unified role space editor without list/restore versions id.
UnifiedRoleSpaceEditorWithoutVersionsID = "3284f2d5-0070-4ad8-ac40-c247f7c1fb27"
// UnifiedRoleFileEditorID Unified role file editor id.
UnifiedRoleFileEditorID = "2d00ce52-1fc2-4dbc-8b95-a73b73395f5a"
// UnifiedRoleFileEditorListGrantsID Unified role file editor id.
UnifiedRoleFileEditorListGrantsID = "c1235aea-d106-42db-8458-7d5610fb0a67"
// UnifiedRoleEditorLiteID Unified role editor-lite id.
UnifiedRoleEditorLiteID = "1c996275-f1c9-4e71-abdf-a42f6495e960"
// UnifiedRoleManagerID Unified role manager id.
@@ -93,6 +99,12 @@ var (
// UnifiedRole Viewer, Role DisplayName (resolves directly)
_viewerUnifiedRoleDisplayName = l10n.Template("Can view")

// UnifiedRole ViewerListGrants, Role Description (resolves directly)
_viewerListGrantsUnifiedRoleDescription = l10n.Template("View, download and list grants")

// UnifiedRole Viewer, Role DisplayName (resolves directly)
_viewerListGrantsUnifiedRoleDisplayName = l10n.Template("Can view and list grants")

// UnifiedRole SpaceViewer, Role Description (resolves directly)
_spaceViewerUnifiedRoleDescription = l10n.Template("View and download.")

@@ -105,6 +117,12 @@ var (
// UnifiedRole Editor, Role DisplayName (resolves directly)
_editorUnifiedRoleDisplayName = l10n.Template("Can edit")

// UnifiedRoleListGrants Editor, Role Description (resolves directly)
_editorListGrantsUnifiedRoleDescription = l10n.Template("View, download, upload, edit, add, delete and list grants.")

// UnifiedRole EditorListGrants, Role DisplayName (resolves directly)
_editorListGrantsUnifiedRoleDisplayName = l10n.Template("Can edit and list grants")

// UnifiedRole SpaseEditor, Role Description (resolves directly)
_spaceEditorUnifiedRoleDescription = l10n.Template("View, download, upload, edit, add and delete.")

@@ -123,6 +141,12 @@ var (
// UnifiedRole FileEditor, Role DisplayName (resolves directly)
_fileEditorUnifiedRoleDisplayName = l10n.Template("Can edit")

// UnifiedRole FileEditorListGrants, Role Description (resolves directly)
_fileEditorListGrantsUnifiedRoleDescription = l10n.Template("View, download, edit and list grants.")

// UnifiedRole FileEditorListGrants, Role DisplayName (resolves directly)
_fileEditorListGrantsUnifiedRoleDisplayName = l10n.Template("Can edit and list grants")

// UnifiedRole EditorLite, Role Description (resolves directly)
_editorLiteUnifiedRoleDescription = l10n.Template("View, download and upload.")

@@ -159,11 +183,14 @@ var (
// buildInRoles contains the built-in roles.
buildInRoles = []*libregraph.UnifiedRoleDefinition{
roleViewer,
roleViewerListGrants,
roleSpaceViewer,
roleEditor,
roleEditorListGrants,
roleSpaceEditor,
roleSpaceEditorWithoutVersions,
roleFileEditor,
roleFileEditorListGrants,
roleEditorLite,
roleManager,
roleSecureViewer,
@@ -198,6 +225,35 @@ var (
}
}()

// roleViewerListGrants creates a viewer role.
roleViewerListGrants = func() *libregraph.UnifiedRoleDefinition {
r := conversions.NewViewerListGrantsRole()
return &libregraph.UnifiedRoleDefinition{
Id: proto.String(UnifiedRoleViewerListGrantsID),
Description: proto.String(_viewerListGrantsUnifiedRoleDescription),
DisplayName: proto.String(cs3RoleToDisplayName(r)),
RolePermissions: []libregraph.UnifiedRolePermission{
{
AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
Condition: proto.String(UnifiedRoleConditionFile),
},
{
AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
Condition: proto.String(UnifiedRoleConditionFolder),
},
{
AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
Condition: proto.String(UnifiedRoleConditionFileFederatedUser),
},
{
AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
Condition: proto.String(UnifiedRoleConditionFolderFederatedUser),
},
},
LibreGraphWeight: proto.Int32(0),
}
}()

// roleSpaceViewer creates a spaceviewer role
roleSpaceViewer = func() *libregraph.UnifiedRoleDefinition {
r := conversions.NewSpaceViewerRole()
@@ -236,6 +292,27 @@ var (
}
}()

// roleEditorListGrants creates an editor role.
roleEditorListGrants = func() *libregraph.UnifiedRoleDefinition {
r := conversions.NewEditorListGrantsRole()
return &libregraph.UnifiedRoleDefinition{
Id: proto.String(UnifiedRoleEditorListGrantsID),
Description: proto.String(_editorListGrantsUnifiedRoleDescription),
DisplayName: proto.String(cs3RoleToDisplayName(r)),
RolePermissions: []libregraph.UnifiedRolePermission{
{
AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
Condition: proto.String(UnifiedRoleConditionFolder),
},
{
AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
Condition: proto.String(UnifiedRoleConditionFolderFederatedUser),
},
},
LibreGraphWeight: proto.Int32(0),
}
}()

// roleSpaceEditor creates an editor role
roleSpaceEditor = func() *libregraph.UnifiedRoleDefinition {
r := conversions.NewSpaceEditorRole()
@@ -291,6 +368,27 @@ var (
}
}()

// roleFileEditorListGrants creates a file-editor role
roleFileEditorListGrants = func() *libregraph.UnifiedRoleDefinition {
r := conversions.NewFileEditorListGrantsRole()
return &libregraph.UnifiedRoleDefinition{
Id: proto.String(UnifiedRoleFileEditorListGrantsID),
Description: proto.String(_fileEditorListGrantsUnifiedRoleDescription),
DisplayName: proto.String(cs3RoleToDisplayName(r)),
RolePermissions: []libregraph.UnifiedRolePermission{
{
AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
Condition: proto.String(UnifiedRoleConditionFile),
},
{
AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
Condition: proto.String(UnifiedRoleConditionFileFederatedUser),
},
},
LibreGraphWeight: proto.Int32(0),
}
}()

// roleEditorLite creates an editor-lite role
roleEditorLite = func() *libregraph.UnifiedRoleDefinition {
r := conversions.NewEditorLiteRole()
4 changes: 4 additions & 0 deletions services/graph/pkg/unifiedrole/roles_test.go
Original file line number Diff line number Diff line change
@@ -163,7 +163,9 @@ func TestGetRolesByPermissions(t *testing.T) {
unifiedRoleDefinition: []*libregraph.UnifiedRoleDefinition{
unifiedrole.RoleSecureViewer,
unifiedrole.RoleViewer,
unifiedrole.RoleViewerListGrants,
unifiedrole.RoleFileEditor,
unifiedrole.RoleFileEditorListGrants,
},
},
"BuildInRoles | folder": {
@@ -172,8 +174,10 @@ func TestGetRolesByPermissions(t *testing.T) {
unifiedRoleDefinition: []*libregraph.UnifiedRoleDefinition{
unifiedrole.RoleSecureViewer,
unifiedrole.RoleViewer,
unifiedrole.RoleViewerListGrants,
unifiedrole.RoleEditorLite,
unifiedrole.RoleEditor,
unifiedrole.RoleEditorListGrants,
},
},
"BuildInRoles | drive": {
12 changes: 12 additions & 0 deletions services/web/pkg/theme/theme.go
Original file line number Diff line number Diff line change
@@ -21,6 +21,10 @@ var themeDefaults = KV{
"name": "UnifiedRoleViewer",
"iconName": "eye",
},
unifiedrole.UnifiedRoleViewerListGrantsID: KV{
"name": "UnifiedRoleViewerListGrants",
"iconName": "eye",
},
unifiedrole.UnifiedRoleSpaceViewerID: KV{
"label": "UnifiedRoleSpaceViewer",
"iconName": "eye",
@@ -29,10 +33,18 @@ var themeDefaults = KV{
"label": "UnifiedRoleFileEditor",
"iconName": "pencil",
},
unifiedrole.UnifiedRoleFileEditorListGrantsID: KV{
"label": "UnifiedRoleFileEditorListGrants",
"iconName": "pencil",
},
unifiedrole.UnifiedRoleEditorID: KV{
"label": "UnifiedRoleEditor",
"iconName": "pencil",
},
unifiedrole.UnifiedRoleEditorListGrantsID: KV{
"label": "UnifiedRoleEditorListGrants",
"iconName": "pencil",
},
unifiedrole.UnifiedRoleSpaceEditorID: KV{
"label": "UnifiedRoleSpaceEditor",
"iconName": "pencil",
40 changes: 39 additions & 1 deletion vendor/github.com/cs3org/reva/v2/pkg/conversions/role.go
3 changes: 2 additions & 1 deletion vendor/modules.txt
Original file line number Diff line number Diff line change
@@ -367,7 +367,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1
github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1
github.com/cs3org/go-cs3apis/cs3/tx/v1beta1
github.com/cs3org/go-cs3apis/cs3/types/v1beta1
# github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89
# github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89 => github.com/2403905/reva/v2 v2.23.1-0.20240829111911-2eb5a70f9553
## explicit; go 1.21
github.com/cs3org/reva/v2/cmd/revad/internal/grace
github.com/cs3org/reva/v2/cmd/revad/runtime
@@ -2436,3 +2436,4 @@ stash.kopano.io/kgol/rndm
# github.com/egirna/icap-client => github.com/fschade/icap-client v0.0.0-20240802074440-aade4a234387
# github.com/unrolled/secure => github.com/DeepDiver1975/secure v0.0.0-20240611112133-abc838fb797c
# github.com/go-micro/plugins/v4/store/nats-js-kv => github.com/kobergj/plugins/v4/store/nats-js-kv v0.0.0-20240807130109-f62bb67e8c90
# github.com/cs3org/reva/v2 => github.com/2403905/reva/v2 v2.23.1-0.20240829111911-2eb5a70f9553

0 comments on commit a95047c

Please sign in to comment.