diff --git a/changelog/unreleased/new-roles-witht-list-grants.md b/changelog/unreleased/new-roles-witht-list-grants.md new file mode 100644 index 00000000000..b8428096aab --- /dev/null +++ b/changelog/unreleased/new-roles-witht-list-grants.md @@ -0,0 +1,7 @@ +Enhancement: Added a new roles viewer/editor with ListGrants + +We add a new roles space viewer/editor with ListGrants permissions. + + +https://github.com/owncloud/ocis/pull/9943 +https://github.com/owncloud/ocis/issues/9701 diff --git a/go.mod b/go.mod index 028ac51c665..a0410016bb9 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/cenkalti/backoff v2.2.1+incompatible github.com/coreos/go-oidc/v3 v3.11.0 github.com/cs3org/go-cs3apis v0.0.0-20240724121416-062c4e3046cb - github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89 + github.com/cs3org/reva/v2 v2.23.1-0.20240829154445-c991ee0e085f github.com/dhowden/tag v0.0.0-20230630033851-978a0926ee25 github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e github.com/egirna/icap-client v0.1.1 diff --git a/go.sum b/go.sum index b8907502c94..3ba70b14466 100644 --- a/go.sum +++ b/go.sum @@ -39,6 +39,8 @@ contrib.go.opencensus.io/exporter/prometheus v0.4.2/go.mod h1:dvEHbiKmgvbr5pjaF9 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/2403905/reva/v2 v2.23.1-0.20240829111911-2eb5a70f9553 h1:KHoj2Gla4uI4KJ6zC4uLmmt3HZkDa88s7dch83uLLFU= +github.com/2403905/reva/v2 v2.23.1-0.20240829111911-2eb5a70f9553/go.mod h1:p7CHBXcg6sSqB+0JMNDfC1S7TSh9FghXkw1kTV3KcJI= github.com/Acconut/go-httptest-recorder v1.0.0 h1:TAv2dfnqp/l+SUvIaMAUK4GeN4+wqb6KZsFFFTGhoJg= github.com/Acconut/go-httptest-recorder v1.0.0/go.mod h1:CwQyhTH1kq/gLyWiRieo7c0uokpu3PXeyF/nZjUNtmM= github.com/Azure/azure-sdk-for-go v32.4.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= @@ -255,8 +257,8 @@ github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c= github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME= github.com/cs3org/go-cs3apis v0.0.0-20240724121416-062c4e3046cb h1:KmYZDReplv/yfwc1LNYpDcVhVujC3Pasv6WjXx1haSU= github.com/cs3org/go-cs3apis v0.0.0-20240724121416-062c4e3046cb/go.mod h1:yyP8PRo0EZou3nSH7H4qjlzQwaydPeIRNgX50npQHpE= -github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89 h1:fHQzCRgnsullqFcX9Equ/MKJdbBRSDfn2FtdSpbkdaw= -github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89/go.mod h1:p7CHBXcg6sSqB+0JMNDfC1S7TSh9FghXkw1kTV3KcJI= +github.com/cs3org/reva/v2 v2.23.1-0.20240829154445-c991ee0e085f h1:YHqyK+VZthBijeul54z16Kw1q6rn412jbRMUMp20h1k= +github.com/cs3org/reva/v2 v2.23.1-0.20240829154445-c991ee0e085f/go.mod h1:p7CHBXcg6sSqB+0JMNDfC1S7TSh9FghXkw1kTV3KcJI= github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= diff --git a/services/graph/pkg/config/defaults/defaultconfig.go b/services/graph/pkg/config/defaults/defaultconfig.go index 47722871aa2..5c3fef78216 100644 --- a/services/graph/pkg/config/defaults/defaultconfig.go +++ b/services/graph/pkg/config/defaults/defaultconfig.go @@ -15,7 +15,13 @@ import ( var ( // _disabledByDefaultUnifiedRoleRoleIDs contains all roles that are not enabled by default, // but can be enabled by the user. - _disabledByDefaultUnifiedRoleRoleIDs = []string{unifiedrole.UnifiedRoleSecureViewerID, unifiedrole.UnifiedRoleSpaceEditorWithoutVersionsID} + _disabledByDefaultUnifiedRoleRoleIDs = []string{ + unifiedrole.UnifiedRoleSecureViewerID, + unifiedrole.UnifiedRoleSpaceEditorWithoutVersionsID, + unifiedrole.UnifiedRoleViewerListGrantsID, + unifiedrole.UnifiedRoleEditorListGrantsID, + unifiedrole.UnifiedRoleFileEditorListGrantsID, + } ) // FullDefaultConfig returns a fully initialized default configuration diff --git a/services/graph/pkg/unifiedrole/conversion.go b/services/graph/pkg/unifiedrole/conversion.go index 71ba8cff09a..6b4e8770143 100644 --- a/services/graph/pkg/unifiedrole/conversion.go +++ b/services/graph/pkg/unifiedrole/conversion.go @@ -204,16 +204,22 @@ func cs3RoleToDisplayName(role *conversions.Role) string { switch role.Name { case conversions.RoleViewer: return _viewerUnifiedRoleDisplayName + case conversions.RoleViewerListGrants: + return _viewerListGrantsUnifiedRoleDisplayName case conversions.RoleSpaceViewer: return _spaceViewerUnifiedRoleDisplayName case conversions.RoleEditor: return _editorUnifiedRoleDisplayName + case conversions.RoleEditorListGrants: + return _editorListGrantsUnifiedRoleDisplayName case conversions.RoleSpaceEditor: return _spaceEditorUnifiedRoleDisplayName case conversions.RoleSpaceEditorWithoutVersions: return _spaceEditorWithoutVersionsUnifiedRoleDisplayName case conversions.RoleFileEditor: return _fileEditorUnifiedRoleDisplayName + case conversions.RoleFileEditorListGrants: + return _fileEditorListGrantsUnifiedRoleDisplayName case conversions.RoleEditorLite: return _editorLiteUnifiedRoleDisplayName case conversions.RoleManager: diff --git a/services/graph/pkg/unifiedrole/conversion_test.go b/services/graph/pkg/unifiedrole/conversion_test.go index f886eaa7535..56a361dcaed 100644 --- a/services/graph/pkg/unifiedrole/conversion_test.go +++ b/services/graph/pkg/unifiedrole/conversion_test.go @@ -19,12 +19,15 @@ func TestPermissionsToCS3ResourcePermissions(t *testing.T) { unifiedRoleDefinition *libregraph.UnifiedRoleDefinition match bool }{ - cs3Conversions.RoleViewer: {cs3Conversions.NewViewerRole(), unifiedrole.RoleViewer, true}, - cs3Conversions.RoleEditor: {cs3Conversions.NewEditorRole(), unifiedrole.RoleEditor, true}, - cs3Conversions.RoleFileEditor: {cs3Conversions.NewFileEditorRole(), unifiedrole.RoleFileEditor, true}, - cs3Conversions.RoleManager: {cs3Conversions.NewManagerRole(), unifiedrole.RoleManager, true}, - cs3Conversions.RoleSecureViewer: {cs3Conversions.NewSecureViewerRole(), unifiedrole.RoleSecureViewer, true}, - "no match": {cs3Conversions.NewFileEditorRole(), unifiedrole.RoleManager, false}, + cs3Conversions.RoleViewer: {cs3Conversions.NewViewerRole(), unifiedrole.RoleViewer, true}, + cs3Conversions.RoleViewerListGrants: {cs3Conversions.NewViewerListGrantsRole(), unifiedrole.RoleViewerListGrants, true}, + cs3Conversions.RoleEditor: {cs3Conversions.NewEditorRole(), unifiedrole.RoleEditor, true}, + cs3Conversions.RoleEditorListGrants: {cs3Conversions.NewEditorListGrantsRole(), unifiedrole.RoleEditorListGrants, true}, + cs3Conversions.RoleFileEditor: {cs3Conversions.NewFileEditorRole(), unifiedrole.RoleFileEditor, true}, + cs3Conversions.RoleFileEditorListGrants: {cs3Conversions.NewFileEditorListGrantsRole(), unifiedrole.RoleFileEditorListGrants, true}, + cs3Conversions.RoleManager: {cs3Conversions.NewManagerRole(), unifiedrole.RoleManager, true}, + cs3Conversions.RoleSecureViewer: {cs3Conversions.NewSecureViewerRole(), unifiedrole.RoleSecureViewer, true}, + "no match": {cs3Conversions.NewFileEditorRole(), unifiedrole.RoleManager, false}, } for name, tc := range tests { diff --git a/services/graph/pkg/unifiedrole/export_test.go b/services/graph/pkg/unifiedrole/export_test.go index 28121738865..9b3b182b3f9 100644 --- a/services/graph/pkg/unifiedrole/export_test.go +++ b/services/graph/pkg/unifiedrole/export_test.go @@ -2,11 +2,14 @@ package unifiedrole var ( RoleViewer = roleViewer + RoleViewerListGrants = roleViewerListGrants RoleSpaceViewer = roleSpaceViewer RoleEditor = roleEditor + RoleEditorListGrants = roleEditorListGrants RoleSpaceEditor = roleSpaceEditor RoleSpaceEditorWithoutVersions = roleSpaceEditorWithoutVersions RoleFileEditor = roleFileEditor + RoleFileEditorListGrants = roleFileEditorListGrants RoleEditorLite = roleEditorLite RoleManager = roleManager RoleSecureViewer = roleSecureViewer diff --git a/services/graph/pkg/unifiedrole/roles.go b/services/graph/pkg/unifiedrole/roles.go index de945ba6fb5..c28d17e3743 100644 --- a/services/graph/pkg/unifiedrole/roles.go +++ b/services/graph/pkg/unifiedrole/roles.go @@ -16,16 +16,22 @@ import ( const ( // UnifiedRoleViewerID Unified role viewer id. UnifiedRoleViewerID = "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5" + // UnifiedRoleViewerListGrantsID Unified role viewer id. + UnifiedRoleViewerListGrantsID = "d5041006-ebb3-4b4a-b6a4-7c180ecfb17d" // UnifiedRoleSpaceViewerID Unified role space viewer id. UnifiedRoleSpaceViewerID = "a8d5fe5e-96e3-418d-825b-534dbdf22b99" // UnifiedRoleEditorID Unified role editor id. UnifiedRoleEditorID = "fb6c3e19-e378-47e5-b277-9732f9de6e21" + // UnifiedRoleEditorListGrantsID Unified role editor id. + UnifiedRoleEditorListGrantsID = "e8ea8b21-abd4-45d2-b893-8d1546378e9e" // UnifiedRoleSpaceEditorID Unified role space editor id. UnifiedRoleSpaceEditorID = "58c63c02-1d89-4572-916a-870abc5a1b7d" // UnifiedRoleSpaceEditorWithoutVersionsID Unified role space editor without list/restore versions id. UnifiedRoleSpaceEditorWithoutVersionsID = "3284f2d5-0070-4ad8-ac40-c247f7c1fb27" // UnifiedRoleFileEditorID Unified role file editor id. UnifiedRoleFileEditorID = "2d00ce52-1fc2-4dbc-8b95-a73b73395f5a" + // UnifiedRoleFileEditorListGrantsID Unified role file editor id. + UnifiedRoleFileEditorListGrantsID = "c1235aea-d106-42db-8458-7d5610fb0a67" // UnifiedRoleEditorLiteID Unified role editor-lite id. UnifiedRoleEditorLiteID = "1c996275-f1c9-4e71-abdf-a42f6495e960" // UnifiedRoleManagerID Unified role manager id. @@ -93,6 +99,12 @@ var ( // UnifiedRole Viewer, Role DisplayName (resolves directly) _viewerUnifiedRoleDisplayName = l10n.Template("Can view") + // UnifiedRole ViewerListGrants, Role Description (resolves directly) + _viewerListGrantsUnifiedRoleDescription = l10n.Template("View, download and list grants") + + // UnifiedRole Viewer, Role DisplayName (resolves directly) + _viewerListGrantsUnifiedRoleDisplayName = l10n.Template("Can view and list grants") + // UnifiedRole SpaceViewer, Role Description (resolves directly) _spaceViewerUnifiedRoleDescription = l10n.Template("View and download.") @@ -105,6 +117,12 @@ var ( // UnifiedRole Editor, Role DisplayName (resolves directly) _editorUnifiedRoleDisplayName = l10n.Template("Can edit") + // UnifiedRoleListGrants Editor, Role Description (resolves directly) + _editorListGrantsUnifiedRoleDescription = l10n.Template("View, download, upload, edit, add, delete and list grants.") + + // UnifiedRole EditorListGrants, Role DisplayName (resolves directly) + _editorListGrantsUnifiedRoleDisplayName = l10n.Template("Can edit and list grants") + // UnifiedRole SpaseEditor, Role Description (resolves directly) _spaceEditorUnifiedRoleDescription = l10n.Template("View, download, upload, edit, add and delete.") @@ -123,6 +141,12 @@ var ( // UnifiedRole FileEditor, Role DisplayName (resolves directly) _fileEditorUnifiedRoleDisplayName = l10n.Template("Can edit") + // UnifiedRole FileEditorListGrants, Role Description (resolves directly) + _fileEditorListGrantsUnifiedRoleDescription = l10n.Template("View, download, edit and list grants.") + + // UnifiedRole FileEditorListGrants, Role DisplayName (resolves directly) + _fileEditorListGrantsUnifiedRoleDisplayName = l10n.Template("Can edit and list grants") + // UnifiedRole EditorLite, Role Description (resolves directly) _editorLiteUnifiedRoleDescription = l10n.Template("View, download and upload.") @@ -159,11 +183,14 @@ var ( // buildInRoles contains the built-in roles. buildInRoles = []*libregraph.UnifiedRoleDefinition{ roleViewer, + roleViewerListGrants, roleSpaceViewer, roleEditor, + roleEditorListGrants, roleSpaceEditor, roleSpaceEditorWithoutVersions, roleFileEditor, + roleFileEditorListGrants, roleEditorLite, roleManager, roleSecureViewer, @@ -198,6 +225,35 @@ var ( } }() + // roleViewerListGrants creates a viewer role. + roleViewerListGrants = func() *libregraph.UnifiedRoleDefinition { + r := conversions.NewViewerListGrantsRole() + return &libregraph.UnifiedRoleDefinition{ + Id: proto.String(UnifiedRoleViewerListGrantsID), + Description: proto.String(_viewerListGrantsUnifiedRoleDescription), + DisplayName: proto.String(cs3RoleToDisplayName(r)), + RolePermissions: []libregraph.UnifiedRolePermission{ + { + AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()), + Condition: proto.String(UnifiedRoleConditionFile), + }, + { + AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()), + Condition: proto.String(UnifiedRoleConditionFolder), + }, + { + AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()), + Condition: proto.String(UnifiedRoleConditionFileFederatedUser), + }, + { + AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()), + Condition: proto.String(UnifiedRoleConditionFolderFederatedUser), + }, + }, + LibreGraphWeight: proto.Int32(0), + } + }() + // roleSpaceViewer creates a spaceviewer role roleSpaceViewer = func() *libregraph.UnifiedRoleDefinition { r := conversions.NewSpaceViewerRole() @@ -236,6 +292,27 @@ var ( } }() + // roleEditorListGrants creates an editor role. + roleEditorListGrants = func() *libregraph.UnifiedRoleDefinition { + r := conversions.NewEditorListGrantsRole() + return &libregraph.UnifiedRoleDefinition{ + Id: proto.String(UnifiedRoleEditorListGrantsID), + Description: proto.String(_editorListGrantsUnifiedRoleDescription), + DisplayName: proto.String(cs3RoleToDisplayName(r)), + RolePermissions: []libregraph.UnifiedRolePermission{ + { + AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()), + Condition: proto.String(UnifiedRoleConditionFolder), + }, + { + AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()), + Condition: proto.String(UnifiedRoleConditionFolderFederatedUser), + }, + }, + LibreGraphWeight: proto.Int32(0), + } + }() + // roleSpaceEditor creates an editor role roleSpaceEditor = func() *libregraph.UnifiedRoleDefinition { r := conversions.NewSpaceEditorRole() @@ -291,6 +368,27 @@ var ( } }() + // roleFileEditorListGrants creates a file-editor role + roleFileEditorListGrants = func() *libregraph.UnifiedRoleDefinition { + r := conversions.NewFileEditorListGrantsRole() + return &libregraph.UnifiedRoleDefinition{ + Id: proto.String(UnifiedRoleFileEditorListGrantsID), + Description: proto.String(_fileEditorListGrantsUnifiedRoleDescription), + DisplayName: proto.String(cs3RoleToDisplayName(r)), + RolePermissions: []libregraph.UnifiedRolePermission{ + { + AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()), + Condition: proto.String(UnifiedRoleConditionFile), + }, + { + AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()), + Condition: proto.String(UnifiedRoleConditionFileFederatedUser), + }, + }, + LibreGraphWeight: proto.Int32(0), + } + }() + // roleEditorLite creates an editor-lite role roleEditorLite = func() *libregraph.UnifiedRoleDefinition { r := conversions.NewEditorLiteRole() diff --git a/services/graph/pkg/unifiedrole/roles_test.go b/services/graph/pkg/unifiedrole/roles_test.go index 1d4127a0e68..31690a1e368 100644 --- a/services/graph/pkg/unifiedrole/roles_test.go +++ b/services/graph/pkg/unifiedrole/roles_test.go @@ -163,7 +163,9 @@ func TestGetRolesByPermissions(t *testing.T) { unifiedRoleDefinition: []*libregraph.UnifiedRoleDefinition{ unifiedrole.RoleSecureViewer, unifiedrole.RoleViewer, + unifiedrole.RoleViewerListGrants, unifiedrole.RoleFileEditor, + unifiedrole.RoleFileEditorListGrants, }, }, "BuildInRoles | folder": { @@ -172,8 +174,10 @@ func TestGetRolesByPermissions(t *testing.T) { unifiedRoleDefinition: []*libregraph.UnifiedRoleDefinition{ unifiedrole.RoleSecureViewer, unifiedrole.RoleViewer, + unifiedrole.RoleViewerListGrants, unifiedrole.RoleEditorLite, unifiedrole.RoleEditor, + unifiedrole.RoleEditorListGrants, }, }, "BuildInRoles | drive": { diff --git a/services/web/pkg/theme/theme.go b/services/web/pkg/theme/theme.go index 72739dcb75c..0477be28e95 100644 --- a/services/web/pkg/theme/theme.go +++ b/services/web/pkg/theme/theme.go @@ -21,6 +21,10 @@ var themeDefaults = KV{ "name": "UnifiedRoleViewer", "iconName": "eye", }, + unifiedrole.UnifiedRoleViewerListGrantsID: KV{ + "name": "UnifiedRoleViewerListGrants", + "iconName": "eye", + }, unifiedrole.UnifiedRoleSpaceViewerID: KV{ "label": "UnifiedRoleSpaceViewer", "iconName": "eye", @@ -29,10 +33,18 @@ var themeDefaults = KV{ "label": "UnifiedRoleFileEditor", "iconName": "pencil", }, + unifiedrole.UnifiedRoleFileEditorListGrantsID: KV{ + "label": "UnifiedRoleFileEditorListGrants", + "iconName": "pencil", + }, unifiedrole.UnifiedRoleEditorID: KV{ "label": "UnifiedRoleEditor", "iconName": "pencil", }, + unifiedrole.UnifiedRoleEditorListGrantsID: KV{ + "label": "UnifiedRoleEditorListGrants", + "iconName": "pencil", + }, unifiedrole.UnifiedRoleSpaceEditorID: KV{ "label": "UnifiedRoleSpaceEditor", "iconName": "pencil", diff --git a/vendor/github.com/cs3org/reva/v2/pkg/conversions/role.go b/vendor/github.com/cs3org/reva/v2/pkg/conversions/role.go index edb4609ae37..28b6833062f 100644 --- a/vendor/github.com/cs3org/reva/v2/pkg/conversions/role.go +++ b/vendor/github.com/cs3org/reva/v2/pkg/conversions/role.go @@ -37,16 +37,22 @@ type Role struct { const ( // RoleViewer grants non-editor role on a resource. RoleViewer = "viewer" + // RoleViewerListGrants grants non-editor role on a resource. + RoleViewerListGrants = "viewer-list-grants" // RoleSpaceViewer grants non-editor role on a space. RoleSpaceViewer = "spaceviewer" // RoleEditor grants editor permission on a resource, including folders. RoleEditor = "editor" + // RoleEditorListGrants grants editor permission on a resource, including folders. + RoleEditorListGrants = "editor-list-grants" // RoleSpaceEditor grants editor permission on a space. RoleSpaceEditor = "spaceeditor" // RoleSpaceEditorWithoutVersions grants editor permission without list/restore versions on a space. RoleSpaceEditorWithoutVersions = "spaceeditor-without-versions" // RoleFileEditor grants editor permission on a single file. RoleFileEditor = "file-editor" + // RoleFileEditorListGrants grants editor permission on a single file. + RoleFileEditorListGrants = "file-editor-list-grants" // RoleCoowner grants co-owner permissions on a resource. RoleCoowner = "coowner" // RoleEditorLite grants permission to upload and download to a resource. @@ -157,14 +163,20 @@ func RoleFromName(name string) *Role { return NewDeniedRole() case RoleViewer: return NewViewerRole() + case RoleViewerListGrants: + return NewViewerListGrantsRole() case RoleSpaceViewer: return NewSpaceViewerRole() case RoleEditor: return NewEditorRole() + case RoleEditorListGrants: + return NewEditorListGrantsRole() case RoleSpaceEditor: return NewSpaceEditorRole() case RoleFileEditor: return NewFileEditorRole() + case RoleFileEditorListGrants: + return NewFileEditorListGrantsRole() case RoleUploader: return NewUploaderRole() case RoleManager: @@ -211,6 +223,13 @@ func NewViewerRole() *Role { } } +// NewViewerListGrantsRole creates a viewer role. `sharing` indicates if sharing permission should be added +func NewViewerListGrantsRole() *Role { + role := NewViewerRole() + role.cS3ResourcePermissions.ListGrants = true + return role +} + // NewSpaceViewerRole creates a spaceviewer role func NewSpaceViewerRole() *Role { return &Role{ @@ -250,6 +269,13 @@ func NewEditorRole() *Role { } } +// NewEditorListGrantsRole creates an editor role. `sharing` indicates if sharing permission should be added +func NewEditorListGrantsRole() *Role { + role := NewEditorRole() + role.cS3ResourcePermissions.ListGrants = true + return role +} + // NewSpaceEditorRole creates an editor role func NewSpaceEditorRole() *Role { return &Role{ @@ -315,6 +341,13 @@ func NewFileEditorRole() *Role { } } +// NewFileEditorListGrantsRole creates a file-editor role +func NewFileEditorListGrantsRole() *Role { + role := NewFileEditorRole() + role.cS3ResourcePermissions.ListGrants = true + return role +} + // NewCoownerRole creates a coowner role. func NewCoownerRole() *Role { return &Role{ @@ -559,7 +592,9 @@ func RoleFromResourcePermissions(rp *provider.ResourcePermissions, islink bool) if r.ocsPermissions.Contain(PermissionRead) { if r.ocsPermissions.Contain(PermissionWrite) && r.ocsPermissions.Contain(PermissionCreate) && r.ocsPermissions.Contain(PermissionDelete) && r.ocsPermissions.Contain(PermissionShare) { r.Name = RoleEditor - + if rp.ListGrants { + r.Name = RoleEditorListGrants + } if rp.RemoveGrant { r.Name = RoleManager } @@ -567,6 +602,9 @@ func RoleFromResourcePermissions(rp *provider.ResourcePermissions, islink bool) } if r.ocsPermissions == PermissionRead|PermissionShare { r.Name = RoleViewer + if rp.ListGrants { + r.Name = RoleViewerListGrants + } return r } } else if rp.Stat && rp.GetPath && rp.ListContainer && !rp.InitiateFileUpload && !rp.Delete && !rp.AddGrant { diff --git a/vendor/modules.txt b/vendor/modules.txt index 87ec7f9fa1f..e0557bcacf8 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -367,7 +367,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1 github.com/cs3org/go-cs3apis/cs3/types/v1beta1 -# github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89 +# github.com/cs3org/reva/v2 v2.23.1-0.20240829104718-86f39ecc9f89 => github.com/2403905/reva/v2 v2.23.1-0.20240829111911-2eb5a70f9553 ## explicit; go 1.21 github.com/cs3org/reva/v2/cmd/revad/internal/grace github.com/cs3org/reva/v2/cmd/revad/runtime @@ -2436,3 +2436,4 @@ stash.kopano.io/kgol/rndm # github.com/egirna/icap-client => github.com/fschade/icap-client v0.0.0-20240802074440-aade4a234387 # github.com/unrolled/secure => github.com/DeepDiver1975/secure v0.0.0-20240611112133-abc838fb797c # github.com/go-micro/plugins/v4/store/nats-js-kv => github.com/kobergj/plugins/v4/store/nats-js-kv v0.0.0-20240807130109-f62bb67e8c90 +# github.com/cs3org/reva/v2 => github.com/2403905/reva/v2 v2.23.1-0.20240829111911-2eb5a70f9553