update reva to include decomposedfs nodes-per-space (#3228)

* update reva to include decomposedfs nodes-per-space Signed-off-by: Jörn Friedrich Dreyer <[email protected]> * check create space with own constraint Signed-off-by: Jörn Friedrich Dreyer <[email protected]> * update reva Signed-off-by: Jörn Friedrich Dreyer <[email protected]> * unexpected passed Signed-off-by: Jörn Friedrich Dreyer <[email protected]> * update reva Signed-off-by: Jörn Friedrich Dreyer <[email protected]> * remove unused variable Signed-off-by: Jörn Friedrich Dreyer <[email protected]> * revert reva commit id Co-authored-by: Florian Schade <[email protected]>
owncloud · Mar 2, 2022 · beaac40 · beaac40
1 parent 27c4b7b
commit beaac40
Show file tree

Hide file tree

Showing 10 changed files with 106 additions and 71 deletions.
diff --git a/go.mod b/go.mod
@@ -22,7 +22,7 @@ require (
 	github.com/blevesearch/bleve/v2 v2.3.1
 	github.com/coreos/go-oidc/v3 v3.1.0
 	github.com/cs3org/go-cs3apis v0.0.0-20220126114148-64c025ccdd19
-	github.com/cs3org/reva v1.16.1-0.20220224115936-e17c65a48a5a
+	github.com/cs3org/reva v1.16.1-0.20220301071903-1fd81b097801
 	github.com/disintegration/imaging v1.6.2
 	github.com/glauth/glauth/v2 v2.0.0-20211021011345-ef3151c28733
 	github.com/go-chi/chi/v5 v5.0.7

diff --git a/go.sum b/go.sum
@@ -342,8 +342,8 @@ github.com/crewjam/saml v0.4.5/go.mod h1:qCJQpUtZte9R1ZjUBcW8qtCNlinbO363ooNl02S
 github.com/cs3org/cato v0.0.0-20200828125504-e418fc54dd5e/go.mod h1:XJEZ3/EQuI3BXTp/6DUzFr850vlxq11I6satRtz0YQ4=
 github.com/cs3org/go-cs3apis v0.0.0-20220126114148-64c025ccdd19 h1:1jqPH58jCxvbaJ9WLIJ7W2/m622bWS6ChptzljSG6IQ=
 github.com/cs3org/go-cs3apis v0.0.0-20220126114148-64c025ccdd19/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY=
-github.com/cs3org/reva v1.16.1-0.20220224115936-e17c65a48a5a h1:LgwfJ4N+ekLRFOK2vwVKbgtnQYYcrNiMtu5kekJvJ54=
-github.com/cs3org/reva v1.16.1-0.20220224115936-e17c65a48a5a/go.mod h1:M+Nausi93NaMDoinwiUX/Ekgrp/RrYv715FG5KrIarY=
+github.com/cs3org/reva v1.16.1-0.20220301071903-1fd81b097801 h1:FOjP9FbcvD48as7Q7TjOtnaNHlQ5va2IEIed1GWqEag=
+github.com/cs3org/reva v1.16.1-0.20220301071903-1fd81b097801/go.mod h1:fdlrnZ0f+UtAdpZfLG+4LM0ZrhT5V8tPEQt6ycYm82c=
 github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8 h1:Z9lwXumT5ACSmJ7WGnFl+OMLLjpz5uR2fyz7dC255FI=
 github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8/go.mod h1:4abs/jPXcmJzYoYGF91JF9Uq9s/KL5n1jvFDix8KcqY=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=

diff --git a/graph/pkg/service/v0/drives.go b/graph/pkg/service/v0/drives.go
@@ -25,6 +25,7 @@ import (
 	libregraph "github.com/owncloud/libre-graph-api-go"
 	"github.com/owncloud/ocis/graph/pkg/service/v0/errorcode"
 	"github.com/owncloud/ocis/ocis-pkg/service/grpc"
+	v0 "github.com/owncloud/ocis/protogen/gen/ocis/messages/settings/v0"
 	settingssvc "github.com/owncloud/ocis/protogen/gen/ocis/services/settings/v0"
 	settingsServiceExt "github.com/owncloud/ocis/settings/pkg/service/v0"
 	merrors "go-micro.dev/v4/errors"
@@ -151,6 +152,22 @@ func (g Graph) GetSingleDrive(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+func canCreateSpace(ctx context.Context, ownPersonalHome bool) bool {
+	s := settingssvc.NewPermissionService("com.owncloud.api.settings", grpc.DefaultClient)
+
+	pr, err := s.GetPermissionByID(ctx, &settingssvc.GetPermissionByIDRequest{
+		PermissionId: settingsServiceExt.CreateSpacePermissionID,
+	})
+	if err != nil || pr.Permission == nil {
+		return false
+	}
+	// TODO @C0rby shouldn't the permissions service check this? aka shouldn't we call CheckPermission?
+	if pr.Permission.Constraint == v0.Permission_CONSTRAINT_OWN && !ownPersonalHome {
+		return false
+	}
+	return true
+}
+
 // CreateDrive creates a storage drive (space).
 func (g Graph) CreateDrive(w http.ResponseWriter, r *http.Request) {
 	us, ok := ctxpkg.ContextGetUser(r.Context())
@@ -159,12 +176,8 @@ func (g Graph) CreateDrive(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	s := settingssvc.NewPermissionService("com.owncloud.api.settings", grpc.DefaultClient)
-
-	_, err := s.GetPermissionByID(r.Context(), &settingssvc.GetPermissionByIDRequest{
-		PermissionId: settingsServiceExt.CreateSpacePermissionID,
-	})
-	if err != nil {
+	// TODO determine if the user tries to create his own personal space and pass that as a boolean
+	if !canCreateSpace(r.Context(), false) {
 		// if the permission is not existing for the user in context we can assume we don't have it. Return 401.
 		errorcode.GeneralException.Render(w, r, http.StatusUnauthorized, "insufficient permissions to create a space.")
 		return
@@ -418,6 +431,9 @@ func (g Graph) ListStorageSpacesWithFilters(ctx context.Context, filters []*stor
 }
 
 func (g Graph) cs3StorageSpaceToDrive(baseURL *url.URL, space *storageprovider.StorageSpace) (*libregraph.Drive, error) {
+	if space.Root == nil {
+		return nil, fmt.Errorf("space has no root")
+	}
 	rootID := resourceid.OwnCloudResourceIDWrap(space.Root)
 
 	var permissions []libregraph.Permission

diff --git a/ocis-pkg/metadata_storage/metadata_storage.go b/ocis-pkg/metadata_storage/metadata_storage.go
@@ -89,6 +89,9 @@ func (ms MetadataStorage) SimpleUpload(ctx context.Context, uploadpath string, c
 	if err != nil {
 		return err
 	}
+	if res.Status.Code != v1beta11.Code_CODE_OK {
+		return errtypes.NewErrtypeFromStatus(res.Status)
+	}
 
 	var endpoint string
 

diff --git a/settings/pkg/service/v0/settings.go b/settings/pkg/service/v0/settings.go
@@ -6,6 +6,9 @@ import (
 )
 
 const (
+	// BundleUUIDRoleMetadata represents the metadata user role
+	BundleUUIDRoleMetadata = "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad"
+
 	// BundleUUIDRoleAdmin represents the admin role
 	BundleUUIDRoleAdmin = "71881883-1768-46bd-a24d-a356a2afdf7f"
 
@@ -366,6 +369,24 @@ func generatePermissionRequests() []*settingssvc.AddSettingToBundleRequest {
 				},
 			},
 		},
+		{
+			BundleId: BundleUUIDRoleUser,
+			Setting: &settingsmsg.Setting{
+				Id:          CreateSpacePermissionID,
+				Name:        CreateSpacePermissionName,
+				DisplayName: "Create own Space",
+				Description: "This permission allows to create a space owned by the current user.",
+				Resource: &settingsmsg.Resource{
+					Type: settingsmsg.Resource_TYPE_SYSTEM, // TODO resource type space? self? me? own?
+				},
+				Value: &settingsmsg.Setting_PermissionValue{
+					PermissionValue: &settingsmsg.Permission{
+						Operation:  settingsmsg.Permission_OPERATION_CREATE,
+						Constraint: settingsmsg.Permission_CONSTRAINT_OWN,
+					},
+				},
+			},
+		},
 		{
 			BundleId: BundleUUIDRoleAdmin,
 			Setting: &settingsmsg.Setting{
@@ -402,11 +423,35 @@ func generatePermissionRequests() []*settingssvc.AddSettingToBundleRequest {
 				},
 			},
 		},
+		{
+			BundleId: BundleUUIDRoleMetadata,
+			Setting: &settingsmsg.Setting{
+				Id:          CreateSpacePermissionID,
+				Name:        CreateSpacePermissionName,
+				DisplayName: "Create own Space",
+				Description: "This permission allows to create a space owned by the current user.",
+				Resource: &settingsmsg.Resource{
+					Type: settingsmsg.Resource_TYPE_SYSTEM, // TODO resource type space? self? me? own?
+				},
+				Value: &settingsmsg.Setting_PermissionValue{
+					PermissionValue: &settingsmsg.Permission{
+						Operation:  settingsmsg.Permission_OPERATION_CREATE,
+						Constraint: settingsmsg.Permission_CONSTRAINT_OWN,
+					},
+				},
+			},
+		},
 	}
 }
 
 func defaultRoleAssignments() []*settingsmsg.UserRoleAssignment {
 	return []*settingsmsg.UserRoleAssignment{
+		// accounts service user for the metadata user is allowed to create spaces
+
+		{
+			AccountUuid: "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad",
+			RoleId:      BundleUUIDRoleAdmin,
+		},
 		// default admin users
 		{
 			AccountUuid: "058bff95-6708-4fe5-91e4-9ea3d377588b",

diff --git a/storage/pkg/command/storagedrivers/metadata.go b/storage/pkg/command/storagedrivers/metadata.go
@@ -50,11 +50,10 @@ func MetadataDrivers(cfg *config.Config) map[string]interface{} {
 		},
 		"ocis": map[string]interface{}{
 			"root":                cfg.Reva.MetadataStorage.OCIS.Root,
-			"enable_home":         false,
 			"user_layout":         cfg.Reva.MetadataStorage.OCIS.UserLayout,
 			"treetime_accounting": false,
 			"treesize_accounting": false,
-			"owner":               cfg.Reva.MetadataStorage.OCIS.ServiceUserUUID, // the accounts service system account uuid
+			"permissionssvc":      cfg.Reva.Permissions.Endpoint,
 		},
 		"s3": map[string]interface{}{
 			"region":     cfg.Reva.MetadataStorage.S3.Region,
@@ -69,7 +68,7 @@ func MetadataDrivers(cfg *config.Config) map[string]interface{} {
 			"user_layout":         cfg.Reva.MetadataStorage.S3NG.UserLayout,
 			"treetime_accounting": false,
 			"treesize_accounting": false,
-			"owner":               cfg.Reva.MetadataStorage.S3NG.ServiceUserUUID, // the accounts service system account uuid
+			"permissionssvc":      cfg.Reva.Permissions.Endpoint,
 			"s3.region":           cfg.Reva.MetadataStorage.S3NG.Region,
 			"s3.access_key":       cfg.Reva.MetadataStorage.S3NG.AccessKey,
 			"s3.secret_key":       cfg.Reva.MetadataStorage.S3NG.SecretKey,

diff --git a/storage/pkg/command/storagedrivers/user.go b/storage/pkg/command/storagedrivers/user.go
@@ -90,12 +90,11 @@ func UserDrivers(cfg *config.Config) map[string]interface{} {
 		},
 		"ocis": map[string]interface{}{
 			"root":                cfg.Reva.UserStorage.OCIS.Root,
-			"enable_home":         false,
 			"user_layout":         cfg.Reva.UserStorage.OCIS.UserLayout,
 			"share_folder":        cfg.Reva.UserStorage.OCIS.ShareFolder,
 			"treetime_accounting": true,
 			"treesize_accounting": true,
-			"owner":               cfg.Reva.UserStorage.OCIS.ServiceUserUUID, // the accounts service system account uuid
+			"permissionssvc":      cfg.Reva.Permissions.Endpoint,
 		},
 		"s3": map[string]interface{}{
 			"enable_home": false,
@@ -108,12 +107,11 @@ func UserDrivers(cfg *config.Config) map[string]interface{} {
 		},
 		"s3ng": map[string]interface{}{
 			"root":                cfg.Reva.UserStorage.S3NG.Root,
-			"enable_home":         false,
 			"user_layout":         cfg.Reva.UserStorage.S3NG.UserLayout,
 			"share_folder":        cfg.Reva.UserStorage.S3NG.ShareFolder,
 			"treetime_accounting": true,
 			"treesize_accounting": true,
-			"owner":               cfg.Reva.UserStorage.S3NG.ServiceUserUUID, // the accounts service system account uuid
+			"permissionssvc":      cfg.Reva.Permissions.Endpoint,
 			"s3.region":           cfg.Reva.UserStorage.S3NG.Region,
 			"s3.access_key":       cfg.Reva.UserStorage.S3NG.AccessKey,
 			"s3.secret_key":       cfg.Reva.UserStorage.S3NG.SecretKey,

diff --git a/storage/pkg/config/config.go b/storage/pkg/config/config.go
@@ -307,8 +307,6 @@ type DriverEOS struct {
 // DriverOCIS defines the available oCIS storage driver configuration.
 type DriverOCIS struct {
 	DriverCommon
-
-	ServiceUserUUID string `ocisConfig:"service_user_uuid"`
 }
 
 // DriverOwnCloudSQL defines the available ownCloudSQL storage driver configuration.
@@ -338,12 +336,11 @@ type DriverS3 struct {
 type DriverS3NG struct {
 	DriverCommon
 
-	ServiceUserUUID string `ocisConfig:"service_user_uuid"`
-	Region          string `ocisConfig:"region"`
-	AccessKey       string `ocisConfig:"access_key"`
-	SecretKey       string `ocisConfig:"secret_key"`
-	Endpoint        string `ocisConfig:"endpoint"`
-	Bucket          string `ocisConfig:"bucket"`
+	Region    string `ocisConfig:"region"`
+	AccessKey string `ocisConfig:"access_key"`
+	SecretKey string `ocisConfig:"secret_key"`
+	Endpoint  string `ocisConfig:"endpoint"`
+	Bucket    string `ocisConfig:"bucket"`
 }
 
 // OIDC defines the available OpenID Connect configuration.
@@ -1531,10 +1528,6 @@ func structMappings(cfg *Config) []shared.EnvBinding {
 			EnvVars:     []string{"STORAGE_USERS_DRIVER_OCIS_SHARE_FOLDER"},
 			Destination: &cfg.Reva.UserStorage.OCIS.ShareFolder,
 		},
-		{
-			EnvVars:     []string{"STORAGE_USERS_DRIVER_OCIS_SERVICE_USER_UUID"},
-			Destination: &cfg.Reva.UserStorage.OCIS.ServiceUserUUID,
-		},
 		// driver owncloud sql
 		{
 			EnvVars:     []string{"STORAGE_USERS_DRIVER_OWNCLOUDSQL_DATADIR"},
@@ -1604,10 +1597,6 @@ func structMappings(cfg *Config) []shared.EnvBinding {
 			EnvVars:     []string{"STORAGE_USERS_DRIVER_S3NG_LAYOUT"},
 			Destination: &cfg.Reva.UserStorage.S3NG.UserLayout,
 		},
-		{
-			EnvVars:     []string{"STORAGE_USERS_DRIVER_S3NG_SERVICE_USER_UUID"},
-			Destination: &cfg.Reva.UserStorage.S3NG.ServiceUserUUID,
-		},
 		{
 			EnvVars:     []string{"STORAGE_USERS_DRIVER_S3NG_SHARE_FOLDER"},
 			Destination: &cfg.Reva.UserStorage.S3NG.ShareFolder,
@@ -1718,10 +1707,6 @@ func structMappings(cfg *Config) []shared.EnvBinding {
 			EnvVars:     []string{"STORAGE_METADATA_DRIVER_OCIS_LAYOUT"},
 			Destination: &cfg.Reva.MetadataStorage.OCIS.UserLayout,
 		},
-		{
-			EnvVars:     []string{"STORAGE_METADATA_DRIVER_OCIS_SERVICE_USER_UUID"},
-			Destination: &cfg.Reva.MetadataStorage.OCIS.ServiceUserUUID,
-		},
 
 		// metadata driver s3
 		{
@@ -1754,10 +1739,6 @@ func structMappings(cfg *Config) []shared.EnvBinding {
 			EnvVars:     []string{"STORAGE_METADATA_DRIVER_S3NG_LAYOUT"},
 			Destination: &cfg.Reva.MetadataStorage.S3NG.UserLayout,
 		},
-		{
-			EnvVars:     []string{"STORAGE_METADATA_DRIVER_S3NG_SERVICE_USER_UUID"},
-			Destination: &cfg.Reva.MetadataStorage.S3NG.ServiceUserUUID,
-		},
 		{
 			EnvVars:     []string{"STORAGE_METADATA_DRIVER_S3NG_REGION"},
 			Destination: &cfg.Reva.MetadataStorage.S3NG.Region,

diff --git a/storage/pkg/config/defaultconfig.go b/storage/pkg/config/defaultconfig.go
@@ -13,7 +13,6 @@ const (
 	defaultStorageNamespace = "/users/{{.Id.OpaqueId}}"
 	defaultGatewayAddr      = "127.0.0.1:9142"
 	defaultUserLayout       = "{{.Id.OpaqueId}}"
-	defaultServiceUserUUID  = "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad"
 )
 
 func DefaultConfig() *Config {
@@ -141,20 +140,18 @@ func DefaultConfig() *Config {
 						UserLayout:  defaultUserLayout,
 						EnableHome:  false,
 					},
-					ServiceUserUUID: defaultServiceUserUUID,
-					Region:          "default",
-					AccessKey:       "",
-					SecretKey:       "",
-					Endpoint:        "",
-					Bucket:          "",
+					Region:    "default",
+					AccessKey: "",
+					SecretKey: "",
+					Endpoint:  "",
+					Bucket:    "",
 				},
 				OCIS: DriverOCIS{
 					DriverCommon: DriverCommon{
 						Root:        path.Join(defaults.BaseDataPath(), "storage", "users"),
 						ShareFolder: defaultShareFolder,
 						UserLayout:  defaultUserLayout,
 					},
-					ServiceUserUUID: defaultServiceUserUUID,
 				},
 			},
 			MetadataStorage: StorageConfig{
@@ -197,12 +194,11 @@ func DefaultConfig() *Config {
 						UserLayout:  defaultUserLayout,
 						EnableHome:  false,
 					},
-					ServiceUserUUID: defaultServiceUserUUID,
-					Region:          "default",
-					AccessKey:       "",
-					SecretKey:       "",
-					Endpoint:        "",
-					Bucket:          "",
+					Region:    "default",
+					AccessKey: "",
+					SecretKey: "",
+					Endpoint:  "",
+					Bucket:    "",
 				},
 				OCIS: DriverOCIS{
 					DriverCommon: DriverCommon{
@@ -211,7 +207,6 @@ func DefaultConfig() *Config {
 						UserLayout:  defaultUserLayout,
 						EnableHome:  false,
 					},
-					ServiceUserUUID: defaultServiceUserUUID,
 				},
 			},
 			Frontend: FrontendPort{