diff --git a/services/graph/pkg/service/v0/users.go b/services/graph/pkg/service/v0/users.go index 3d5532a598d..26dd4bde31d 100644 --- a/services/graph/pkg/service/v0/users.go +++ b/services/graph/pkg/service/v0/users.go @@ -159,6 +159,7 @@ func (g Graph) GetUser(w http.ResponseWriter, r *http.Request) { userID, err := url.PathUnescape(userID) if err != nil { errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "unescaping user id failed") + return } if userID == "" { @@ -175,11 +176,20 @@ func (g Graph) GetUser(w http.ResponseWriter, r *http.Request) { } else { errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, err.Error()) } + return } sel := strings.Split(r.URL.Query().Get("$select"), ",") exp := strings.Split(r.URL.Query().Get("$expand"), ",") if slices.Contains(sel, "drive") || slices.Contains(sel, "drives") || slices.Contains(exp, "drive") || slices.Contains(exp, "drives") { wdu, err := url.Parse(g.config.Spaces.WebDavBase + g.config.Spaces.WebDavPath) + if err != nil { + g.logger.Err(err). + Str("webdav_base", g.config.Spaces.WebDavBase). + Str("webdav_path", g.config.Spaces.WebDavPath). + Msg("error parsing webdav URL") + render.Status(r, http.StatusInternalServerError) + return + } f := listStorageSpacesUserFilter(user.GetId()) // use the unrestricted flag to get all possible spaces // users with the canListAllSpaces permission should see all spaces @@ -231,6 +241,7 @@ func (g Graph) DeleteUser(w http.ResponseWriter, r *http.Request) { userID, err := url.PathUnescape(userID) if err != nil { errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "unescaping user id failed") + return } if userID == "" { @@ -248,25 +259,26 @@ func (g Graph) DeleteUser(w http.ResponseWriter, r *http.Request) { }) if err != nil { errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "could not read spaces") + return } for _, sp := range lspr.GetStorageSpaces() { - if sp.SpaceType == "personal" { - if sp.Owner.Id.OpaqueId == userID { - // TODO: check if request contains a homespace and if, check if requesting user has the privilege to - // delete it and make sure it is not deleting its own homespace - // needs modification of the cs3api - _, err := g.gatewayClient.DeleteStorageSpace(r.Context(), &storageprovider.DeleteStorageSpaceRequest{ - Opaque: opaque, - Id: &storageprovider.StorageSpaceId{ - OpaqueId: sp.Id.OpaqueId, - }, - }) - if err != nil { - errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "could not delete homespace") - } - break - } + if !(sp.SpaceType == "personal" && sp.Owner.Id.OpaqueId == userID) { + continue + } + // TODO: check if request contains a homespace and if, check if requesting user has the privilege to + // delete it and make sure it is not deleting its own homespace + // needs modification of the cs3api + _, err := g.gatewayClient.DeleteStorageSpace(r.Context(), &storageprovider.DeleteStorageSpaceRequest{ + Opaque: opaque, + Id: &storageprovider.StorageSpaceId{ + OpaqueId: sp.Id.OpaqueId, + }, + }) + if err != nil { + errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "could not delete homespace") + return } + break } err = g.identityBackend.DeleteUser(r.Context(), userID) @@ -277,6 +289,7 @@ func (g Graph) DeleteUser(w http.ResponseWriter, r *http.Request) { errcode.Render(w, r) } else { errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, err.Error()) + return } } @@ -293,6 +306,7 @@ func (g Graph) PatchUser(w http.ResponseWriter, r *http.Request) { nameOrID, err := url.PathUnescape(nameOrID) if err != nil { errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "unescaping user id failed") + return } if nameOrID == "" { @@ -328,6 +342,7 @@ func (g Graph) PatchUser(w http.ResponseWriter, r *http.Request) { } else { errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, err.Error()) } + return } currentUser := ctxpkg.ContextMustGetUser(r.Context())