Skip to content

Commit

Permalink
allow links without permissions
Browse files Browse the repository at this point in the history 
Signed-off-by: jkoberg <jkoberg@owncloud.com>
  • Loading branch information
@kobergj
kobergj committed Mar 28, 2022
1 parent 7ccf505 commit 2b15385
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 17 deletions.
2 changes: 1 addition & 1 deletion internal/http/services/owncloud/ocs/conversions/permissions.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ var (
// The value must be in the valid range.
func NewPermissions(val int) (Permissions, error) {
if val == int(PermissionInvalid) {
return PermissionInvalid, fmt.Errorf("permissions %d out of range %d - %d", val, PermissionRead, PermissionAll)
return PermissionInvalid, nil //fmt.Errorf("permissions %d out of range %d - %d", val, PermissionRead, PermissionAll)
} else if val < int(PermissionInvalid) || int(PermissionAll) < val {
return PermissionInvalid, ErrPermissionNotInRange
}
Expand Down
13 changes: 13 additions & 0 deletions internal/http/services/owncloud/ocs/conversions/role.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,15 @@ func NewUploaderRole() *Role {
}
}

// NewNoneRole creates a role with no permissions
func NewNoneRole() *Role {
return &Role{
Name: "none",
cS3ResourcePermissions: &provider.ResourcePermissions{},
ocsPermissions: PermissionInvalid,
}
}

// NewManagerRole creates an manager role
func NewManagerRole() *Role {
return &Role{
Expand Down Expand Up @@ -254,6 +263,10 @@ func NewManagerRole() *Role {

// RoleFromOCSPermissions tries to map ocs permissions to a role
func RoleFromOCSPermissions(p Permissions) *Role {
if p == PermissionInvalid {
return NewNoneRole()
}

if p.Contain(PermissionRead) {
if p.Contain(PermissionWrite) && p.Contain(PermissionCreate) && p.Contain(PermissionDelete) {
if p.Contain(PermissionShare) {
Expand Down
2 changes: 2 additions & 0 deletions internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/public.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -497,6 +497,8 @@ func permissionFromRequest(r *http.Request, h *Handler) (*provider.ResourcePermi

// Maps oc10 public link permissions to roles
var ocPublicPermToRole = map[int]string{
// Recipients can do nothing
0: "none",
// Recipients can view and download contents.
1: "viewer",
// Recipients can view, download and edit single files.
Expand Down
34 changes: 18 additions & 16 deletions internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -426,27 +426,29 @@ func (h *Handler) extractPermissions(w http.ResponseWriter, r *http.Request, ri
}

permissions := role.OCSPermissions()
if ri != nil && ri.Type == provider.ResourceType_RESOURCE_TYPE_FILE {
// Single file shares should never have delete or create permissions
permissions &^= conversions.PermissionCreate
permissions &^= conversions.PermissionDelete
if permissions == conversions.PermissionInvalid {
/*
if ri != nil && ri.Type == provider.ResourceType_RESOURCE_TYPE_FILE {
// Single file shares should never have delete or create permissions
permissions &^= conversions.PermissionCreate
permissions &^= conversions.PermissionDelete
if permissions == conversions.PermissionInvalid {
return nil, nil, &ocsError{
Code: response.MetaBadRequest.StatusCode,
Message: "Cannot set the requested share permissions",
Error: errors.New("cannot set the requested share permissions"),
}
}
}
existingPermissions := conversions.RoleFromResourcePermissions(ri.PermissionSet).OCSPermissions()
if permissions == conversions.PermissionInvalid || !existingPermissions.Contain(permissions) {
return nil, nil, &ocsError{
Code: response.MetaBadRequest.StatusCode,
Code: http.StatusNotFound,
Message: "Cannot set the requested share permissions",
Error: errors.New("cannot set the requested share permissions"),
}
}
}

existingPermissions := conversions.RoleFromResourcePermissions(ri.PermissionSet).OCSPermissions()
if permissions == conversions.PermissionInvalid || !existingPermissions.Contain(permissions) {
return nil, nil, &ocsError{
Code: http.StatusNotFound,
Message: "Cannot set the requested share permissions",
Error: errors.New("cannot set the requested share permissions"),
}
}
*/

role = conversions.RoleFromOCSPermissions(permissions)
roleMap := map[string]string{"name": role.Name}
Expand Down

0 comments on commit 2b15385

Please sign in to comment.