From 670857436538959ad10fefaa602d421257bce3f4 Mon Sep 17 00:00:00 2001 From: Ishank Arora Date: Thu, 14 Oct 2021 18:37:49 +0200 Subject: [PATCH] Move code for public share scope expansion to grpc interceptor --- internal/grpc/interceptors/auth/auth.go | 4 +- internal/grpc/interceptors/auth/scope.go | 89 +++++++++++++------ internal/http/interceptors/auth/auth.go | 2 +- pkg/auth/scope/lightweight.go | 4 +- pkg/auth/scope/publicshare.go | 71 +++++---------- pkg/auth/scope/receivedshare.go | 4 +- pkg/auth/scope/resourceinfo.go | 7 +- pkg/auth/scope/scope.go | 8 +- pkg/auth/scope/share.go | 4 +- pkg/auth/scope/user.go | 4 +- .../fs/owncloudsql/owncloudsql_windows.go | 1 + .../decomposedfs/decomposedfs_windows.go | 1 + pkg/storage/utils/eosfs/eosfs_test.go | 1 + pkg/storage/utils/localfs/localfs_windows.go | 1 + 14 files changed, 97 insertions(+), 104 deletions(-) diff --git a/internal/grpc/interceptors/auth/auth.go b/internal/grpc/interceptors/auth/auth.go index 2b58d0c9673..1db27bb2b1c 100644 --- a/internal/grpc/interceptors/auth/auth.go +++ b/internal/grpc/interceptors/auth/auth.go @@ -224,7 +224,7 @@ func dismantleToken(ctx context.Context, tkn string, req interface{}, mgr token. } // Check if access to the resource is in the scope of the token - ok, err := scope.VerifyScope(ctx, tokenScope, req, client, mgr) + ok, err := scope.VerifyScope(ctx, tokenScope, req) if err != nil { return nil, errtypes.InternalError("error verifying scope of access token") } @@ -232,7 +232,7 @@ func dismantleToken(ctx context.Context, tkn string, req interface{}, mgr token. return u, nil } - if err = expandAndVerifyScope(ctx, req, tokenScope, gatewayAddr); err != nil { + if err = expandAndVerifyScope(ctx, req, tokenScope, gatewayAddr, mgr); err != nil { return nil, err } diff --git a/internal/grpc/interceptors/auth/scope.go b/internal/grpc/interceptors/auth/scope.go index 7cac0416b30..2d71f1dc9a1 100644 --- a/internal/grpc/interceptors/auth/scope.go +++ b/internal/grpc/interceptors/auth/scope.go @@ -23,20 +23,30 @@ import ( "strings" authpb "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1" + gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1" + userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1" rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1" collaboration "github.com/cs3org/go-cs3apis/cs3/sharing/collaboration/v1beta1" link "github.com/cs3org/go-cs3apis/cs3/sharing/link/v1beta1" provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1" registry "github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1" "github.com/cs3org/reva/pkg/appctx" + "github.com/cs3org/reva/pkg/auth/scope" + ctxpkg "github.com/cs3org/reva/pkg/ctx" "github.com/cs3org/reva/pkg/errtypes" statuspkg "github.com/cs3org/reva/pkg/rgrpc/status" "github.com/cs3org/reva/pkg/rgrpc/todo/pool" + "github.com/cs3org/reva/pkg/token" "github.com/cs3org/reva/pkg/utils" + "google.golang.org/grpc/metadata" ) -func expandAndVerifyScope(ctx context.Context, req interface{}, tokenScope map[string]*authpb.Scope, gatewayAddr string) error { +func expandAndVerifyScope(ctx context.Context, req interface{}, tokenScope map[string]*authpb.Scope, gatewayAddr string, mgr token.Manager) error { log := appctx.GetLogger(ctx) + client, err := pool.GetGatewayServiceClient(gatewayAddr) + if err != nil { + return err + } if ref, ok := extractRef(req); ok { // Check if req is of type *provider.Reference_Path @@ -53,7 +63,7 @@ func expandAndVerifyScope(ctx context.Context, req interface{}, tokenScope map[s if err != nil { continue } - if ok, err := checkResourcePath(ctx, ref, share.ResourceId, gatewayAddr); err == nil && ok { + if ok, err := checkIfNestedResource(ctx, ref, share.ResourceId, client, mgr); err == nil && ok { return nil } @@ -63,21 +73,17 @@ func expandAndVerifyScope(ctx context.Context, req interface{}, tokenScope map[s if err != nil { continue } - if ok, err := checkResourcePath(ctx, ref, share.ResourceId, gatewayAddr); err == nil && ok { + if ok, err := checkIfNestedResource(ctx, ref, share.ResourceId, client, mgr); err == nil && ok { return nil } case strings.HasPrefix(k, "lightweight"): - client, err := pool.GetGatewayServiceClient(gatewayAddr) - if err != nil { - continue - } shares, err := client.ListReceivedShares(ctx, &collaboration.ListReceivedSharesRequest{}) if err != nil || shares.Status.Code != rpc.Code_CODE_OK { log.Warn().Err(err).Msg("error listing received shares") continue } for _, share := range shares.Shares { - if ok, err := checkResourcePath(ctx, ref, share.Share.ResourceId, gatewayAddr); err == nil && ok { + if ok, err := checkIfNestedResource(ctx, ref, share.Share.ResourceId, client, mgr); err == nil && ok { return nil } } @@ -85,15 +91,17 @@ func expandAndVerifyScope(ctx context.Context, req interface{}, tokenScope map[s } } else { // ref has ID present - // The request might be coming from a share created for a lightweight account - // after the token was minted. - log.Info().Msgf("resolving ID reference against received shares to verify token scope %+v", ref.GetResourceId()) + // The request might be coming from + // - a resource present inside a shared folder, or + // - a share created for a lightweight account after the token was minted. + client, err := pool.GetGatewayServiceClient(gatewayAddr) if err != nil { return err } for k := range tokenScope { if strings.HasPrefix(k, "lightweight") { + log.Info().Msgf("resolving ID reference against received shares to verify token scope %+v", ref.GetResourceId()) shares, err := client.ListReceivedShares(ctx, &collaboration.ListReceivedSharesRequest{}) if err != nil || shares.Status.Code != rpc.Code_CODE_OK { log.Warn().Err(err).Msg("error listing received shares") @@ -104,6 +112,15 @@ func expandAndVerifyScope(ctx context.Context, req interface{}, tokenScope map[s return nil } } + } else if strings.HasPrefix(k, "publicshare") { + var share link.PublicShare + err := utils.UnmarshalJSONToProtoV1(tokenScope[k].Resource.Value, &share) + if err != nil { + continue + } + if ok, err := checkIfNestedResource(ctx, ref, share.ResourceId, client, mgr); err == nil && ok { + return nil + } } } } @@ -140,32 +157,50 @@ func expandAndVerifyScope(ctx context.Context, req interface{}, tokenScope map[s return errtypes.PermissionDenied("access to resource not allowed within the assigned scope") } -func checkResourcePath(ctx context.Context, ref *provider.Reference, r *provider.ResourceId, gatewayAddr string) (bool, error) { - client, err := pool.GetGatewayServiceClient(gatewayAddr) - if err != nil { - return false, err - } - +func checkIfNestedResource(ctx context.Context, ref *provider.Reference, parent *provider.ResourceId, client gateway.GatewayAPIClient, mgr token.Manager) (bool, error) { // Since the resource ID is obtained from the scope, the current token // has access to it. - statReq := &provider.StatRequest{ - Ref: &provider.Reference{ResourceId: r}, - } - - statResponse, err := client.Stat(ctx, statReq) + statResponse, err := client.Stat(ctx, &provider.StatRequest{Ref: &provider.Reference{ResourceId: parent}}) if err != nil { return false, err } if statResponse.Status.Code != rpc.Code_CODE_OK { return false, statuspkg.NewErrorFromCode(statResponse.Status.Code, "auth interceptor") } + parentPath := statResponse.Info.Path + + childPath := ref.GetPath() + if childPath == "" { + // We mint a token as the owner of the public share and try to stat the reference + // TODO(ishank011): We need to find a better alternative to this - if strings.HasPrefix(ref.GetPath(), statResponse.Info.Path) { - // The path corresponds to the resource to which the token has access. - // We allow access to it. - return true, nil + userResp, err := client.GetUser(ctx, &userpb.GetUserRequest{UserId: statResponse.Info.Owner}) + if err != nil || userResp.Status.Code != rpc.Code_CODE_OK { + return false, err + } + + scope, err := scope.AddOwnerScope(map[string]*authpb.Scope{}) + if err != nil { + return false, err + } + token, err := mgr.MintToken(ctx, userResp.User, scope) + if err != nil { + return false, err + } + ctx = metadata.AppendToOutgoingContext(context.Background(), ctxpkg.TokenHeader, token) + + childStat, err := client.Stat(ctx, &provider.StatRequest{Ref: ref}) + if err != nil { + return false, err + } + if childStat.Status.Code != rpc.Code_CODE_OK { + return false, statuspkg.NewErrorFromCode(childStat.Status.Code, "auth interceptor") + } + childPath = statResponse.Info.Path } - return false, nil + + return strings.HasPrefix(childPath, parentPath), nil + } func extractRef(req interface{}) (*provider.Reference, bool) { diff --git a/internal/http/interceptors/auth/auth.go b/internal/http/interceptors/auth/auth.go index 05be935ca9d..2e612f032f4 100644 --- a/internal/http/interceptors/auth/auth.go +++ b/internal/http/interceptors/auth/auth.go @@ -265,7 +265,7 @@ func New(m map[string]interface{}, unprotected []string) (global.Middleware, err } // ensure access to the resource is allowed - ok, err := scope.VerifyScope(ctx, tokenScope, r.URL.Path, client, tokenManager) + ok, err := scope.VerifyScope(ctx, tokenScope, r.URL.Path) if err != nil { log.Error().Err(err).Msg("error verifying scope of access token") w.WriteHeader(http.StatusInternalServerError) diff --git a/pkg/auth/scope/lightweight.go b/pkg/auth/scope/lightweight.go index 0480723b5f4..8256f3f09be 100644 --- a/pkg/auth/scope/lightweight.go +++ b/pkg/auth/scope/lightweight.go @@ -22,16 +22,14 @@ import ( "context" authpb "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1" - gatewayv1beta1 "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1" collaboration "github.com/cs3org/go-cs3apis/cs3/sharing/collaboration/v1beta1" provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1" types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1" - "github.com/cs3org/reva/pkg/token" "github.com/cs3org/reva/pkg/utils" "github.com/rs/zerolog" ) -func lightweightAccountScope(_ context.Context, scope *authpb.Scope, resource interface{}, _ *zerolog.Logger, _ gatewayv1beta1.GatewayAPIClient, _ token.Manager) (bool, error) { +func lightweightAccountScope(_ context.Context, scope *authpb.Scope, resource interface{}, _ *zerolog.Logger) (bool, error) { // Lightweight accounts have access to resources shared with them. // These cannot be resolved from here, but need to be added to the scope from // where the call to mint tokens is made. diff --git a/pkg/auth/scope/publicshare.go b/pkg/auth/scope/publicshare.go index aacd14b746a..4ce075acca1 100644 --- a/pkg/auth/scope/publicshare.go +++ b/pkg/auth/scope/publicshare.go @@ -28,21 +28,16 @@ import ( authpb "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1" gatewayv1beta1 "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1" userv1beta1 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1" - rpcv1beta1 "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1" link "github.com/cs3org/go-cs3apis/cs3/sharing/link/v1beta1" provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1" registry "github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1" types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1" "github.com/cs3org/reva/pkg/errtypes" - "github.com/cs3org/reva/pkg/token" "github.com/cs3org/reva/pkg/utils" "github.com/rs/zerolog" - "google.golang.org/grpc/metadata" - - ctxpkg "github.com/cs3org/reva/pkg/ctx" ) -func publicshareScope(ctx context.Context, scope *authpb.Scope, resource interface{}, logger *zerolog.Logger, client gatewayv1beta1.GatewayAPIClient, mgr token.Manager) (bool, error) { +func publicshareScope(ctx context.Context, scope *authpb.Scope, resource interface{}, logger *zerolog.Logger) (bool, error) { var share link.PublicShare err := utils.UnmarshalJSONToProtoV1(scope.Resource.Value, &share) if err != nil { @@ -52,37 +47,39 @@ func publicshareScope(ctx context.Context, scope *authpb.Scope, resource interfa switch v := resource.(type) { // Viewer role case *registry.GetStorageProvidersRequest: - return checkStorageRef(ctx, &share, v.GetRef(), client, mgr), nil + return checkStorageRef(ctx, &share, v.GetRef()), nil case *provider.StatRequest: - return checkStorageRef(ctx, &share, v.GetRef(), client, mgr), nil + return checkStorageRef(ctx, &share, v.GetRef()), nil case *provider.ListContainerRequest: - return checkStorageRef(ctx, &share, v.GetRef(), client, mgr), nil + return checkStorageRef(ctx, &share, v.GetRef()), nil case *provider.InitiateFileDownloadRequest: - return checkStorageRef(ctx, &share, v.GetRef(), client, mgr), nil + return checkStorageRef(ctx, &share, v.GetRef()), nil // Editor role // TODO(ishank011): Add role checks, // need to return appropriate status codes in the ocs/ocdav layers. case *provider.CreateContainerRequest: - return checkStorageRef(ctx, &share, v.GetRef(), client, mgr), nil + return checkStorageRef(ctx, &share, v.GetRef()), nil case *provider.DeleteRequest: - return checkStorageRef(ctx, &share, v.GetRef(), client, mgr), nil + return checkStorageRef(ctx, &share, v.GetRef()), nil case *provider.MoveRequest: - return checkStorageRef(ctx, &share, v.GetSource(), client, mgr) && checkStorageRef(ctx, &share, v.GetDestination(), client, mgr), nil + return checkStorageRef(ctx, &share, v.GetSource()) && checkStorageRef(ctx, &share, v.GetDestination()), nil case *provider.InitiateFileUploadRequest: - return checkStorageRef(ctx, &share, v.GetRef(), client, mgr), nil + return checkStorageRef(ctx, &share, v.GetRef()), nil + case *provider.SetArbitraryMetadataRequest: + return checkStorageRef(ctx, &share, v.GetRef()), nil + case *provider.UnsetArbitraryMetadataRequest: + return checkStorageRef(ctx, &share, v.GetRef()), nil + + // App provider requests case *appregistry.GetAppProvidersRequest: - return checkStorageRef(ctx, &share, &provider.Reference{ResourceId: v.ResourceInfo.Id}, client, mgr), nil + return checkStorageRef(ctx, &share, &provider.Reference{ResourceId: v.ResourceInfo.Id}), nil case *appregistry.GetDefaultAppProviderForMimeTypeRequest: return true, nil case *appprovider.OpenInAppRequest: - return checkStorageRef(ctx, &share, &provider.Reference{ResourceId: v.ResourceInfo.Id}, client, mgr), nil + return checkStorageRef(ctx, &share, &provider.Reference{ResourceId: v.ResourceInfo.Id}), nil case *gatewayv1beta1.OpenInAppRequest: - return checkStorageRef(ctx, &share, v.GetRef(), client, mgr), nil - case *provider.SetArbitraryMetadataRequest: - return checkStorageRef(ctx, &share, v.GetRef(), client, mgr), nil - case *provider.UnsetArbitraryMetadataRequest: - return checkStorageRef(ctx, &share, v.GetRef(), client, mgr), nil + return checkStorageRef(ctx, &share, v.GetRef()), nil case *userv1beta1.GetUserByClaimRequest: return true, nil @@ -98,38 +95,10 @@ func publicshareScope(ctx context.Context, scope *authpb.Scope, resource interfa return false, errtypes.InternalError(msg) } -func checkStorageRef(ctx context.Context, s *link.PublicShare, r *provider.Reference, client gatewayv1beta1.GatewayAPIClient, mgr token.Manager) bool { +func checkStorageRef(ctx context.Context, s *link.PublicShare, r *provider.Reference) bool { // r: path:$path > > if r.ResourceId != nil && r.Path == "" { // path must be empty - if utils.ResourceIDEqual(s.ResourceId, r.GetResourceId()) { - return true - } - shareStat, err := client.Stat(ctx, &provider.StatRequest{Ref: &provider.Reference{ResourceId: s.ResourceId}}) - if err != nil || shareStat.Status.Code != rpcv1beta1.Code_CODE_OK { - return false - } - - userResp, err := client.GetUserByClaim(ctx, &userv1beta1.GetUserByClaimRequest{Claim: "userid", Value: shareStat.Info.Owner.OpaqueId}) - if err != nil || userResp.Status.Code != rpcv1beta1.Code_CODE_OK { - return false - } - - scope, err := AddOwnerScope(map[string]*authpb.Scope{}) - if err != nil { - return false - } - token, err := mgr.MintToken(ctx, userResp.User, scope) - if err != nil { - return false - } - - ctx = metadata.AppendToOutgoingContext(context.Background(), ctxpkg.TokenHeader, token) - refStat, err := client.Stat(ctx, &provider.StatRequest{Ref: r}) - if err != nil || refStat.Status.Code != rpcv1beta1.Code_CODE_OK { - return false - } - - return strings.HasPrefix(refStat.Info.Path, shareStat.Info.Path) + return utils.ResourceIDEqual(s.ResourceId, r.GetResourceId()) } // r: diff --git a/pkg/auth/scope/receivedshare.go b/pkg/auth/scope/receivedshare.go index c502e37194d..2974b0ca2a7 100644 --- a/pkg/auth/scope/receivedshare.go +++ b/pkg/auth/scope/receivedshare.go @@ -23,16 +23,14 @@ import ( "fmt" authpb "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1" - gatewayv1beta1 "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1" collaboration "github.com/cs3org/go-cs3apis/cs3/sharing/collaboration/v1beta1" types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1" "github.com/cs3org/reva/pkg/errtypes" - "github.com/cs3org/reva/pkg/token" "github.com/cs3org/reva/pkg/utils" "github.com/rs/zerolog" ) -func receivedShareScope(_ context.Context, scope *authpb.Scope, resource interface{}, logger *zerolog.Logger, _ gatewayv1beta1.GatewayAPIClient, _ token.Manager) (bool, error) { +func receivedShareScope(_ context.Context, scope *authpb.Scope, resource interface{}, logger *zerolog.Logger) (bool, error) { var share collaboration.ReceivedShare err := utils.UnmarshalJSONToProtoV1(scope.Resource.Value, &share) if err != nil { diff --git a/pkg/auth/scope/resourceinfo.go b/pkg/auth/scope/resourceinfo.go index 50cbce4d9c5..e4dc09ba8c6 100644 --- a/pkg/auth/scope/resourceinfo.go +++ b/pkg/auth/scope/resourceinfo.go @@ -23,20 +23,17 @@ import ( "fmt" "strings" - appregistry "github.com/cs3org/go-cs3apis/cs3/app/registry/v1beta1" authpb "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1" - gatewayv1beta1 "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1" provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1" registry "github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1" "github.com/rs/zerolog" types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1" "github.com/cs3org/reva/pkg/errtypes" - "github.com/cs3org/reva/pkg/token" "github.com/cs3org/reva/pkg/utils" ) -func resourceinfoScope(_ context.Context, scope *authpb.Scope, resource interface{}, logger *zerolog.Logger, _ gatewayv1beta1.GatewayAPIClient, _ token.Manager) (bool, error) { +func resourceinfoScope(_ context.Context, scope *authpb.Scope, resource interface{}, logger *zerolog.Logger) (bool, error) { var r provider.ResourceInfo err := utils.UnmarshalJSONToProtoV1(scope.Resource.Value, &r) if err != nil { @@ -45,8 +42,6 @@ func resourceinfoScope(_ context.Context, scope *authpb.Scope, resource interfac switch v := resource.(type) { // Viewer role - case *appregistry.GetDefaultAppProviderForMimeTypeRequest: - return true, nil case *registry.GetStorageProvidersRequest: return checkResourceInfo(&r, v.GetRef()), nil case *provider.StatRequest: diff --git a/pkg/auth/scope/scope.go b/pkg/auth/scope/scope.go index 6871a38ae73..eccdbed496e 100644 --- a/pkg/auth/scope/scope.go +++ b/pkg/auth/scope/scope.go @@ -23,14 +23,12 @@ import ( "strings" authpb "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1" - gatewayv1beta1 "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1" "github.com/cs3org/reva/pkg/appctx" - "github.com/cs3org/reva/pkg/token" "github.com/rs/zerolog" ) // Verifier is the function signature which every scope verifier should implement. -type Verifier func(context.Context, *authpb.Scope, interface{}, *zerolog.Logger, gatewayv1beta1.GatewayAPIClient, token.Manager) (bool, error) +type Verifier func(context.Context, *authpb.Scope, interface{}, *zerolog.Logger) (bool, error) var supportedScopes = map[string]Verifier{ "user": userScope, @@ -43,12 +41,12 @@ var supportedScopes = map[string]Verifier{ // VerifyScope is the function to be called when dismantling tokens to check if // the token has access to a particular resource. -func VerifyScope(ctx context.Context, scopeMap map[string]*authpb.Scope, resource interface{}, client gatewayv1beta1.GatewayAPIClient, mgr token.Manager) (bool, error) { +func VerifyScope(ctx context.Context, scopeMap map[string]*authpb.Scope, resource interface{}) (bool, error) { logger := appctx.GetLogger(ctx) for k, scope := range scopeMap { for s, f := range supportedScopes { if strings.HasPrefix(k, s) { - if valid, err := f(ctx, scope, resource, logger, client, mgr); err == nil && valid { + if valid, err := f(ctx, scope, resource, logger); err == nil && valid { return true, nil } } diff --git a/pkg/auth/scope/share.go b/pkg/auth/scope/share.go index b72648ca51c..1e29fd44e12 100644 --- a/pkg/auth/scope/share.go +++ b/pkg/auth/scope/share.go @@ -24,18 +24,16 @@ import ( "strings" authpb "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1" - gatewayv1beta1 "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1" collaboration "github.com/cs3org/go-cs3apis/cs3/sharing/collaboration/v1beta1" provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1" registry "github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1" types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1" "github.com/cs3org/reva/pkg/errtypes" - "github.com/cs3org/reva/pkg/token" "github.com/cs3org/reva/pkg/utils" "github.com/rs/zerolog" ) -func shareScope(_ context.Context, scope *authpb.Scope, resource interface{}, logger *zerolog.Logger, _ gatewayv1beta1.GatewayAPIClient, _ token.Manager) (bool, error) { +func shareScope(_ context.Context, scope *authpb.Scope, resource interface{}, logger *zerolog.Logger) (bool, error) { var share collaboration.Share err := utils.UnmarshalJSONToProtoV1(scope.Resource.Value, &share) if err != nil { diff --git a/pkg/auth/scope/user.go b/pkg/auth/scope/user.go index c1b410363bf..b20330caf16 100644 --- a/pkg/auth/scope/user.go +++ b/pkg/auth/scope/user.go @@ -22,15 +22,13 @@ import ( "context" authpb "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1" - gatewayv1beta1 "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1" provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1" types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1" - "github.com/cs3org/reva/pkg/token" "github.com/cs3org/reva/pkg/utils" "github.com/rs/zerolog" ) -func userScope(_ context.Context, scope *authpb.Scope, resource interface{}, _ *zerolog.Logger, _ gatewayv1beta1.GatewayAPIClient, _ token.Manager) (bool, error) { +func userScope(_ context.Context, scope *authpb.Scope, resource interface{}, _ *zerolog.Logger) (bool, error) { // Always return true. Registered users can access all paths. // TODO(ishank011): Add checks for read/write permissions. return true, nil diff --git a/pkg/storage/fs/owncloudsql/owncloudsql_windows.go b/pkg/storage/fs/owncloudsql/owncloudsql_windows.go index 7d2d07b46f1..6abd8e10985 100644 --- a/pkg/storage/fs/owncloudsql/owncloudsql_windows.go +++ b/pkg/storage/fs/owncloudsql/owncloudsql_windows.go @@ -16,6 +16,7 @@ // granted to it by virtue of its status as an Intergovernmental Organization // or submit itself to any jurisdiction. +//go:build windows // +build windows package owncloudsql diff --git a/pkg/storage/utils/decomposedfs/decomposedfs_windows.go b/pkg/storage/utils/decomposedfs/decomposedfs_windows.go index 4431173404d..e4a6c18236d 100644 --- a/pkg/storage/utils/decomposedfs/decomposedfs_windows.go +++ b/pkg/storage/utils/decomposedfs/decomposedfs_windows.go @@ -16,6 +16,7 @@ // granted to it by virtue of its status as an Intergovernmental Organization // or submit itself to any jurisdiction. +//go:build windows // +build windows package decomposedfs diff --git a/pkg/storage/utils/eosfs/eosfs_test.go b/pkg/storage/utils/eosfs/eosfs_test.go index 72a9ad95ceb..6b433aaaf3f 100644 --- a/pkg/storage/utils/eosfs/eosfs_test.go +++ b/pkg/storage/utils/eosfs/eosfs_test.go @@ -16,6 +16,7 @@ // granted to it by virtue of its status as an Intergovernmental Organization // or submit itself to any jurisdiction. +//go:build eos // +build eos package eosfs diff --git a/pkg/storage/utils/localfs/localfs_windows.go b/pkg/storage/utils/localfs/localfs_windows.go index 7dcab15cc44..1cc33dd6c9d 100644 --- a/pkg/storage/utils/localfs/localfs_windows.go +++ b/pkg/storage/utils/localfs/localfs_windows.go @@ -16,6 +16,7 @@ // granted to it by virtue of its status as an Intergovernmental Organization // or submit itself to any jurisdiction. +//go:build windows // +build windows package localfs