From c80c16a95aa95bdc748dbe59900d52984cc8d932 Mon Sep 17 00:00:00 2001
From: Ishank Arora <ishank011@gmail.com>
Date: Thu, 1 Jul 2021 16:46:02 +0200
Subject: [PATCH 1/2] Minor optimization in parsing EOS ACLs

---
 changelog/unreleased/eos-acl-optimization.md |  3 +++
 pkg/storage/utils/eosfs/eosfs.go             | 12 ++++++++----
 2 files changed, 11 insertions(+), 4 deletions(-)
 create mode 100644 changelog/unreleased/eos-acl-optimization.md

diff --git a/changelog/unreleased/eos-acl-optimization.md b/changelog/unreleased/eos-acl-optimization.md
new file mode 100644
index 0000000000..038bb6bdf2
--- /dev/null
+++ b/changelog/unreleased/eos-acl-optimization.md
@@ -0,0 +1,3 @@
+Enhancement: Minor optimization in parsing EOS ACLs
+
+https://github.com/cs3org/reva/pull/1855
diff --git a/pkg/storage/utils/eosfs/eosfs.go b/pkg/storage/utils/eosfs/eosfs.go
index f5888a48f6..39e0186cea 100644
--- a/pkg/storage/utils/eosfs/eosfs.go
+++ b/pkg/storage/utils/eosfs/eosfs.go
@@ -1520,12 +1520,16 @@ func (fs *eosfs) permissionSet(ctx context.Context, eosFileInfo *eosclient.FileI
 	var perm provider.ResourcePermissions
 	for _, e := range eosFileInfo.SysACL.Entries {
 		var userInGroup bool
-		for _, g := range u.Groups {
-			if e.Qualifier == g {
-				userInGroup = true
+		if e.Type == acl.TypeGroup {
+			for _, g := range u.Groups {
+				if e.Qualifier == g {
+					userInGroup = true
+					break
+				}
 			}
 		}
-		if e.Qualifier == uid || userInGroup {
+
+		if (e.Type == acl.TypeUser && e.Qualifier == uid) || userInGroup {
 			mergePermissions(&perm, grants.GetGrantPermissionSet(e.Permissions, eosFileInfo.IsDir))
 		}
 	}

From 5571caca6f19ab95ecded511806a93ea860b991e Mon Sep 17 00:00:00 2001
From: Ishank Arora <ishank011@gmail.com>
Date: Thu, 1 Jul 2021 17:32:10 +0200
Subject: [PATCH 2/2] Fix error message in ocm-invite-forward

---
 cmd/reva/ocm-invite-forward.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/reva/ocm-invite-forward.go b/cmd/reva/ocm-invite-forward.go
index 8af0869c3d..219132fc75 100644
--- a/cmd/reva/ocm-invite-forward.go
+++ b/cmd/reva/ocm-invite-forward.go
@@ -45,7 +45,7 @@ func ocmInviteForwardCommand() *command {
 			return errors.New("token cannot be empty: use -token flag\n" + cmd.Usage())
 		}
 		if *idp == "" {
-			return errors.New("Provider domain cannot be empty: use -provider flag\n" + cmd.Usage())
+			return errors.New("Provider domain cannot be empty: use -idp flag\n" + cmd.Usage())
 		}
 
 		ctx := getAuthContext()