diff --git a/internal/grpc/interceptors/auth/scope.go b/internal/grpc/interceptors/auth/scope.go index 6a250c46a8..da7518fec5 100644 --- a/internal/grpc/interceptors/auth/scope.go +++ b/internal/grpc/interceptors/auth/scope.go @@ -164,6 +164,8 @@ func expandAndVerifyScope(ctx context.Context, req interface{}, tokenScope map[s } } } + } else if _, ok := listStorageSpaces(req); ok { + return nil } return errtypes.PermissionDenied("access to resource not allowed within the assigned scope") @@ -245,13 +247,13 @@ func extractRef(req interface{}, hasEditorRole bool) (*provider.Reference, bool) case *provider.InitiateFileDownloadRequest: return v.GetRef(), true case *appprovider.OpenInAppRequest: - return &provider.Reference{ResourceId: v.ResourceInfo.Id}, true + return &provider.Reference{ResourceId: v.ResourceInfo.Id, Path: "."}, true case *gateway.OpenInAppRequest: return v.GetRef(), true // App provider requests case *appregistry.GetAppProvidersRequest: - return &provider.Reference{ResourceId: v.ResourceInfo.Id}, true + return &provider.Reference{ResourceId: v.ResourceInfo.Id, Path: "."}, true } if !hasEditorRole { @@ -288,3 +290,16 @@ func extractShareRef(req interface{}) (*collaboration.ShareReference, bool) { } return nil, false } + +func listStorageSpaces(req interface{}) (*provider.ListStorageSpacesRequest, bool) { + switch req.(type) { + case *provider.ListStorageSpacesRequest: + // TODO: checks + return nil, true + case *registry.ListStorageProvidersRequest: + // TODO: checks + return nil, true + default: + return nil, false + } +} diff --git a/internal/http/services/appprovider/appprovider.go b/internal/http/services/appprovider/appprovider.go index 92b30ba271..f0527abf64 100644 --- a/internal/http/services/appprovider/appprovider.go +++ b/internal/http/services/appprovider/appprovider.go @@ -349,6 +349,7 @@ func (s *svc) handleOpen(w http.ResponseWriter, r *http.Request) { fileRef := &provider.Reference{ ResourceId: resourceID, + Path: ".", } statRes, err := client.Stat(ctx, &provider.StatRequest{Ref: fileRef})