Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extend ServiceAccount Permissions #4544

Closed
wants to merge 1,917 commits into from

Conversation

kobergj
Copy link
Contributor

@kobergj kobergj commented Mar 1, 2024

aduffeck and others added 30 commits December 14, 2023 09:26
Instead of relying on the calling service for permission checks, we're now
checking if the requesting user has sufficient permission for performing an update
in the shareprovider itself.
Check the UpateShare call for success, before trying ot update the grants on
the shared resource.
Bump golangci-lint to v1.55.2, the old version we had seems to cause issues
with some go1.21 code. Also remove some deprecated linters that no longer seem
to work correctly. Also bump setup-go to v4 (as in master).
Signed-off-by: jkoberg <jkoberg@owncloud.com>
Signed-off-by: jkoberg <jkoberg@owncloud.com>
feat: add permission checking to public share provider
Signed-off-by: jkoberg <jkoberg@owncloud.com>
usershareprovider: check permissions before updating a share
added the ability to disable the password policy
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

fix upload binPath

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
butonic and others added 25 commits February 20, 2024 14:40
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
The fetchShares call is already stat'ing the resource a few lines above.
If that didn't return and info, why should it do here?
When listing the sharejail root, merge shares that target the same resource
into a single resource. In order to avoid the resourceId changing randomly the
id will be composed from the oldest accepted share that exist for the resource.

Ideally we'd compose the resourceId based on the id of the shared resource, but
that is currently not possible in a backwards compatible way. Some clients seem
to rely on the fact that the resource ids in the sharejail contain valid shareids.

Fixes: owncloud/ocis#8080
fix(sharesstorageprovider): Merge shares of the same resourceid
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
…check

drop unnecessary grant exists check
Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de>

Signed-off-by: Christian Richter <crichter@owncloud.com>
Signed-off-by: Christian Richter <crichter@owncloud.com>
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
fix remove/update share permissions when the file is locked
[tests-only][full-ci]bump latest ocis commit id
Signed-off-by: jkoberg <jkoberg@owncloud.com>
Signed-off-by: jkoberg <jkoberg@owncloud.com>
Copy link

update-docs bot commented Mar 1, 2024

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

@kobergj kobergj closed this Mar 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.