From 557e6b1750ba1af38079cc01a39faec6a2df9857 Mon Sep 17 00:00:00 2001
From: "A.Unger" <zyxancf@gmail.com>
Date: Tue, 14 Sep 2021 10:13:03 +0200
Subject: [PATCH] cleanup roles.go file

---
 .../services/owncloud/ocs/conversions/role.go | 138 +++++++-----------
 1 file changed, 51 insertions(+), 87 deletions(-)

diff --git a/internal/http/services/owncloud/ocs/conversions/role.go b/internal/http/services/owncloud/ocs/conversions/role.go
index 251fc542da..f04bd7cabd 100644
--- a/internal/http/services/owncloud/ocs/conversions/role.go
+++ b/internal/http/services/owncloud/ocs/conversions/role.go
@@ -26,7 +26,7 @@ import (
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 )
 
-// Role describes the interface to transform different permission sets into each other
+// Role is a set of ocs permissions and cs3 resource permissions under a common name.
 type Role struct {
 	Name                   string
 	cS3ResourcePermissions *provider.ResourcePermissions
@@ -34,22 +34,23 @@ type Role struct {
 }
 
 const (
-	// RoleUnknown is used for unknown roles
-	RoleUnknown string = "unknown"
-	// RoleLegacy provides backwards compatibility
-	RoleLegacy string = "legacy"
-	// RoleViewer grants non-editor role on a resource
-	RoleViewer string = "viewer"
-	// RoleEditor grants editor permission on a resource, including folders
-	RoleEditor string = "editor"
-	// RoleFileEditor grants editor permission on a single file
-	RoleFileEditor string = "file-editor"
-	// RoleCoowner grants owner permissions on a resource
-	RoleCoowner string = "coowner"
-	// RoleUploader FIXME: uploader role with only write permission can use InitiateFileUpload, not anything else
-	RoleUploader string = "uploader"
+	// RoleViewer grants non-editor role on a resource.
+	RoleViewer = "viewer"
+	// RoleEditor grants editor permission on a resource, including folders.
+	RoleEditor = "editor"
+	// RoleFileEditor grants editor permission on a single file.
+	RoleFileEditor = "file-editor"
+	// RoleCoowner grants co-owner permissions on a resource.
+	RoleCoowner = "coowner"
+	// RoleUploader grants uploader permission to upload onto a resource.
+	RoleUploader = "uploader"
 	// RoleManager grants manager permissions on a resource. Semantically equivalent to co-owner.
-	RoleManager string = "manager"
+	RoleManager = "manager"
+
+	// RoleUnknown is used for unknown roles.
+	RoleUnknown = "unknown"
+	// RoleLegacy provides backwards compatibility.
+	RoleLegacy = "legacy"
 )
 
 // CS3ResourcePermissions for the role
@@ -93,7 +94,6 @@ func (r *Role) OCSPermissions() Permissions {
 // M = Mounted
 func (r *Role) WebDAVPermissions(isDir, isShared, isMountpoint, isPublic bool) string {
 	var b strings.Builder
-	// b.Grow(7)
 	if !isPublic && isShared {
 		fmt.Fprintf(&b, "S")
 	}
@@ -138,7 +138,7 @@ func RoleFromName(name string) *Role {
 	}
 }
 
-// NewUnknownRole creates an unknown role
+// NewUnknownRole creates an unknown role. An Unknown role has no permissions over a cs3 resource nor any ocs endpoint.
 func NewUnknownRole() *Role {
 	return &Role{
 		Name:                   RoleUnknown,
@@ -152,7 +152,6 @@ func NewViewerRole() *Role {
 	return &Role{
 		Name: RoleViewer,
 		cS3ResourcePermissions: &provider.ResourcePermissions{
-			// read
 			GetPath:              true,
 			GetQuota:             true,
 			InitiateFileDownload: true,
@@ -171,7 +170,6 @@ func NewEditorRole() *Role {
 	return &Role{
 		Name: RoleEditor,
 		cS3ResourcePermissions: &provider.ResourcePermissions{
-			// read
 			GetPath:              true,
 			GetQuota:             true,
 			InitiateFileDownload: true,
@@ -180,21 +178,13 @@ func NewEditorRole() *Role {
 			ListFileVersions:     true,
 			ListRecycle:          true,
 			Stat:                 true,
-
-			// write
-			InitiateFileUpload: true,
-			RestoreFileVersion: true,
-			RestoreRecycleItem: true,
-
-			// create
-			CreateContainer: true,
-
-			// delete
-			Delete: true,
-
-			// not sure where to put these, but they are part of an editor
-			Move:         true,
-			PurgeRecycle: true,
+			InitiateFileUpload:   true,
+			RestoreFileVersion:   true,
+			RestoreRecycleItem:   true,
+			CreateContainer:      true,
+			Delete:               true,
+			Move:                 true,
+			PurgeRecycle:         true,
 		},
 		ocsPermissions: PermissionRead | PermissionCreate | PermissionWrite | PermissionDelete,
 	}
@@ -205,7 +195,6 @@ func NewFileEditorRole() *Role {
 	return &Role{
 		Name: RoleEditor,
 		cS3ResourcePermissions: &provider.ResourcePermissions{
-			// read
 			GetPath:              true,
 			GetQuota:             true,
 			InitiateFileDownload: true,
@@ -214,11 +203,9 @@ func NewFileEditorRole() *Role {
 			ListFileVersions:     true,
 			ListRecycle:          true,
 			Stat:                 true,
-
-			// write
-			InitiateFileUpload: true,
-			RestoreFileVersion: true,
-			RestoreRecycleItem: true,
+			InitiateFileUpload:   true,
+			RestoreFileVersion:   true,
+			RestoreRecycleItem:   true,
 		},
 		ocsPermissions: PermissionRead | PermissionWrite,
 	}
@@ -229,7 +216,6 @@ func NewCoownerRole() *Role {
 	return &Role{
 		Name: RoleCoowner,
 		cS3ResourcePermissions: &provider.ResourcePermissions{
-			// read
 			GetPath:              true,
 			GetQuota:             true,
 			InitiateFileDownload: true,
@@ -238,26 +224,16 @@ func NewCoownerRole() *Role {
 			ListFileVersions:     true,
 			ListRecycle:          true,
 			Stat:                 true,
-
-			// write
-			InitiateFileUpload: true,
-			RestoreFileVersion: true,
-			RestoreRecycleItem: true,
-
-			// create
-			CreateContainer: true,
-
-			// delete
-			Delete: true,
-
-			// not sure where to put these, but they are part of an editor
-			Move:         true,
-			PurgeRecycle: true,
-
-			// grants
-			AddGrant:    true,
-			UpdateGrant: true,
-			RemoveGrant: true,
+			InitiateFileUpload:   true,
+			RestoreFileVersion:   true,
+			RestoreRecycleItem:   true,
+			CreateContainer:      true,
+			Delete:               true,
+			Move:                 true,
+			PurgeRecycle:         true,
+			AddGrant:             true,
+			UpdateGrant:          true,
+			RemoveGrant:          true,
 		},
 		ocsPermissions: PermissionAll,
 	}
@@ -268,15 +244,10 @@ func NewUploaderRole() *Role {
 	return &Role{
 		Name: RoleViewer,
 		cS3ResourcePermissions: &provider.ResourcePermissions{
-			// he will need to make stat requests
-			// TODO and List requests
-			Stat:          true,
-			ListContainer: true,
-			// read
-			GetPath: true,
-			// mkdir
-			CreateContainer: true,
-			// upload
+			Stat:               true,
+			ListContainer:      true,
+			GetPath:            true,
+			CreateContainer:    true,
 			InitiateFileUpload: true,
 		},
 		ocsPermissions: PermissionCreate,
@@ -288,7 +259,6 @@ func NewManagerRole() *Role {
 	return &Role{
 		Name: RoleManager,
 		cS3ResourcePermissions: &provider.ResourcePermissions{
-			// read
 			GetPath:              true,
 			GetQuota:             true,
 			InitiateFileDownload: true,
@@ -297,21 +267,15 @@ func NewManagerRole() *Role {
 			ListFileVersions:     true,
 			ListRecycle:          true,
 			Stat:                 true,
-
-			// write
-			InitiateFileUpload: true,
-			RestoreFileVersion: true,
-			RestoreRecycleItem: true,
-			Move:               true,
-
-			// create
-			CreateContainer: true,
-
-			// delete
-			Delete:       true,
-			PurgeRecycle: true,
-
-			// grants. These permissions only make sense to enforce them in the root of the storage space.
+			InitiateFileUpload:   true,
+			RestoreFileVersion:   true,
+			RestoreRecycleItem:   true,
+			Move:                 true,
+			CreateContainer:      true,
+			Delete:               true,
+			PurgeRecycle:         true,
+
+			// these permissions only make sense to enforce them in the root of the storage space.
 			AddGrant:    true, // managers can add users to the space
 			RemoveGrant: true, // managers can remove users from the space
 			UpdateGrant: true,