From 815f226441b096a71ef3bb47a8bf76ed2b2f28fd Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Thu, 21 Dec 2023 15:08:33 +0100 Subject: [PATCH] publicsshareprovider: Allow creating/updating public links on received shares The permission check when trying to create an internal link of a received share did work correctly. Internal links have all Permissions set to false. The 'SufficientCS3Permissions' method treats an all-false PermissionSet as a deny grant, which a wrong in the public link case. We can skip the 'SufficientCS3Permissions' check for internal links however, since the creation of a internal link should always be allowed as long as the user has the 'AddGrant' permission. Related Issue: https://github.com/owncloud/ocis/issues/8039 --- changelog/unreleased/fix-internallink-permission-check.md | 7 +++++++ .../services/publicshareprovider/publicshareprovider.go | 7 +++++-- 2 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 changelog/unreleased/fix-internallink-permission-check.md diff --git a/changelog/unreleased/fix-internallink-permission-check.md b/changelog/unreleased/fix-internallink-permission-check.md new file mode 100644 index 0000000000..a75d164e1d --- /dev/null +++ b/changelog/unreleased/fix-internallink-permission-check.md @@ -0,0 +1,7 @@ +Bugfix: Internal link creation + +We fix the permission checks for creating and updating public share so that it is +possible again to create internal links for received shares. + +https://github.com/cs3org/reva/pull/xxxx +https://github.com/owncloud/ocis/issues/8039 diff --git a/internal/grpc/services/publicshareprovider/publicshareprovider.go b/internal/grpc/services/publicshareprovider/publicshareprovider.go index 4cfd98cb26..201b2c0f97 100644 --- a/internal/grpc/services/publicshareprovider/publicshareprovider.go +++ b/internal/grpc/services/publicshareprovider/publicshareprovider.go @@ -241,8 +241,10 @@ func (s *service) CreatePublicShare(ctx context.Context, req *link.CreatePublicS }, nil } - // check if the user can share with the desired permissions - if !conversions.SufficientCS3Permissions(sRes.GetInfo().GetPermissionSet(), req.GetGrant().GetPermissions().GetPermissions()) { + // check if the user can share with the desired permissions. For internal links this is skipped, + // users can always create internal links provided they have the AddGrant permission, which was already + // checked above + if !isInternalLink && !conversions.SufficientCS3Permissions(sRes.GetInfo().GetPermissionSet(), req.GetGrant().GetPermissions().GetPermissions()) { return &link.CreatePublicShareResponse{ Status: status.NewInvalidArg(ctx, "insufficient permissions to create that kind of share"), }, nil @@ -512,6 +514,7 @@ func (s *service) UpdatePublicShare(ctx context.Context, req *link.UpdatePublicS // check if the user can change the permissions to the desired permissions updatePermissions := req.GetUpdate().GetType() == link.UpdatePublicShareRequest_Update_TYPE_PERMISSIONS if updatePermissions && + !isInternalLink && !conversions.SufficientCS3Permissions( sRes.GetInfo().GetPermissionSet(), req.GetUpdate().GetGrant().GetPermissions().GetPermissions(),