Skip to content

Commit

Permalink
Check if user belongs to admin group for the specific project
Browse files Browse the repository at this point in the history
  • Loading branch information
@ishank011
ishank011 committed Oct 12, 2021
1 parent 0a09152 commit fe99a6b
Showing 1 changed file with 16 additions and 8 deletions.
24 changes: 16 additions & 8 deletions pkg/cbox/storage/eoswrapper/eoswrapper.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import (
"github.com/Masterminds/sprig"
provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
ctxpkg "github.com/cs3org/reva/pkg/ctx"
"github.com/cs3org/reva/pkg/errtypes"
"github.com/cs3org/reva/pkg/storage"
"github.com/cs3org/reva/pkg/storage/fs/registry"
"github.com/cs3org/reva/pkg/storage/utils/eosfs"
Expand All @@ -39,16 +40,15 @@ func init() {
}

const (
eosProjectsNamespace = "/eos/project"
eosProjectsNamespace = "/eos/project/"

// We can use a regex for these, but that might have inferior performance
projectSpaceGroupsPrefix = "cernbox-project-"
projectSpaceAdminGroups = "-admins"
projectSpaceGroupsPrefix = "cernbox-project-"
projectSpaceAdminGroupsSuffix = "-admins"
)

type wrapper struct {
storage.FS
config *eosfs.Config
mountIDTemplate *template.Template
}

Expand Down Expand Up @@ -90,7 +90,7 @@ func New(m map[string]interface{}) (storage.FS, error) {
return nil, err
}

return &wrapper{FS: eos, config: c, mountIDTemplate: mountIDTemplate}, nil
return &wrapper{FS: eos, mountIDTemplate: mountIDTemplate}, nil
}

// We need to override the two methods, GetMD and ListFolder to fill the
Expand Down Expand Up @@ -142,13 +142,21 @@ func (w *wrapper) getMountID(ctx context.Context, r *provider.ResourceInfo) stri
}

func (w *wrapper) setProjectSharingPermissions(ctx context.Context, r *provider.ResourceInfo) error {
if strings.HasPrefix(w.config.Namespace, eosProjectsNamespace) {
if strings.HasPrefix(r.Path, eosProjectsNamespace) {

// Extract project name from the path resembling /eos/project/c/cernbox/minutes/..
path := strings.TrimPrefix(r.Path, eosProjectsNamespace)
parts := strings.SplitN(path, "/", 3)
if len(parts) != 3 {
return errtypes.BadRequest("eoswrapper: path does not follow the allowed format")
}
adminGroup := projectSpaceGroupsPrefix + parts[1] + projectSpaceAdminGroupsSuffix

var userHasSharingAccess bool
user := ctxpkg.ContextMustGetUser(ctx)

for _, g := range user.Groups {
// Check if user is present in the admins groups
if strings.HasPrefix(g, projectSpaceGroupsPrefix) && strings.HasSuffix(g, projectSpaceAdminGroups) {
if g == adminGroup {
userHasSharingAccess = true
break
}
Expand Down

0 comments on commit fe99a6b

Please sign in to comment.