Spaces: Create Sharing role Manager

changelog/unreleased/sharing-manager-role.md

@@ -0,0 +1,5 @@
+Enhancement: New sharing role Manager
+
+The new Manager role is equivalent to a Co-Owner with the difference that a Manager can create grants on the root of the Space. This means inviting a user to a space will not require an action from them, as the Manager assigns the grants.
+
+https://github.com/cs3org/reva/pull/2065

internal/http/services/owncloud/ocs/conversions/role.go

@@ -48,6 +48,8 @@ const (
 	RoleCoowner string = "coowner"
 	// RoleUploader FIXME: uploader role with only write permission can use InitiateFileUpload, not anything else
 	RoleUploader string = "uploader"
+	// RoleManager grants manager permissions on a resource. Semantically equivalent to co-owner.
+	RoleManager string = "manager"
 )
 
 // CS3ResourcePermissions for the role
@@ -129,8 +131,11 @@ func RoleFromName(name string) *Role {
 		return NewCoownerRole()
 	case RoleUploader:
 		return NewUploaderRole()
+	case RoleManager:
+		return NewManagerRole()
+	default:
+		return NewUnknownRole()
 	}
-	return NewUnknownRole()
 }
 
 // NewUnknownRole creates an unknown role
@@ -278,6 +283,43 @@ func NewUploaderRole() *Role {
 	}
 }
 
+// NewManagerRole creates an editor role
+func NewManagerRole() *Role {
+	return &Role{
+		Name: RoleManager,
+		cS3ResourcePermissions: &provider.ResourcePermissions{
+			// read
+			GetPath:              true,
+			GetQuota:             true,
+			InitiateFileDownload: true,
+			ListGrants:           true,
+			ListContainer:        true,
+			ListFileVersions:     true,
+			ListRecycle:          true,
+			Stat:                 true,
+
+			// write
+			InitiateFileUpload: true,
+			RestoreFileVersion: true,
+			RestoreRecycleItem: true,
+			Move:               true,
+
+			// create
+			CreateContainer: true,
+
+			// delete
+			Delete:       true,
+			PurgeRecycle: true,
+
+			// grants. These permissions only make sense to enforce them in the root of the storage space.
+			AddGrant:    true, // managers can add users to the space
+			RemoveGrant: true, // managers can remove users from the space
+			UpdateGrant: true,
+		},
+		ocsPermissions: PermissionAll,
+	}
+}
+
 // RoleFromOCSPermissions tries to map ocs permissions to a role
 func RoleFromOCSPermissions(p Permissions) *Role {
 	if p.Contain(PermissionRead) {

pkg/storage/utils/decomposedfs/spaces.go

@@ -129,7 +129,7 @@ func (fs *Decomposedfs) CreateStorageSpace(ctx context.Context, req *provider.Cr
 				UserId: u.Id,
 			},
 		},
-		Permissions: ocsconv.NewEditorRole().CS3ResourcePermissions(),
+		Permissions: ocsconv.NewManagerRole().CS3ResourcePermissions(),
 	}); err != nil {
 		return nil, err
 	}