diff --git a/go.mod b/go.mod index f403088cff4..3c20554aa45 100644 --- a/go.mod +++ b/go.mod @@ -347,4 +347,4 @@ require ( replace github.com/go-micro/plugins/v4/store/nats-js => github.com/kobergj/plugins/v4/store/nats-js v1.2.1-0.20231020092801-9463c820c19a -replace github.com/cs3org/reva/v2 => github.com/micbar/reva/v2 v2.0.0-20231206082250-b15eeed274de +replace github.com/cs3org/reva/v2 => github.com/micbar/reva/v2 v2.0.0-20231206102158-0fd5eba44b02 diff --git a/go.sum b/go.sum index efbc85f5091..022b1fed5e9 100644 --- a/go.sum +++ b/go.sum @@ -1679,8 +1679,8 @@ github.com/maxymania/go-system v0.0.0-20170110133659-647cc364bf0b h1:Q53idHrTuQD github.com/maxymania/go-system v0.0.0-20170110133659-647cc364bf0b/go.mod h1:KirJrATYGbTyUwVR26xIkaipRqRcMRXBf8N5dacvGus= github.com/mendsley/gojwk v0.0.0-20141217222730-4d5ec6e58103 h1:Z/i1e+gTZrmcGeZyWckaLfucYG6KYOXLWo4co8pZYNY= github.com/mendsley/gojwk v0.0.0-20141217222730-4d5ec6e58103/go.mod h1:o9YPB5aGP8ob35Vy6+vyq3P3bWe7NQWzf+JLiXCiMaE= -github.com/micbar/reva/v2 v2.0.0-20231206082250-b15eeed274de h1:ctO6a3kWqu+Bn0HBGGCVPtREc9Q24rG3Ub2CxNcdG7A= -github.com/micbar/reva/v2 v2.0.0-20231206082250-b15eeed274de/go.mod h1:zcrrYVsBv/DwhpyO2/W5hoSZ/k6az6Z2EYQok65uqZY= +github.com/micbar/reva/v2 v2.0.0-20231206102158-0fd5eba44b02 h1:J28bUNh/2K4OUFJdWoCt6zGQF2QALu4K/r6H3bTYodQ= +github.com/micbar/reva/v2 v2.0.0-20231206102158-0fd5eba44b02/go.mod h1:zcrrYVsBv/DwhpyO2/W5hoSZ/k6az6Z2EYQok65uqZY= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.40/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= diff --git a/vendor/github.com/cs3org/reva/v2/internal/grpc/services/publicshareprovider/publicshareprovider.go b/vendor/github.com/cs3org/reva/v2/internal/grpc/services/publicshareprovider/publicshareprovider.go index 7abac602a3a..8687a4da459 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/grpc/services/publicshareprovider/publicshareprovider.go +++ b/vendor/github.com/cs3org/reva/v2/internal/grpc/services/publicshareprovider/publicshareprovider.go @@ -29,10 +29,12 @@ import ( rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1" link "github.com/cs3org/go-cs3apis/cs3/sharing/link/v1beta1" provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1" - typesv1beta1 "github.com/cs3org/go-cs3apis/cs3/types/v1beta1" "github.com/cs3org/reva/v2/pkg/password" + "github.com/cs3org/reva/v2/pkg/permission" "github.com/cs3org/reva/v2/pkg/rgrpc/todo/pool" "github.com/cs3org/reva/v2/pkg/sharedconf" + "github.com/cs3org/reva/v2/pkg/storage/utils/grants" + "github.com/cs3org/reva/v2/pkg/utils" "github.com/mitchellh/mapstructure" "github.com/pkg/errors" "google.golang.org/grpc" @@ -203,6 +205,8 @@ func (s *service) CreatePublicShare(ctx context.Context, req *link.CreatePublicS return nil, err } + isInternalLink := grants.PermissionsEqual(req.GetGrant().GetPermissions().GetPermissions(), &provider.ResourcePermissions{}) + sRes, err := gatewayClient.Stat(ctx, &provider.StatRequest{Ref: &provider.Reference{ResourceId: req.GetResourceInfo().GetId()}}) if err != nil { log.Err(err).Interface("resource_id", req.GetResourceInfo().GetId()).Msg("failed to stat resource to share") @@ -210,6 +214,23 @@ func (s *service) CreatePublicShare(ctx context.Context, req *link.CreatePublicS Status: status.NewInternal(ctx, "failed to stat resource to share"), }, err } + + // all users can create internal links + if !isInternalLink { + // check if the user has the permission in the user role + ok, err := utils.CheckPermission(ctx, permission.WritePublicLink, gatewayClient) + if err != nil { + return &link.CreatePublicShareResponse{ + Status: status.NewInternal(ctx, "failed check user permission to write public link"), + }, err + } + if !ok { + return &link.CreatePublicShareResponse{ + Status: status.NewPermissionDenied(ctx, nil, "no permission to create public links"), + }, nil + } + } + // check that user has share permissions if !sRes.GetInfo().GetPermissionSet().AddGrant { return &link.CreatePublicShareResponse{ @@ -269,7 +290,7 @@ func (s *service) CreatePublicShare(ctx context.Context, req *link.CreatePublicS // validate expiration date if grant.GetExpiration() != nil { - expirationDateTime := cs3TimestampToTime(grant.GetExpiration()).UTC() + expirationDateTime := utils.TSToTime(grant.GetExpiration()).UTC() if expirationDateTime.Before(time.Now().UTC()) { msg := fmt.Sprintf("expiration date is in the past: %s", expirationDateTime.Format(time.RFC3339)) return &link.CreatePublicShareResponse{ @@ -280,7 +301,7 @@ func (s *service) CreatePublicShare(ctx context.Context, req *link.CreatePublicS // enforce password if needed setPassword := grant.GetPassword() - if enforcePassword(grant, s.conf) && len(setPassword) == 0 { + if !isInternalLink && enforcePassword(grant, s.conf) && len(setPassword) == 0 { return &link.CreatePublicShareResponse{ Status: status.NewInvalidArg(ctx, "password protection is enforced"), }, nil @@ -465,10 +486,7 @@ func enforcePassword(grant *link.Grant, conf *config) bool { return true } isReadOnly := conversions.SufficientCS3Permissions(conversions.NewViewerRole(true).CS3ResourcePermissions(), grant.GetPermissions().GetPermissions()) - if !isReadOnly && conf.WriteableShareMustHavePassword { - return true - } - return false + return !isReadOnly && conf.WriteableShareMustHavePassword } func checkQuicklink(info *provider.ResourceInfo) (bool, error) { @@ -489,7 +507,3 @@ func checkQuicklink(info *provider.ResourceInfo) (bool, error) { } return false, nil } - -func cs3TimestampToTime(t *typesv1beta1.Timestamp) time.Time { - return time.Unix(int64(t.Seconds), int64(t.Nanos)) -} diff --git a/vendor/modules.txt b/vendor/modules.txt index f2319dbbc20..22ef94b2586 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -357,7 +357,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1 github.com/cs3org/go-cs3apis/cs3/types/v1beta1 -# github.com/cs3org/reva/v2 v2.16.1-0.20231201122033-a389ddc645c4 => github.com/micbar/reva/v2 v2.0.0-20231206082250-b15eeed274de +# github.com/cs3org/reva/v2 v2.16.1-0.20231201122033-a389ddc645c4 => github.com/micbar/reva/v2 v2.0.0-20231206102158-0fd5eba44b02 ## explicit; go 1.20 github.com/cs3org/reva/v2/cmd/revad/internal/grace github.com/cs3org/reva/v2/cmd/revad/runtime @@ -2276,4 +2276,4 @@ stash.kopano.io/kgol/oidc-go ## explicit; go 1.13 stash.kopano.io/kgol/rndm # github.com/go-micro/plugins/v4/store/nats-js => github.com/kobergj/plugins/v4/store/nats-js v1.2.1-0.20231020092801-9463c820c19a -# github.com/cs3org/reva/v2 => github.com/micbar/reva/v2 v2.0.0-20231206082250-b15eeed274de +# github.com/cs3org/reva/v2 => github.com/micbar/reva/v2 v2.0.0-20231206102158-0fd5eba44b02