From 803a0a5c3814da24aba3858400153bab07c6868b Mon Sep 17 00:00:00 2001
From: Florian Schade <f.schade@icloud.com>
Date: Fri, 23 Aug 2024 11:57:43 +0200
Subject: [PATCH] fix: l10n make path, validation context key type and
 available role env

---
 .drone.star                                            |  2 +-
 .../unreleased/enhancement-unified-roles-management.md |  2 +-
 services/graph/Makefile                                |  2 +-
 services/graph/pkg/config/unified_roles.go             |  2 +-
 services/graph/pkg/validate/libregraph.go              | 10 ++++++----
 5 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/.drone.star b/.drone.star
index 2bb50838264..3b699595b91 100644
--- a/.drone.star
+++ b/.drone.star
@@ -2104,7 +2104,7 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
         "NATS_NATS_PORT": 9233,
         "OCIS_JWT_SECRET": "some-ocis-jwt-secret",
         "EVENTHISTORY_STORE": "memory",
-        "UNIFIED_ROLES_AVAILABLE_ROLES": "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6",
+        "GRAPH_AVAILABLE_ROLES": "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6",
     }
 
     if deploy_type == "":
diff --git a/changelog/unreleased/enhancement-unified-roles-management.md b/changelog/unreleased/enhancement-unified-roles-management.md
index da1faec415d..6ecf95fb2cb 100644
--- a/changelog/unreleased/enhancement-unified-roles-management.md
+++ b/changelog/unreleased/enhancement-unified-roles-management.md
@@ -20,7 +20,7 @@ The following roles are now disabled by default:
 
 To enable the UnifiedRoleSecureViewer role, you must provide a list of all available roles through one of the following methods:
 
-- Using the UNIFIED_ROLES_AVAILABLE_ROLES environment variable.
+- Using the GRAPH_AVAILABLE_ROLES environment variable.
 - Setting the available_roles configuration value.
 
 To enable a role, include the UID of the role in the list of available roles.
diff --git a/services/graph/Makefile b/services/graph/Makefile
index 2119f6ed5fd..7f78ab9e511 100644
--- a/services/graph/Makefile
+++ b/services/graph/Makefile
@@ -45,7 +45,7 @@ l10n-push:
 
 .PHONY: l10n-read
 l10n-read: $(GO_XGETTEXT)
-	go-xgettext -o $(OUTPUT_DIR)/graph.pot --keyword=l10n.Template --add-comments -s pkg/service/v0/spacetemplates.go -s pkg/unifiedrole/unifiedrole.go
+	go-xgettext -o $(OUTPUT_DIR)/graph.pot --keyword=l10n.Template --add-comments -s pkg/service/v0/spacetemplates.go -s pkg/unifiedrole/roles.go
 
 .PHONY: l10n-write
 l10n-write:
diff --git a/services/graph/pkg/config/unified_roles.go b/services/graph/pkg/config/unified_roles.go
index 204b3e37564..08a1f843465 100644
--- a/services/graph/pkg/config/unified_roles.go
+++ b/services/graph/pkg/config/unified_roles.go
@@ -2,5 +2,5 @@ package config
 
 // UnifiedRoles contains all settings related to unified roles.
 type UnifiedRoles struct {
-	AvailableRoles []string `yaml:"available_roles" env:"UNIFIED_ROLES_AVAILABLE_ROLES" desc:"A list of roles that are available for assignment." introductionVersion:"%%NEXT%%"`
+	AvailableRoles []string `yaml:"available_roles" env:"GRAPH_AVAILABLE_ROLES" desc:"A list of roles that are available for assignment." introductionVersion:"%%NEXT%%"`
 }
diff --git a/services/graph/pkg/validate/libregraph.go b/services/graph/pkg/validate/libregraph.go
index 4a3dce46df9..7d3c77c7d34 100644
--- a/services/graph/pkg/validate/libregraph.go
+++ b/services/graph/pkg/validate/libregraph.go
@@ -10,8 +10,10 @@ import (
 	"github.com/owncloud/ocis/v2/services/graph/pkg/unifiedrole"
 )
 
-var (
-	_contextRoleIDsValueKey = "roleFilterIDs"
+type contextKey int
+
+const (
+	ContextKeyRoleIDsValueKey contextKey = iota
 )
 
 // initLibregraph initializes libregraph validation
@@ -88,7 +90,7 @@ func rolesAndActions(ctx context.Context, sl validator.StructLevel, roles, actio
 	var availableActions []string
 	var definitions []*libregraph.UnifiedRoleDefinition
 
-	switch roles, ok := ctx.Value(_contextRoleIDsValueKey).([]string); {
+	switch roles, ok := ctx.Value(ContextKeyRoleIDsValueKey).([]string); {
 	case ok:
 		definitions = unifiedrole.GetRoles(unifiedrole.RoleFilterIDs(roles...))
 	default:
@@ -133,5 +135,5 @@ func rolesAndActions(ctx context.Context, sl validator.StructLevel, roles, actio
 
 // ContextWithAllowedRoleIDs returns a new context which includes the allowed role IDs.
 func ContextWithAllowedRoleIDs(ctx context.Context, rolesIds []string) context.Context {
-	return context.WithValue(ctx, _contextRoleIDsValueKey, rolesIds)
+	return context.WithValue(ctx, ContextKeyRoleIDsValueKey, rolesIds)
 }