Allow to remove expires_at/password for a permission

cozy · Jan 13, 2025 · bd682ef · bd682ef
1 parent 411b5ca
commit bd682ef
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 9 deletions.
diff --git a/docs/permissions.md b/docs/permissions.md
@@ -415,6 +415,9 @@ give the contacts application the permissions to use it.
 
 This route also accepts a [document metadata](https://github.com/cozy/cozy-doctypes/#document-metadata) to update document informations.
 
+Giving an empty string for `password` or `expires_at` will remove it (while
+omitting the field will keep the old value).
+
 #### Request to add / remove codes with a document metadata
 
 ```http
@@ -472,6 +475,34 @@ Accept: application/vnd.api+json
 }
 ```
 
+#### Request to remove the password and the expiration date of the sharing link
+
+```http
+PATCH /permissions/a340d5e0-d647-11e6-b66c-5fc9ce1e17c6 HTTP/1.1
+Host: cozy.example.net
+Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
+Content-Type: application/vnd.api+json
+Accept: application/vnd.api+json
+```
+
+```json
+{
+    "data": {
+        "id": "a340d5e0-d647-11e6-b66c-5fc9ce1e17c6",
+        "type": "io.cozy.permissions",
+        "attributes": {
+            "password": "",
+            "expires_at": ""
+        },
+        "cozyMetadata": {
+            "doctypeVersion": 1,
+            "metadataVersion": 1,
+            "updatedAt": "2019-05-14T12:00:37.372193145+02:00"
+        }
+    }
+}
+```
+
 #### Request to add permissions
 
 ```http

diff --git a/model/permission/permissions.go b/model/permission/permissions.go
@@ -31,7 +31,7 @@ type Permission struct {
 	Type        string            `json:"type,omitempty"`
 	SourceID    string            `json:"source_id,omitempty"`
 	Permissions Set               `json:"permissions,omitempty"`
-	ExpiresAt   *time.Time        `json:"expires_at,omitempty"`
+	ExpiresAt   interface{}       `json:"expires_at,omitempty"`
 	Codes       map[string]string `json:"codes,omitempty"`
 	ShortCodes  map[string]string `json:"shortcodes,omitempty"`
 	Password    interface{}       `json:"password,omitempty"`
@@ -113,7 +113,12 @@ func (p *Permission) Expired() bool {
 	if p.ExpiresAt == nil {
 		return false
 	}
-	return p.ExpiresAt.Before(time.Now())
+	if expiresAt, _ := p.ExpiresAt.(string); expiresAt != "" {
+		if at, err := time.Parse(time.RFC3339, expiresAt); err == nil {
+			return at.Before(time.Now())
+		}
+	}
+	return true
 }
 
 // AddRules add some rules to the permission doc

diff --git a/web/permissions/permissions.go b/web/permissions/permissions.go
@@ -375,15 +375,27 @@ func patchPermission(getPerms getPermsFunc, paramName string) echo.HandlerFunc {
 			}
 		}
 
-		if pass, _ := patch.Password.(string); pass != "" {
-			hash, err := crypto.GenerateFromPassphrase([]byte(pass))
-			if err != nil {
-				return err
+		if pass, ok := patch.Password.(string); ok {
+			if pass == "" {
+				toPatch.Password = nil
+			} else {
+				hash, err := crypto.GenerateFromPassphrase([]byte(pass))
+				if err != nil {
+					return err
+				}
+				toPatch.Password = hash
 			}
-			toPatch.Password = hash
 		}
-		if patch.ExpiresAt != nil {
-			toPatch.ExpiresAt = patch.ExpiresAt
+		if at, ok := patch.ExpiresAt.(string); ok {
+			if patch.ExpiresAt == "" {
+				toPatch.ExpiresAt = nil
+			} else {
+				expiresAt, err := time.Parse(time.RFC3339, at)
+				if err != nil {
+					return jsonapi.InvalidAttribute("expires_at", err)
+				}
+				toPatch.ExpiresAt = expiresAt
+			}
 		}
 
 		if patchCodes {