Skip to content

Commit

Permalink
Merge pull request #4852 from kobergj/FixPubliclinkUser
Browse files Browse the repository at this point in the history 
Indicate publiclink access
  • Loading branch information
@kobergj
kobergj authored Sep 24, 2024
2 parents 104b905 + 4520b19 commit 21f62e9
Show file tree
Hide file tree
Showing 10 changed files with 278 additions and 217 deletions.
5 changes: 5 additions & 0 deletions changelog/unreleased/fix-publiclink-user.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Bugfix: Populate public link user correctly

When authenticating via public link, always add the `public` user instead of the link owner

https://github.com/cs3org/reva/pull/4852
197 changes: 108 additions & 89 deletions internal/grpc/interceptors/eventsmiddleware/conversion.go
View file

Large diffs are not rendered by default.

62 changes: 29 additions & 33 deletions internal/grpc/interceptors/eventsmiddleware/events.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,129 +73,125 @@ func NewUnary(m map[string]interface{}) (grpc.UnaryServerInterceptor, int, error
default:
}

var executantID *user.UserId
u, ok := revactx.ContextGetUser(ctx)
if ok {
executantID = u.Id
}
executant, _ := revactx.ContextGetUser(ctx)

var ev interface{}
switch v := res.(type) {
case *collaboration.CreateShareResponse:
if isSuccess(v) {
ev = ShareCreated(v, executantID)
ev = ShareCreated(v, executant)
}
case *collaboration.RemoveShareResponse:
if isSuccess(v) {
ev = ShareRemoved(v, req.(*collaboration.RemoveShareRequest), executantID)
ev = ShareRemoved(v, req.(*collaboration.RemoveShareRequest), executant)
}
case *collaboration.UpdateShareResponse:
if isSuccess(v) {
ev = ShareUpdated(v, req.(*collaboration.UpdateShareRequest), executantID)
ev = ShareUpdated(v, req.(*collaboration.UpdateShareRequest), executant)
}
case *collaboration.UpdateReceivedShareResponse:
if isSuccess(v) {
ev = ReceivedShareUpdated(v, executantID)
ev = ReceivedShareUpdated(v, executant)
}
case *link.CreatePublicShareResponse:
if isSuccess(v) {
ev = LinkCreated(v, executantID)
ev = LinkCreated(v, executant)
}
case *link.UpdatePublicShareResponse:
if isSuccess(v) {
ev = LinkUpdated(v, req.(*link.UpdatePublicShareRequest), executantID)
ev = LinkUpdated(v, req.(*link.UpdatePublicShareRequest), executant)
}
case *link.RemovePublicShareResponse:
if isSuccess(v) {
ev = LinkRemoved(v, req.(*link.RemovePublicShareRequest), executantID)
ev = LinkRemoved(v, req.(*link.RemovePublicShareRequest), executant)
}
case *link.GetPublicShareByTokenResponse:
if isSuccess(v) {
ev = LinkAccessed(v, executantID)
ev = LinkAccessed(v, executant)
} else {
ev = LinkAccessFailed(v, req.(*link.GetPublicShareByTokenRequest), executantID)
ev = LinkAccessFailed(v, req.(*link.GetPublicShareByTokenRequest), executant)
}
case *provider.AddGrantResponse:
// TODO: update CS3 APIs
// FIXME these should be part of the RemoveGrantRequest object
// https://github.com/owncloud/ocis/issues/4312
r := req.(*provider.AddGrantRequest)
if isSuccess(v) && utils.ExistsInOpaque(r.Opaque, "spacegrant") {
ev = SpaceShared(v, r, executantID)
ev = SpaceShared(v, r, executant)
}
case *provider.UpdateGrantResponse:
r := req.(*provider.UpdateGrantRequest)
if isSuccess(v) && utils.ExistsInOpaque(r.Opaque, "spacegrant") {
ev = SpaceShareUpdated(v, r, executantID)
ev = SpaceShareUpdated(v, r, executant)
}
case *provider.RemoveGrantResponse:
r := req.(*provider.RemoveGrantRequest)
if isSuccess(v) && utils.ExistsInOpaque(r.Opaque, "spacegrant") {
ev = SpaceUnshared(v, req.(*provider.RemoveGrantRequest), executantID)
ev = SpaceUnshared(v, req.(*provider.RemoveGrantRequest), executant)
}
case *provider.CreateContainerResponse:
if isSuccess(v) {
ev = ContainerCreated(v, req.(*provider.CreateContainerRequest), ownerID, executantID)
ev = ContainerCreated(v, req.(*provider.CreateContainerRequest), ownerID, executant)
}
case *provider.InitiateFileDownloadResponse:
if isSuccess(v) {
ev = FileDownloaded(v, req.(*provider.InitiateFileDownloadRequest), executantID)
ev = FileDownloaded(v, req.(*provider.InitiateFileDownloadRequest), executant)
}
case *provider.DeleteResponse:
if isSuccess(v) {
ev = ItemTrashed(v, req.(*provider.DeleteRequest), ownerID, executantID)
ev = ItemTrashed(v, req.(*provider.DeleteRequest), ownerID, executant)
}
case *provider.MoveResponse:
if isSuccess(v) {
ev = ItemMoved(v, req.(*provider.MoveRequest), ownerID, executantID)
ev = ItemMoved(v, req.(*provider.MoveRequest), ownerID, executant)
}
case *provider.PurgeRecycleResponse:
if isSuccess(v) {
ev = ItemPurged(v, req.(*provider.PurgeRecycleRequest), executantID)
ev = ItemPurged(v, req.(*provider.PurgeRecycleRequest), executant)
}
case *provider.RestoreRecycleItemResponse:
if isSuccess(v) {
ev = ItemRestored(v, req.(*provider.RestoreRecycleItemRequest), ownerID, executantID)
ev = ItemRestored(v, req.(*provider.RestoreRecycleItemRequest), ownerID, executant)
}
case *provider.RestoreFileVersionResponse:
if isSuccess(v) {
ev = FileVersionRestored(v, req.(*provider.RestoreFileVersionRequest), ownerID, executantID)
ev = FileVersionRestored(v, req.(*provider.RestoreFileVersionRequest), ownerID, executant)
}
case *provider.CreateStorageSpaceResponse:
if isSuccess(v) && v.StorageSpace != nil { // TODO: Why are there CreateStorageSpaceResponses with nil StorageSpace?
ev = SpaceCreated(v, executantID)
ev = SpaceCreated(v, executant)
}
case *provider.UpdateStorageSpaceResponse:
if isSuccess(v) {
r := req.(*provider.UpdateStorageSpaceRequest)
if r.StorageSpace.Name != "" {
ev = SpaceRenamed(v, r, executantID)
ev = SpaceRenamed(v, r, executant)
} else if utils.ExistsInOpaque(r.Opaque, "restore") {
ev = SpaceEnabled(v, r, executantID)
ev = SpaceEnabled(v, r, executant)
} else {
ev = SpaceUpdated(v, r, executantID)
ev = SpaceUpdated(v, r, executant)
}
}
case *provider.DeleteStorageSpaceResponse:
if isSuccess(v) {
r := req.(*provider.DeleteStorageSpaceRequest)
if utils.ExistsInOpaque(r.Opaque, "purge") {
ev = SpaceDeleted(v, r, executantID)
ev = SpaceDeleted(v, r, executant)
} else {
ev = SpaceDisabled(v, r, executantID)
ev = SpaceDisabled(v, r, executant)
}
}
case *provider.TouchFileResponse:
if isSuccess(v) {
ev = FileTouched(v, req.(*provider.TouchFileRequest), ownerID, executantID)
ev = FileTouched(v, req.(*provider.TouchFileRequest), ownerID, executant)
}
case *provider.SetLockResponse:
if isSuccess(v) {
ev = FileLocked(v, req.(*provider.SetLockRequest), ownerID, executantID)
ev = FileLocked(v, req.(*provider.SetLockRequest), ownerID, executant)
}
case *provider.UnlockResponse:
if isSuccess(v) {
ev = FileUnlocked(v, req.(*provider.UnlockRequest), ownerID, executantID)
ev = FileUnlocked(v, req.(*provider.UnlockRequest), ownerID, executant)
}
}

Expand Down
2 changes: 2 additions & 0 deletions pkg/auth/manager/ocmshares/ocmshares.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,8 @@ func (m *manager) Authenticate(ctx context.Context, ocmshare, sharedSecret strin
},
}

user.Opaque = utils.AppendJSONToOpaque(user.Opaque, "impersonating-user", userRes.RemoteUser)

return user, scope, nil
}

Expand Down
7 changes: 5 additions & 2 deletions pkg/auth/manager/publicshares/publicshares.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ import (

authpb "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1"
user "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
userprovider "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
rpcv1beta1 "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
link "github.com/cs3org/go-cs3apis/cs3/sharing/link/v1beta1"
types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
Expand All @@ -34,6 +33,7 @@ import (
"github.com/cs3org/reva/v2/pkg/auth/scope"
"github.com/cs3org/reva/v2/pkg/errtypes"
"github.com/cs3org/reva/v2/pkg/rgrpc/todo/pool"
"github.com/cs3org/reva/v2/pkg/utils"
"github.com/mitchellh/mapstructure"
"github.com/pkg/errors"
)
Expand Down Expand Up @@ -132,7 +132,7 @@ func (m *manager) Authenticate(ctx context.Context, token, secret string) (*user
if publicShareResponse.GetShare().GetOwner().GetType() == 8 {
owner = &user.User{Id: publicShareResponse.GetShare().GetOwner(), DisplayName: "Public", Username: "public"}
} else {
getUserResponse, err := gwConn.GetUser(ctx, &userprovider.GetUserRequest{
getUserResponse, err := gwConn.GetUser(ctx, &user.GetUserRequest{
UserId: publicShareResponse.GetShare().GetCreator(),
})
switch {
Expand Down Expand Up @@ -173,6 +173,9 @@ func (m *manager) Authenticate(ctx context.Context, token, secret string) (*user
},
}

u := &user.User{Id: &user.UserId{OpaqueId: token, Idp: "public", Type: user.UserType_USER_TYPE_GUEST}, DisplayName: "Public", Username: "public"}
owner.Opaque = utils.AppendJSONToOpaque(owner.Opaque, "impersonating-user", u)

return owner, scope, nil
}

Expand Down
Loading

0 comments on commit 21f62e9

Please sign in to comment.