fix Graph delete request leaks existence of space owncloud#5031

2403905 · May 8, 2023 · d69decd · d69decd
1 parent 428e696
commit d69decd
Show file tree

Hide file tree

Showing 7 changed files with 22 additions and 7 deletions.
diff --git a/changelog/unreleased/fix-leaks-existence.md b/changelog/unreleased/fix-leaks-existence.md
@@ -0,0 +1,6 @@
+Bugfix: Hide the existence of space when deleting/updating
+
+The "code": "notAllowed" changed to "code": "itemNotFound"
+
+https://github.com/owncloud/ocis/issues/5031
+https://github.com/owncloud/ocis/pull/6220
diff --git a/go.mod b/go.mod
@@ -321,3 +321,6 @@ require (
 )
 
 replace github.com/cs3org/go-cs3apis => github.com/c0rby/go-cs3apis v0.0.0-20230110100311-5b424f1baa35
+
+// TODO The temporal replacement
+replace github.com/cs3org/reva/v2 => github.com/2403905/reva/v2 v2.0.0-20230504205508-69238ad9d885
diff --git a/go.sum b/go.sum
@@ -388,6 +388,8 @@ contrib.go.opencensus.io/exporter/ocagent v0.4.12/go.mod h1:450APlNTSR6FrvC3CTRq
 contrib.go.opencensus.io/exporter/prometheus v0.4.2 h1:sqfsYl5GIY/L570iT+l93ehxaWJs2/OwXtiWwew3oAg=
 contrib.go.opencensus.io/exporter/prometheus v0.4.2/go.mod h1:dvEHbiKmgvbr5pjaF9fpw1KeYcjrnC1J8B+JKjsZyRQ=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/2403905/reva/v2 v2.0.0-20230504205508-69238ad9d885 h1:kXk+da30WxZIg87Uo86MLWUnCTgBDt0Qqj9/YFODvjk=
+github.com/2403905/reva/v2 v2.0.0-20230504205508-69238ad9d885/go.mod h1:VxBmpOvIKlgKLPOsHun+fABopzX+3ZELPAp3N5bQMsM=
 github.com/Azure/azure-pipeline-go v0.2.3/go.mod h1:x841ezTBIMG6O3lAcl8ATHnsOPVl2bqk7S3ta6S6u4k=
 github.com/Azure/azure-sdk-for-go v32.4.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/azure-storage-blob-go v0.14.0/go.mod h1:SMqIBi+SuiQH32bvyjngEewEeXoPfKMgWlBDaYf6fck=

diff --git a/services/graph/pkg/service/v0/drives.go b/services/graph/pkg/service/v0/drives.go
@@ -468,19 +468,19 @@ func (g Graph) UpdateDrive(w http.ResponseWriter, r *http.Request) {
 		switch resp.Status.GetCode() {
 		case cs3rpc.Code_CODE_NOT_FOUND:
 			logger.Debug().Interface("id", rid).Msg("could not update drive: drive not found")
-			errorcode.ItemNotFound.Render(w, r, http.StatusNotFound, resp.GetStatus().GetMessage())
+			errorcode.ItemNotFound.Render(w, r, http.StatusNotFound, "drive not found")
 			return
 		case cs3rpc.Code_CODE_PERMISSION_DENIED:
 			logger.Debug().Interface("id", rid).Msg("could not update drive, permission denied")
-			errorcode.NotAllowed.Render(w, r, http.StatusForbidden, resp.GetStatus().GetMessage())
+			errorcode.ItemNotFound.Render(w, r, http.StatusNotFound, "drive not found")
 			return
 		case cs3rpc.Code_CODE_INVALID_ARGUMENT:
 			logger.Debug().Interface("id", rid).Msg("could not update drive, invalid argument")
 			errorcode.NotAllowed.Render(w, r, http.StatusBadRequest, resp.GetStatus().GetMessage())
 			return
 		default:
 			logger.Debug().Interface("id", rid).Str("grpc", resp.GetStatus().GetMessage()).Msg("could not update drive: grpc error")
-			errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, resp.GetStatus().GetMessage())
+			errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, "grpc error")
 			return
 		}
 	}
@@ -1054,7 +1054,11 @@ func (g Graph) DeleteDrive(w http.ResponseWriter, r *http.Request) {
 		return
 	case cs3rpc.Code_CODE_PERMISSION_DENIED:
 		logger.Debug().Interface("id", rid).Msg("could not delete drive: permission denied")
-		errorcode.NotAllowed.Render(w, r, http.StatusForbidden, "permission denied to delete drive")
+		errorcode.ItemNotFound.Render(w, r, http.StatusNotFound, "drive not found")
+		return
+	case cs3rpc.Code_CODE_NOT_FOUND:
+		logger.Debug().Interface("id", rid).Msg("could not delete drive: drive not found")
+		errorcode.ItemNotFound.Render(w, r, http.StatusNotFound, "drive not found")
 		return
 	// don't expose internal error codes to the outside world
 	default:

diff --git a/tests/acceptance/features/apiSpaces/changeSpaces.feature b/tests/acceptance/features/apiSpaces/changeSpaces.feature
@@ -1,4 +1,4 @@
-@api 
+@api
 Feature: Change data of space
   As a user with space admin rights
   I want to be able to change the meta-data of a created space (increase the quota, change name, etc.)

diff --git a/tests/acceptance/features/apiSpaces/disableAndDeleteSpaces.feature b/tests/acceptance/features/apiSpaces/disableAndDeleteSpaces.feature
@@ -1,4 +1,4 @@
-@api 
+@api
 Feature: Disabling and deleting space
   As a manager of space
   I want to be able to disable the space first, then delete it.

diff --git a/tests/acceptance/features/apiSpaces/spaceManagement.feature b/tests/acceptance/features/apiSpaces/spaceManagement.feature
@@ -1,4 +1,4 @@
-@api 
+@api
 Feature: Space management
   As a user with space admin permission
   I want to be able to manage all existing project spaces