From 873e85869bedeaace881fe64aa3ce08813d6147b Mon Sep 17 00:00:00 2001 From: Gianmaria Del Monte <39946305+gmgigi96@users.noreply.github.com> Date: Wed, 2 Mar 2022 09:46:38 +0100 Subject: [PATCH] eos: Use sys ACLs for file permissions (#2494) --- changelog/unreleased/eos-sys-acl-files.md | 3 ++ pkg/eosclient/eosbinary/eosbinary.go | 38 +++-------------------- pkg/eosclient/eosgrpc/eosgrpc.go | 17 ---------- 3 files changed, 7 insertions(+), 51 deletions(-) create mode 100644 changelog/unreleased/eos-sys-acl-files.md diff --git a/changelog/unreleased/eos-sys-acl-files.md b/changelog/unreleased/eos-sys-acl-files.md new file mode 100644 index 0000000000..3836fa6830 --- /dev/null +++ b/changelog/unreleased/eos-sys-acl-files.md @@ -0,0 +1,3 @@ +Enhancement: Use sys ACLs for file permissions + +https://github.com/cs3org/reva/pull/2494 \ No newline at end of file diff --git a/pkg/eosclient/eosbinary/eosbinary.go b/pkg/eosclient/eosbinary/eosbinary.go index 0da98de2d6..e77bf8472b 100644 --- a/pkg/eosclient/eosbinary/eosbinary.go +++ b/pkg/eosclient/eosbinary/eosbinary.go @@ -45,7 +45,6 @@ import ( const ( versionPrefix = ".sys.v#." lwShareAttrKey = "reva.lwshare" - userACLEvalKey = "eval.useracl" ) const ( @@ -323,20 +322,9 @@ func (c *Client) AddACL(ctx context.Context, auth, rootAuth eosclient.Authorizat } sysACL := a.CitrineSerialize() - args := []string{"acl"} - + args := []string{"acl", "--sys"} if finfo.IsDir { - args = append(args, "--sys", "--recursive") - } else { - args = append(args, "--user") - userACLAttr := &eosclient.Attribute{ - Type: SystemAttr, - Key: userACLEvalKey, - Val: "1", - } - if err = c.SetAttr(ctx, auth, userACLAttr, false, path); err != nil { - return err - } + args = append(args, "--recursive") } // set position of ACLs to add. The default is to append to the end, so no arguments will be added in this case @@ -387,11 +375,9 @@ func (c *Client) RemoveACL(ctx context.Context, auth, rootAuth eosclient.Authori } sysACL := a.CitrineSerialize() - args := []string{"acl"} + args := []string{"acl", "--sys"} if finfo.IsDir { - args = append(args, "--sys", "--recursive") - } else { - args = append(args, "--user") + args = append(args, "--recursive") } args = append(args, sysACL, path) @@ -1121,22 +1107,6 @@ func (c *Client) mapToFileInfo(kv, attrs map[string]string) (*eosclient.FileInfo return nil, err } - // Read user ACLs if sys.eval.useracl is set - if userACLEval, ok := attrs["sys."+userACLEvalKey]; ok && userACLEval == "1" { - if userACL, ok := attrs["user.acl"]; ok { - userAcls, err := acl.Parse(userACL, acl.ShortTextForm) - if err != nil { - return nil, err - } - for _, e := range userAcls.Entries { - err = sysACL.SetEntry(e.Type, e.Qualifier, e.Permissions) - if err != nil { - return nil, err - } - } - } - } - // Read lightweight ACLs recognized by the sys.reva.lwshare attr if lwACLStr, ok := attrs["sys."+lwShareAttrKey]; ok { lwAcls, err := acl.Parse(lwACLStr, acl.ShortTextForm) diff --git a/pkg/eosclient/eosgrpc/eosgrpc.go b/pkg/eosclient/eosgrpc/eosgrpc.go index 8cd4c62b6a..eec5cf89af 100644 --- a/pkg/eosclient/eosgrpc/eosgrpc.go +++ b/pkg/eosclient/eosgrpc/eosgrpc.go @@ -49,7 +49,6 @@ import ( const ( versionPrefix = ".sys.v#." // lwShareAttrKey = "reva.lwshare" - userACLEvalKey = "eval.useracl" ) const ( @@ -502,22 +501,6 @@ func (c *Client) fixupACLs(ctx context.Context, auth eosclient.Authorization, in } } - // Read user ACLs if sys.eval.useracl is set - if userACLEval, ok := info.Attrs["sys."+userACLEvalKey]; ok && userACLEval == "1" { - if userACL, ok := info.Attrs["user.acl"]; ok { - userAcls, err := acl.Parse(userACL, acl.ShortTextForm) - if err != nil { - return nil - } - for _, e := range userAcls.Entries { - err = info.SysACL.SetEntry(e.Type, e.Qualifier, e.Permissions) - if err != nil { - return nil - } - } - } - } - // We need to inherit the ACLs for the parent directory as these are not available for files if !info.IsDir { parentInfo, err := c.GetFileInfoByPath(ctx, auth, path.Dir(info.File))