From 22c536b337cc2cb1ba53e432ce95fc238fdfc3f0 Mon Sep 17 00:00:00 2001
From: jkoberg <jkoberg@owncloud.com>
Date: Mon, 28 Mar 2022 13:22:49 +0200
Subject: [PATCH] allow links without permissions

Signed-off-by: jkoberg <jkoberg@owncloud.com>
---
 .../owncloud/ocs/conversions/permissions.go   |  2 +-
 .../services/owncloud/ocs/conversions/role.go | 13 +++++++
 .../handlers/apps/sharing/shares/shares.go    | 34 ++++++++++---------
 3 files changed, 32 insertions(+), 17 deletions(-)

diff --git a/internal/http/services/owncloud/ocs/conversions/permissions.go b/internal/http/services/owncloud/ocs/conversions/permissions.go
index 4d860fb6943..a580c8ce10e 100644
--- a/internal/http/services/owncloud/ocs/conversions/permissions.go
+++ b/internal/http/services/owncloud/ocs/conversions/permissions.go
@@ -51,7 +51,7 @@ var (
 // The value must be in the valid range.
 func NewPermissions(val int) (Permissions, error) {
 	if val == int(PermissionInvalid) {
-		return PermissionInvalid, fmt.Errorf("permissions %d out of range %d - %d", val, PermissionRead, PermissionAll)
+		return PermissionInvalid, nil //fmt.Errorf("permissions %d out of range %d - %d", val, PermissionRead, PermissionAll)
 	} else if val < int(PermissionInvalid) || int(PermissionAll) < val {
 		return PermissionInvalid, ErrPermissionNotInRange
 	}
diff --git a/internal/http/services/owncloud/ocs/conversions/role.go b/internal/http/services/owncloud/ocs/conversions/role.go
index 6d0e786b296..e7a97b4ddd6 100644
--- a/internal/http/services/owncloud/ocs/conversions/role.go
+++ b/internal/http/services/owncloud/ocs/conversions/role.go
@@ -222,6 +222,15 @@ func NewUploaderRole() *Role {
 	}
 }
 
+// NewNoneRole creates a role with no permissions
+func NewNoneRole() *Role {
+	return &Role{
+		Name:                   "none",
+		cS3ResourcePermissions: &provider.ResourcePermissions{},
+		ocsPermissions:         PermissionInvalid,
+	}
+}
+
 // NewManagerRole creates an manager role
 func NewManagerRole() *Role {
 	return &Role{
@@ -254,6 +263,10 @@ func NewManagerRole() *Role {
 
 // RoleFromOCSPermissions tries to map ocs permissions to a role
 func RoleFromOCSPermissions(p Permissions) *Role {
+	if p == PermissionInvalid {
+		return NewNoneRole()
+	}
+
 	if p.Contain(PermissionRead) {
 		if p.Contain(PermissionWrite) && p.Contain(PermissionCreate) && p.Contain(PermissionDelete) {
 			if p.Contain(PermissionShare) {
diff --git a/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go b/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go
index 58aa838e8b0..59957f5e0d1 100644
--- a/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go
+++ b/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go
@@ -426,27 +426,29 @@ func (h *Handler) extractPermissions(w http.ResponseWriter, r *http.Request, ri
 	}
 
 	permissions := role.OCSPermissions()
-	if ri != nil && ri.Type == provider.ResourceType_RESOURCE_TYPE_FILE {
-		// Single file shares should never have delete or create permissions
-		permissions &^= conversions.PermissionCreate
-		permissions &^= conversions.PermissionDelete
-		if permissions == conversions.PermissionInvalid {
+	/*
+		if ri != nil && ri.Type == provider.ResourceType_RESOURCE_TYPE_FILE {
+			// Single file shares should never have delete or create permissions
+			permissions &^= conversions.PermissionCreate
+			permissions &^= conversions.PermissionDelete
+			if permissions == conversions.PermissionInvalid {
+				return nil, nil, &ocsError{
+					Code:    response.MetaBadRequest.StatusCode,
+					Message: "Cannot set the requested share permissions",
+					Error:   errors.New("cannot set the requested share permissions"),
+				}
+			}
+		}
+
+		existingPermissions := conversions.RoleFromResourcePermissions(ri.PermissionSet).OCSPermissions()
+		if permissions == conversions.PermissionInvalid || !existingPermissions.Contain(permissions) {
 			return nil, nil, &ocsError{
-				Code:    response.MetaBadRequest.StatusCode,
+				Code:    http.StatusNotFound,
 				Message: "Cannot set the requested share permissions",
 				Error:   errors.New("cannot set the requested share permissions"),
 			}
 		}
-	}
-
-	existingPermissions := conversions.RoleFromResourcePermissions(ri.PermissionSet).OCSPermissions()
-	if permissions == conversions.PermissionInvalid || !existingPermissions.Contain(permissions) {
-		return nil, nil, &ocsError{
-			Code:    http.StatusNotFound,
-			Message: "Cannot set the requested share permissions",
-			Error:   errors.New("cannot set the requested share permissions"),
-		}
-	}
+	*/
 
 	role = conversions.RoleFromOCSPermissions(permissions)
 	roleMap := map[string]string{"name": role.Name}