Skip to content

Commit

Permalink
graph sharing: delete link permission
Browse files Browse the repository at this point in the history 
Allow to delete link permissions (i.e. Public Shares)
  • Loading branch information
@rhafer
rhafer committed Nov 29, 2023
1 parent 7052375 commit c7215e1
Show file tree
Hide file tree
Showing 2 changed files with 104 additions and 26 deletions.
4 changes: 4 additions & 0 deletions services/graph/pkg/errorcode/errorcode.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,10 @@ func (e Error) Error() string {
return errString
}

func (e Error) GetCode() ErrorCode {
return e.errorCode
}

// RenderError render the Graph Error based on a code or default one
func RenderError(w http.ResponseWriter, r *http.Request, err error) {
var errcode Error
Expand Down
126 changes: 100 additions & 26 deletions services/graph/pkg/service/v0/driveitems.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -504,13 +504,6 @@ func (g Graph) Invite(w http.ResponseWriter, r *http.Request) {

// DeletePermission removes a Permission from a Drive item
func (g Graph) DeletePermission(w http.ResponseWriter, r *http.Request) {
gatewayClient, err := g.gatewaySelector.Next()
if err != nil {
g.logger.Debug().Err(err).Msg("selecting gatewaySelector failed")
errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
return
}

_, itemID, err := g.extractDriveAndDriveItem(r)
if err != nil {
errorcode.RenderError(w, r, err)
Expand All @@ -526,6 +519,56 @@ func (g Graph) DeletePermission(w http.ResponseWriter, r *http.Request) {
}

ctx := r.Context()
isUserPermission := true

// Check if the id is refering to a User Share
sharedResourceId, err := g.getUserPermissionResourceID(ctx, permissionID)
var errcode errorcode.Error
if err != nil && errors.As(err, &errcode) && errcode.GetCode() == errorcode.ItemNotFound {
// there is no user share with that ID, so lets check if it is refering to a public link
isUserPermission = false
sharedResourceId, err = g.getLinkPermissionResourceID(ctx, permissionID)
}

if err != nil {
errorcode.RenderError(w, r, err)
return
}

// The resourceID of the shared resource need to match the item ID from the Request Path
// otherwise this is an invalid Request.
if sharedResourceId.GetStorageId() != itemID.GetStorageId() ||
sharedResourceId.GetSpaceId() != itemID.GetSpaceId() ||
sharedResourceId.GetOpaqueId() != itemID.GetOpaqueId() {
g.logger.Debug().Msg("resourceID of shared does not match itemID")
errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "permissionID and itemID do not match")
return
}

if isUserPermission {
err = g.removeUserShare(ctx, permissionID)
} else {
err = g.removePublicShare(ctx, permissionID)
}

if err != nil {
errorcode.RenderError(w, r, err)
return
}

render.Status(r, http.StatusNoContent)
render.NoContent(w, r)

return
}

func (g Graph) getUserPermissionResourceID(ctx context.Context, permissionID string) (*storageprovider.ResourceId, error) {
gatewayClient, err := g.gatewaySelector.Next()
if err != nil {
g.logger.Debug().Err(err).Msg("selecting gatewaySelector failed")
return nil, err
}

getShareResp, err := gatewayClient.GetShare(ctx,
&collaboration.GetShareRequest{
Ref: &collaboration.ShareReference{
Expand All @@ -539,16 +582,14 @@ func (g Graph) DeletePermission(w http.ResponseWriter, r *http.Request) {
if errCode := errorcode.FromCS3Status(getShareResp.GetStatus(), err); errCode != nil {
return nil, err
}
return getShareResp.Share.GetResourceId(), nil
}

sharedResourceId := getShareResp.GetShare().GetResourceId()
// The resourceID of the shared resource need to matched the item ID from the Request Path
// otherwise this is an invalid Request.
if sharedResourceId.GetStorageId() != itemID.GetStorageId() ||
sharedResourceId.GetSpaceId() != itemID.GetSpaceId() ||
sharedResourceId.GetOpaqueId() != itemID.GetOpaqueId() {
g.logger.Debug().Msg("resourceID of shared does not match itemID")
errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "permissionID and itemID do not match")
return
func (g Graph) removeUserShare(ctx context.Context, permissionID string) error {
gatewayClient, err := g.gatewaySelector.Next()
if err != nil {
g.logger.Debug().Err(err).Msg("selecting gatewaySelector failed")
return err
}

removeShareResp, err := gatewayClient.RemoveShare(ctx,
Expand All @@ -561,18 +602,51 @@ func (g Graph) DeletePermission(w http.ResponseWriter, r *http.Request) {
},
},
})
switch {
case err != nil:
fallthrough
case removeShareResp.Status.GetCode() != cs3rpc.Code_CODE_OK:
g.logger.Debug().Err(err).Interface("permissionID", permissionID).Interface("GetShare", getShareResp).Msg("GetShare failed")
errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
return
return errorcode.FromCS3Status(removeShareResp.GetStatus(), err)
}

func (g Graph) getLinkPermissionResourceID(ctx context.Context, permissionID string) (*storageprovider.ResourceId, error) {
gatewayClient, err := g.gatewaySelector.Next()
if err != nil {
g.logger.Debug().Err(err).Msg("selecting gatewaySelector failed")
return nil, err
}
render.Status(r, http.StatusNoContent)
render.NoContent(w, r)

return
getPublicShareResp, err := gatewayClient.GetPublicShare(ctx,
&link.GetPublicShareRequest{
Ref: &link.PublicShareReference{
Spec: &link.PublicShareReference_Id{
Id: &link.PublicShareId{
OpaqueId: permissionID,
},
},
},
},
)
if errCode := errorcode.FromCS3Status(getPublicShareResp.GetStatus(), err); errCode != nil {
return nil, errCode
}
return getPublicShareResp.Share.GetResourceId(), nil
}

func (g Graph) removePublicShare(ctx context.Context, permissionID string) error {
gatewayClient, err := g.gatewaySelector.Next()
if err != nil {
g.logger.Debug().Err(err).Msg("selecting gatewaySelector failed")
return err
}

removePublicShareResp, err := gatewayClient.RemovePublicShare(ctx,
&link.RemovePublicShareRequest{
Ref: &link.PublicShareReference{
Spec: &link.PublicShareReference_Id{
Id: &link.PublicShareId{
OpaqueId: permissionID,
},
},
},
})
return errorcode.FromCS3Status(removePublicShareResp.GetStatus(), err)
}

func (g Graph) extractDriveAndDriveItem(r *http.Request) (driveID storageprovider.ResourceId, itemID storageprovider.ResourceId, err error) {
Expand Down

0 comments on commit c7215e1

Please sign in to comment.