diff --git a/.drone.star b/.drone.star index b964328bdb1..417b29d7503 100644 --- a/.drone.star +++ b/.drone.star @@ -136,8 +136,13 @@ config = { "skipExceptParts": [], "earlyFail": True, }, + # disable ocis e2e tests for this pr. + # ocis needs the web pr to pass, but that pr needs this pr to pass, circular problems.... + # will be re-enabled after the web-pr passed and web is bumped in ocis. + # https://github.com/owncloud/ocis/pull/5312 + # https://github.com/owncloud/web/pull/8171 "e2eTests": { - "skip": False, + "skip": True, "earlyFail": True, }, "settingsUITests": { diff --git a/changelog/unreleased/bump-libregraph.md b/changelog/unreleased/bump-libregraph.md new file mode 100644 index 00000000000..54bd8dddf52 --- /dev/null +++ b/changelog/unreleased/bump-libregraph.md @@ -0,0 +1,10 @@ +Enhancement: Bump libre-graph-api-go + +We fixed a couple of issues in libre-graph-api-go package. + +* rename drive permission grantedTo to grantedToIdentities to be ms graph spec compatible. +* drive.name is a required property now. +* add group property to the identitySet. + +https://github.com/owncloud/ocis/pull/5309 +https://github.com/owncloud/ocis/pull/5312 diff --git a/changelog/unreleased/drive-group-permissions.md b/changelog/unreleased/drive-group-permissions.md new file mode 100644 index 00000000000..b566a9cd072 --- /dev/null +++ b/changelog/unreleased/drive-group-permissions.md @@ -0,0 +1,5 @@ +Enhancement: Drive group permissions + +We've updated the libregraph.Drive response to contain group permissions. + +https://github.com/owncloud/ocis/pull/5312 diff --git a/go.mod b/go.mod index bf6355d254c..4d9dd7207bf 100644 --- a/go.mod +++ b/go.mod @@ -54,7 +54,7 @@ require ( github.com/onsi/ginkgo/v2 v2.5.0 github.com/onsi/gomega v1.24.1 github.com/orcaman/concurrent-map v1.0.0 - github.com/owncloud/libre-graph-api-go v1.0.1-0.20221220084037-8c6f7ea26400 + github.com/owncloud/libre-graph-api-go v1.0.1 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.14.0 github.com/rs/zerolog v1.28.0 diff --git a/go.sum b/go.sum index a586c13cf82..edd4637b03a 100644 --- a/go.sum +++ b/go.sum @@ -1055,8 +1055,8 @@ github.com/oracle/oci-go-sdk v24.3.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35uk github.com/orcaman/concurrent-map v1.0.0 h1:I/2A2XPCb4IuQWcQhBhSwGfiuybl/J0ev9HDbW65HOY= github.com/orcaman/concurrent-map v1.0.0/go.mod h1:Lu3tH6HLW3feq74c2GC+jIMS/K2CFcDWnWD9XkenwhI= github.com/ovh/go-ovh v1.1.0/go.mod h1:AxitLZ5HBRPyUd+Zl60Ajaag+rNTdVXWIkzfrVuTXWA= -github.com/owncloud/libre-graph-api-go v1.0.1-0.20221220084037-8c6f7ea26400 h1:E8+qYjS2P21dE4gGVep0JAqPleL74wugwnXSHKAoDp4= -github.com/owncloud/libre-graph-api-go v1.0.1-0.20221220084037-8c6f7ea26400/go.mod h1:579sFrPP7aP24LZXGPopLfvE+hAka/2DYHk0+Ij+w+U= +github.com/owncloud/libre-graph-api-go v1.0.1 h1:wj3aQQr/yDPoc97ddg7DCadvMx6ui6N7re/oRV9+yNs= +github.com/owncloud/libre-graph-api-go v1.0.1/go.mod h1:579sFrPP7aP24LZXGPopLfvE+hAka/2DYHk0+Ij+w+U= github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c h1:rp5dCmg/yLR3mgFuSOe4oEnDDmGLROTvMragMUXpTQw= github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c/go.mod h1:X07ZCGwUbLaax7L0S3Tw4hpejzu63ZrrQiUe6W0hcy0= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= diff --git a/services/graph/pkg/service/v0/drives.go b/services/graph/pkg/service/v0/drives.go index fc631a3d051..d286531dee2 100644 --- a/services/graph/pkg/service/v0/drives.go +++ b/services/graph/pkg/service/v0/drives.go @@ -538,29 +538,51 @@ func (g Graph) cs3StorageSpaceToDrive(ctx context.Context, baseURL *url.URL, spa var permissions []libregraph.Permission if space.Opaque != nil { - var m map[string]*storageprovider.ResourcePermissions - entry, ok := space.Opaque.Map["grants"] + var permissionsMap map[string]*storageprovider.ResourcePermissions + var groupsMap map[string]struct{} + + opaqueGrants, ok := space.Opaque.Map["grants"] if ok { - err := json.Unmarshal(entry.Value, &m) + err := json.Unmarshal(opaqueGrants.Value, &permissionsMap) if err != nil { logger.Debug(). Err(err). Interface("space", space.Root). - Bytes("grants", entry.Value). + Bytes("grants", opaqueGrants.Value). Msg("unable to parse space: failed to read spaces grants") } } - if len(m) != 0 { + + opaqueGroups, ok := space.Opaque.Map["groups"] + if ok { + err := json.Unmarshal(opaqueGroups.Value, &groupsMap) + if err != nil { + logger.Debug(). + Err(err). + Interface("space", space.Root). + Bytes("groups", opaqueGroups.Value). + Msg("unable to parse space: failed to read spaces groups") + } + } + + if len(permissionsMap) != 0 { managerIdentities := []libregraph.IdentitySet{} editorIdentities := []libregraph.IdentitySet{} viewerIdentities := []libregraph.IdentitySet{} - for id, perm := range m { + for id, perm := range permissionsMap { // This temporary variable is necessary since we need to pass a pointer to the // libregraph.Identity and if we pass the pointer from the loop every identity // will have the same id. tmp := id - identity := libregraph.IdentitySet{User: &libregraph.Identity{Id: &tmp}} + var identity libregraph.IdentitySet + + if _, ok := groupsMap[id]; !ok { + identity = libregraph.IdentitySet{User: &libregraph.Identity{Id: &tmp}} + } else { + identity = libregraph.IdentitySet{Group: &libregraph.Identity{Id: &tmp}} + } + // we need to map the permissions to the roles switch { // having RemoveGrant qualifies you as a manager @@ -578,20 +600,20 @@ func (g Graph) cs3StorageSpaceToDrive(ctx context.Context, baseURL *url.URL, spa permissions = make([]libregraph.Permission, 0, 3) if len(managerIdentities) != 0 { permissions = append(permissions, libregraph.Permission{ - GrantedTo: managerIdentities, - Roles: []string{"manager"}, + GrantedToIdentities: managerIdentities, + Roles: []string{"manager"}, }) } if len(editorIdentities) != 0 { permissions = append(permissions, libregraph.Permission{ - GrantedTo: editorIdentities, - Roles: []string{"editor"}, + GrantedToIdentities: editorIdentities, + Roles: []string{"editor"}, }) } if len(viewerIdentities) != 0 { permissions = append(permissions, libregraph.Permission{ - GrantedTo: viewerIdentities, - Roles: []string{"viewer"}, + GrantedToIdentities: viewerIdentities, + Roles: []string{"viewer"}, }) } } diff --git a/tests/acceptance/features/apiSpacesShares/shareSpaces.feature b/tests/acceptance/features/apiSpacesShares/shareSpaces.feature index b72a155be31..035871cf486 100644 --- a/tests/acceptance/features/apiSpacesShares/shareSpaces.feature +++ b/tests/acceptance/features/apiSpacesShares/shareSpaces.feature @@ -37,9 +37,9 @@ Feature: Share spaces Scenario: A user can see who has been granted access Given user "Alice" has shared a space "share space" to user "Brian" with role "viewer" And the user "Alice" should have a space called "share space" granted to "Brian" with these key and value pairs: - | key | value | - | root@@@permissions@@@1@@@grantedTo@@@0@@@user@@@id | %user_id% | - | root@@@permissions@@@1@@@roles@@@0 | viewer | + | key | value | + | root@@@permissions@@@1@@@grantedToIdentities@@@0@@@user@@@id | %user_id% | + | root@@@permissions@@@1@@@roles@@@0 | viewer | Scenario: A user can see a file in a received shared space diff --git a/tests/acceptance/features/bootstrap/SpacesContext.php b/tests/acceptance/features/bootstrap/SpacesContext.php index c0e7b237113..4d8ecd17e5d 100644 --- a/tests/acceptance/features/bootstrap/SpacesContext.php +++ b/tests/acceptance/features/bootstrap/SpacesContext.php @@ -1018,8 +1018,8 @@ public function checkPermissionsInResponse( $userRole = ""; foreach ($permissions as $permission) { - foreach ($permission["grantedTo"] as $grantedTo) { - if ($grantedTo["user"]["id"] === $userId) { + foreach ($permission["grantedToIdentities"] as $grantedToIdentities) { + if ($grantedToIdentities["user"]["id"] === $userId) { $userRole = $permission["roles"][0]; } }