Implement support for deny ACLs

.drone.env

@@ -1,3 +1,3 @@
 # The test runner source for API tests
-CORE_COMMITID=e47056ad0081656abddb1e5ac4b60bc34f073028
+CORE_COMMITID=1c59ed8d17317b04b9f525a74696b5fd756525ae
 CORE_BRANCH=master

.drone.star

@@ -174,7 +174,7 @@ def buildAndPublishDocker():
         "settings": {
           "repo": "cs3org/reva",
           "tags": "latest",
-          "dockerfile": "Dockerfile.revad",
+          "dockerfile": "Dockerfile.reva",
           "username":{
             "from_secret": "dockerhub_username",
           },

Dockerfile.reva

@@ -16,7 +16,7 @@
 # granted to it by virtue of its status as an Intergovernmental Organization
 # or submit itself to any jurisdiction.
 
-FROM golang:alpine as builder
+FROM golang:alpine3.13 as builder
 
 RUN apk --no-cache add \
   ca-certificates \

Dockerfile.revad

@@ -16,7 +16,7 @@
 # granted to it by virtue of its status as an Intergovernmental Organization
 # or submit itself to any jurisdiction.
 
-FROM golang:alpine as builder
+FROM golang:alpine3.13 as builder
 
 RUN apk --no-cache add \
   ca-certificates \
@@ -36,7 +36,7 @@ RUN make build-revad-docker && \
 
 RUN mkdir -p /etc/revad/ && echo "" > /etc/revad/revad.toml
 
-FROM golang:alpine
+FROM golang:alpine3.13
 
 RUN apk --no-cache add \
   mailcap

Dockerfile.revad-eos

@@ -16,7 +16,7 @@
 # granted to it by virtue of its status as an Intergovernmental Organization
 # or submit itself to any jurisdiction.
 
-FROM golang:alpine as builder
+FROM golang:alpine3.13 as builder
 
 RUN apk --no-cache add \
   ca-certificates \

README.md

@@ -36,14 +36,49 @@ You can also read the [build from sources guide](https://reva.link/docs/getting-
 
 ## Run tests
 
-### unit tests / GRPC tests
-`make test`
+Reva's codebase continuously undergoes testing at various levels.
+
+To understand which tests exist, you can have a look at the [Makefile](https://github.com/cs3org/reva/blob/master/Makefile) and the [Drone run logs](https://drone.cernbox.cern.ch/cs3org/reva/).
+
+The tests run by CERN's instance of [Drone CI/CD](https://docs.drone.io/) are defined in the [.drone.star](https://github.com/cs3org/reva/blob/master/.drone.star) file.
+
+NB: The [tests/oc-integration-tests/drone](https://github.com/cs3org/reva/tree/master/tests/oc-integration-tests/drone) and [tests/oc-integration-tests/local](https://github.com/cs3org/reva/tree/master/tests/oc-integration-tests/local) folders contain the configuration fixtures that are used to start up the Reva instance to test (on drone CI/CD or on your local system, respectively), for both these acceptance tests ("ownCloud legacy integration tests") and the Litmus tests.
+
+### Unit tests
+
+This runs the `<unit>_test.go` files that appear next to some of the `<unit>.go` files in the code tree.
+
+For instance `pkg/utils/utils_test.go` contains unit tests for `pkg/utils/utils.go`.
+
+To run all of them you can do `make test`.
 
 If you see `TestGetManagerWithInvalidUser/Nil_in_user` fail, [try removing](https://github.com/cs3org/reva/issues/1736) `/etc/revad/users.json` on your system.
 
-### litmus tests
+To run a single one of them you can do:
+```sh
+$ go test `go list ./pkg/utils/...`
+ok  	github.com/cs3org/reva/pkg/utils	0.374s
+```
+
+### Integration tests (GRPC)
+See [tests/integration](https://github.com/cs3org/reva/tree/master/tests/integration).
+This requires Redis.
+
+```sh
+export REDIS_ADDRESS=127.0.0.1:6379
+make test-integration
+```
+
+You can get more verbose output with `ginkgo -v -r tests/integration/`.
+
+NB: This will work better on Linux than on MacOS because of issues with static linking (`library not found for -lcrt0.o`).
+
+### Litmus tests (WebDAV)
+[Litmus](http://www.webdav.org/neon/litmus/) is a webdav test suite. The litmus tests for Reva's WebDAV interface are run using the [ownCloud's litmus Docker image](https://github.com/owncloud-docker/litmus). The '-old' and '-new' refer to which `LITMUS_URL` environment variable is passed to that Docker image, in other words, which path on the Reva server the litmus tests are run against.
+
 1. start the needed services
    ```
+   mkdir -p /var/tmp/reva/einstein
    cd tests/oc-integration-tests/local
    ../../../cmd/revad/revad -c frontend.toml &
    ../../../cmd/revad/revad -c gateway.toml &
@@ -65,7 +100,11 @@ If you see `TestGetManagerWithInvalidUser/Nil_in_user` fail, [try removing](http
    - change `LITMUS_URL` for other tests e.g. `-e LITMUS_URL=http://localhost:20080/remote.php/dav/files/einstein` or to a public-share link
    - if on MacOS you see `FAIL (connection refused by '127.0.0.1' port 20080: Connection refused)`, it may be necessary to replace 'localhost' with your host IP address (e.g. `ipconfig getifaddr en0` or `sudo ifconfig | grep 192`)
 
-### ownCloud legacy integration tests
+### Acceptance tests (ownCloud legacy)
+See [tests/acceptance](https://github.com/cs3org/reva/tree/master/tests/acceptance).
+
+This will require some PHP-related tools to run, for instance on Ubuntu you will need `apt install -y php-xml php-curl composer`.
+
 1. start an LDAP server
     ```
     docker run --rm --hostname ldap.my-company.com \

changelog/unreleased/add-gocdb-apikey.md

@@ -0,0 +1,5 @@
+Enhancement: Add API key to Mentix GOCDB connector
+
+The PI (programmatic interface) of the GOCDB will soon require an API key; this PR adds the ability to configure this key in Mentix.
+
+https://github.com/cs3org/reva/pull/1834

changelog/unreleased/ci-fix-reva-dockerfile-path.md

@@ -0,0 +1,12 @@
+Bugfix: correct Dockerfile path for the reva CLI and alpine3.13 as builder
+
+This was introduced on https://github.com/cs3org/reva/commit/117adad while
+porting the configuration on .drone.yml to starlark.
+
+Force golang:alpine3.13 as base image to prevent errors from Make when
+running on Docker <20.10 as it happens on Drone
+ ref.https://gitlab.alpinelinux.org/alpine/aports/-/issues/12396
+
+https://github.com/cs3org/reva/pull/1843
+https://github.com/cs3org/reva/pull/1844
+https://github.com/cs3org/reva/pull/1847

changelog/unreleased/deny-acls.md

@@ -0,0 +1,4 @@
+Enhancement: add support for a deny-all permission on references
+and implement it on the EOS storage
+
+http://github.com/cs3org/reva/pull/1798

changelog/unreleased/ldap-nobody-fallback.md

@@ -0,0 +1,5 @@
+Bugfix: Fill in missing gid/uid number with nobody
+
+When an LDAP server does not provide numeric uid or gid properties for a user we now fall back to a configurable `nobody` id (default 99).
+
+https://github.com/cs3org/reva/pull/1848

cmd/reva/common.go

@@ -31,7 +31,10 @@ import (
 
 const (
 	viewerPermission string = "viewer"
+	readerPermission string = "reader"
 	editorPermission string = "editor"
+	collabPermission string = "collab"
+	denyPermission   string = "denied"
 )
 
 type config struct {

cmd/reva/share-create.go

@@ -153,15 +153,22 @@ func getGrantType(t string) provider.GranteeType {
 }
 
 func getSharePerm(p string) (*provider.ResourcePermissions, error) {
-	if p == viewerPermission {
+	switch p {
+	case viewerPermission:
+		return &provider.ResourcePermissions{
+			GetPath:       true,
+			ListContainer: true,
+			Stat:          true,
+		}, nil
+	case readerPermission:
 		return &provider.ResourcePermissions{
 			GetPath:              true,
 			InitiateFileDownload: true,
 			ListFileVersions:     true,
 			ListContainer:        true,
 			Stat:                 true,
 		}, nil
-	} else if p == editorPermission {
+	case editorPermission:
 		return &provider.ResourcePermissions{
 			GetPath:              true,
 			InitiateFileDownload: true,
@@ -174,6 +181,25 @@ func getSharePerm(p string) (*provider.ResourcePermissions, error) {
 			RestoreFileVersion:   true,
 			Move:                 true,
 		}, nil
+	case collabPermission:
+		return &provider.ResourcePermissions{
+			GetPath:              true,
+			InitiateFileDownload: true,
+			ListFileVersions:     true,
+			ListContainer:        true,
+			Stat:                 true,
+			CreateContainer:      true,
+			Delete:               true,
+			InitiateFileUpload:   true,
+			RestoreFileVersion:   true,
+			Move:                 true,
+			AddGrant:             true,
+			UpdateGrant:          true,
+			RemoveGrant:          true,
+		}, nil
+	case denyPermission:
+		return &provider.ResourcePermissions{}, nil
+	default:
+		return nil, errors.New("invalid rol: " + p)
 	}
-	return nil, errors.New("invalid rol: " + p)
 }

docs/content/en/docs/config/grpc/services/storageprovider/_index.md

@@ -9,31 +9,31 @@ description: >
 # _struct: config_
 
 {{% dir name="mount_path" type="string" default="/" %}}
-The path where the file system would be mounted. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L52)
+The path where the file system would be mounted. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L59)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 mount_path = "/"
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="mount_id" type="string" default="-" %}}
-The ID of the mounted file system. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L53)
+The ID of the mounted file system. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L60)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 mount_id = "-"
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="driver" type="string" default="localhome" %}}
-The storage driver to be used. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L54)
+The storage driver to be used. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L61)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 driver = "localhome"
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="drivers" type="map[string]map[string]interface{}" default="localhome" %}}
- [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L55)
+ [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L62)
 {{< highlight toml >}}
 [grpc.services.storageprovider.drivers.localhome]
 root = "/var/tmp/reva/"
@@ -44,42 +44,50 @@ user_layout = "{{.Username}}"
 {{% /dir %}}
 
 {{% dir name="tmp_folder" type="string" default="/var/tmp" %}}
-Path to temporary folder. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L56)
+Path to temporary folder. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L63)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 tmp_folder = "/var/tmp"
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="data_server_url" type="string" default="http://localhost/data" %}}
-The URL for the data server. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L57)
+The URL for the data server. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L64)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 data_server_url = "http://localhost/data"
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="expose_data_server" type="bool" default=false %}}
-Whether to expose data server. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L58)
+Whether to expose data server. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L65)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 expose_data_server = false
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="available_checksums" type="map[string]uint32" default=nil %}}
-List of available checksums. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L59)
+List of available checksums. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L66)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 available_checksums = nil
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="mimetypes" type="map[string]string" default=nil %}}
-List of supported mime types and corresponding file extensions. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L60)
+List of supported mime types and corresponding file extensions. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L67)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 mimetypes = nil
 {{< /highlight >}}
 {{% /dir %}}
 
+{{% dir name="gatewaysvc" type="string" default="/" %}}
+Stores the endpoint at which the GRPC gateway is exposed. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L68)
+{{< highlight toml >}}
+[grpc.services.storageprovider]
+gatewaysvc = "/"
+{{< /highlight >}}
+{{% /dir %}}
+

docs/content/en/docs/config/http/services/mentix/gocdb/_index.md

@@ -25,3 +25,11 @@ The scope to use for filtering sites and services.
 scope = "SM"
 {{< /highlight >}}
 {{% /dir %}}
+
+{{% dir name="apikey" type="string" default="" %}}
+The API key to use for the GOCDB PI.
+{{< highlight toml >}}
+[http.services.mentix.connectors.gocdb]
+apikey = "abc123"
+{{< /highlight >}}
+{{% /dir %}}

examples/mentix/mentix.toml

@@ -6,6 +6,7 @@ update_interval = "15m"
 
 [http.services.mentix.connectors.gocdb]
 address = "http://sciencemesh-test.uni-muenster.de"
+apikey = "abc123"
 
 # Sites can also be stored in a local file
 [http.services.mentix.connectors.localfile]

go.mod

@@ -23,6 +23,7 @@ require (
 	github.com/go-sql-driver/mysql v1.6.0
 	github.com/golang/protobuf v1.5.2
 	github.com/gomodule/redigo v1.8.5
+	github.com/google/go-cmp v0.5.5
 	github.com/google/go-github v17.0.0+incompatible
 	github.com/google/go-querystring v1.0.0 // indirect
 	github.com/google/uuid v1.2.0
@@ -31,29 +32,31 @@ require (
 	github.com/imdario/mergo v0.3.8 // indirect
 	github.com/jedib0t/go-pretty v4.3.0+incompatible
 	github.com/mattn/go-sqlite3 v2.0.3+incompatible
-	github.com/minio/minio-go/v7 v7.0.11
+	github.com/minio/minio-go/v7 v7.0.12
 	github.com/mitchellh/copystructure v1.0.0 // indirect
 	github.com/mitchellh/mapstructure v1.4.1
+	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
 	github.com/onsi/ginkgo v1.16.4
 	github.com/onsi/gomega v1.13.0
 	github.com/ory/fosite v0.40.2
 	github.com/pkg/errors v0.9.1
 	github.com/pkg/xattr v0.4.3
 	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
-	github.com/rs/cors v1.7.0
+	github.com/rs/cors v1.8.0
 	github.com/rs/zerolog v1.23.0
 	github.com/sciencemesh/meshdirectory-web v1.0.4
 	github.com/sethvargo/go-password v0.2.0
 	github.com/stretchr/testify v1.7.0
 	github.com/studio-b12/gowebdav v0.0.0-20200303150724-9380631c29a1
+	github.com/thanhpk/randstr v1.0.4
 	github.com/tus/tusd v1.1.1-0.20200416115059-9deabf9d80c2
 	go.opencensus.io v0.23.0
-	golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c
+	golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f
 	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
 	golang.org/x/sys v0.0.0-20210423082822-04245dca01da
 	golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1
-	google.golang.org/grpc v1.38.0
-	google.golang.org/protobuf v1.27.0
+	google.golang.org/grpc v1.39.0
+	google.golang.org/protobuf v1.27.1
 	gotest.tools v2.2.0+incompatible
 )