cs3org · micbar · Jun 30, 2022 · Jun 30, 2022 · Jun 30, 2022
@@ -0,0 +1,5 @@
+Bugfix: Improve the sharing internals
+
+We cleaned up the sharing code validation and comparisons.
+
+https://github.com/cs3org/reva/pull/3022
@@ -27,7 +27,7 @@ import (
 type Permissions uint
 
 const (
-	// PermissionInvalid grants no permissions on a resource
+	// PermissionInvalid represents an invalid permission
 	PermissionInvalid Permissions = 0
 	// PermissionRead grants read permissions on a resource
 	PermissionRead Permissions = 1 << (iota - 1)
@@ -41,19 +41,23 @@ const (
 	PermissionShare
 	// PermissionAll grants all permissions on a resource
 	PermissionAll Permissions = (1 << (iota - 1)) - 1
+	// PermissionMaxInput is to be used within value range checks
+	PermissionMaxInput = PermissionAll
+	// PermissionMinInput is to be used within value range checks
+	PermissionMinInput = PermissionRead
 )
 
 var (
 	// ErrPermissionNotInRange defines a permission specific error.
-	ErrPermissionNotInRange = fmt.Errorf("The provided permission is not between %d and %d", PermissionInvalid, PermissionAll)
+	ErrPermissionNotInRange = fmt.Errorf("The provided permission is not between %d and %d", PermissionMinInput, PermissionMaxInput)
 )
 
 // NewPermissions creates a new Permissions instance.
 // The value must be in the valid range.
 func NewPermissions(val int) (Permissions, error) {
 	if val == int(PermissionInvalid) {
-		return PermissionInvalid, nil
-	} else if val < int(PermissionInvalid) || int(PermissionAll) < val {
+		return PermissionInvalid, fmt.Errorf("permissions %d out of range %d - %d", val, PermissionMinInput, PermissionMaxInput)
+	} else if val < int(PermissionInvalid) || int(PermissionMaxInput) < val {
 		return PermissionInvalid, ErrPermissionNotInRange
 	}
 	return Permissions(val), nil

@@ -23,7 +23,7 @@ import (
 )
 
 func TestNewPermissions(t *testing.T) {
-	for val := int(PermissionRead); val <= int(PermissionAll); val++ {
+	for val := int(PermissionMinInput); val <= int(PermissionMaxInput); val++ {
 		_, err := NewPermissions(val)
 		if err != nil {
 			t.Errorf("value %d should be a valid permissions", val)
@@ -34,7 +34,7 @@ func TestNewPermissions(t *testing.T) {
 func TestNewPermissionsWithInvalidValueShouldFail(t *testing.T) {
 	vals := []int{
 		-1,
-		int(PermissionAll) + 1,
+		int(PermissionMaxInput) + 1,
 	}
 	for _, v := range vals {
 		_, err := NewPermissions(v)

@@ -31,7 +31,7 @@ import (
 // TODO(labkode): fine grained permission controls.
 func GetACLPerm(set *provider.ResourcePermissions) (string, error) {
 	// resource permission is denied
-	if cmp.Equal(provider.ResourcePermissions{}, *set) {
+	if cmp.Equal(provider.ResourcePermissions{}, *set, ignoreProtobufXxx()) {
 		return "!r!w!x!m!u!d", nil
 	}
 
@@ -135,10 +135,19 @@ func GetGranteeType(aclType string) provider.GranteeType {
 
 // PermissionsEqual returns true if the permissions are equal
 func PermissionsEqual(p1, p2 *provider.ResourcePermissions) bool {
-	return p1 != nil && p2 != nil && cmp.Equal(*p1, *p2)
+	return p1 != nil && p2 != nil && cmp.Equal(*p1, *p2, ignoreProtobufXxx())
 }
 
 // GranteeEqual returns true if the grantee are equal
 func GranteeEqual(g1, g2 *provider.Grantee) bool {
-	return g1 != nil && g2 != nil && cmp.Equal(*g1, *g2)
+	return g1 != nil && g2 != nil && cmp.Equal(*g1, *g2, ignoreProtobufXxx())
+}
+
+func ignoreProtobufXxx() cmp.Option {
+	return cmp.FilterPath(
+		func(path cmp.Path) bool {
+			return strings.HasPrefix(path.String(), "XXX")
+		},
+		cmp.Ignore(),
+	)
 }