Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support t and x in ACEs #4685

Merged
merged 4 commits into from
May 21, 2024
Merged

Support t and x in ACEs #4685

merged 4 commits into from
May 21, 2024

Conversation

butonic
Copy link
Contributor

@butonic butonic commented May 15, 2024
edited

To support view only shares (dowload forbidden) we added t (read attrs) and x (directory traversal) permissions to the decomposed FS ACEs.

The change is backwards compatible. an ACE with r permission will still grant Stat, getPath, InitiateFileDownload and ListContainer permissions. Newly written grants will explicitly set t and x permissions. If we need to be more strict, we could increase the version byte to x02 (x01 was used in the very early days) which can than unparse the r to only grant the InitiateFileDownload permission.

@butonic butonic requested review from labkode, glpatcern and a team as code owners May 15, 2024 14:27
@butonic butonic mentioned this pull request May 15, 2024
Closed
rhafer
rhafer previously requested changes May 15, 2024
View reviewed changes
pkg/storage/utils/ace/ace.go Outdated Show resolved Hide resolved
@butonic butonic force-pushed the support-tx-in-aces branch 3 times, most recently from a82261e to 6675dd2 Compare May 15, 2024 15:03
@butonic butonic mentioned this pull request May 15, 2024
Closed
14 tasks
rhafer added a commit to rhafer/ocis that referenced this pull request May 16, 2024
@rhafer
Bump reva for: cs3org/reva#4685
debabe9 
Fixes: owncloud#9128
@rhafer
Copy link
Contributor

rhafer commented May 16, 2024

Created owncloud/ocis#9188 to check this with ocis full-ci

@butonic butonic requested a review from rhafer May 16, 2024 10:24
butonic pushed a commit to rhafer/ocis that referenced this pull request May 16, 2024
@rhafer @butonic
Bump reva for: cs3org/reva#4685
9c675d3 
Fixes: owncloud#9128
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
butonic pushed a commit to rhafer/ocis that referenced this pull request May 16, 2024
@rhafer @butonic
Bump reva for: cs3org/reva#4685
91cb0e7 
Fixes: owncloud#9128
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
rhafer added a commit to rhafer/ocis that referenced this pull request May 16, 2024
@rhafer
Bump reva for: cs3org/reva#4685
507dd8c 
Fixes: owncloud#9128
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
@butonic @rhafer
Support t and x in ACEs
cf1275d 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
@butonic @rhafer
the uploader role is actually VERY similar to editor
c451d8e 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
rhafer added a commit to rhafer/ocis that referenced this pull request May 16, 2024
@rhafer
Bump reva for: cs3org/reva#4685
f6e0d54 
Fixes: owncloud#9128
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
@rhafer
Copy link
Contributor

rhafer commented May 16, 2024

@butonic I've now introduced the new role "UploaderOnly". This is needed by ocs to be able to create filedrop links.

I am still pondering if it might be better to keep the "Uploader" roles as it was before and introduce a new role instead for the "Upload/Download/Edit without Delete" thing that is supposed to be provided for user shares.

@rhafer rhafer dismissed their stale review May 16, 2024 16:46

outdated

rhafer added a commit to rhafer/ocis that referenced this pull request May 21, 2024
@rhafer
Bump reva for: cs3org/reva#4685
a7b27c8 
Fixes: owncloud#9128
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
@rhafer
Revert changes to "uploader" role and introduce "editor-lite"
916ef34 
The "uploader" role is really meant to be an upload-only role. It is use
e.g. to assemble the permissions for a "secret-file-drop" public link.

To reflect the needs for the Uploader user-sharing role, which is
allowed to upload/download but not delete, we now introduce the
"editor-lite" role.
@rhafer rhafer requested review from kobergj and removed request for rhafer May 21, 2024 12:25
@butonic butonic mentioned this pull request May 21, 2024
Merged
kobergj
kobergj requested changes May 21, 2024
View reviewed changes
pkg/conversions/role.go Outdated Show resolved Hide resolved
@butonic @kobergj
Update pkg/conversions/role.go
e9f231c 
Co-authored-by: kobergj <juliankoberg@googlemail.com>
@rhafer rhafer merged commit 99b0fd0 into cs3org:edge May 21, 2024
9 checks passed
rhafer added a commit to rhafer/ocis that referenced this pull request May 21, 2024
@rhafer
bump to reva 8fb71adbe500
005a23b 
To get: cs3org/reva#4685

Fixes: owncloud#9128
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
rhafer added a commit to rhafer/ocis that referenced this pull request May 21, 2024
@rhafer
bump to reva 8fb71adbe500
f931da5 
To get: cs3org/reva#4685

Fixes: owncloud#9128
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
butonic added a commit to owncloud/ocis that referenced this pull request May 21, 2024
@butonic
Merge pull request #9188 from rhafer/issue/9128
2faa7fa 
[full-ci] Bump reva for: cs3org/reva#4685
ownclouders pushed a commit to owncloud/ocis that referenced this pull request May 21, 2024
@butonic
Merge pull request #9188 from rhafer/issue/9128
b8bfca6 
[full-ci] Bump reva for: cs3org/reva#4685
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rhafer rhafer rhafer left review comments

@kobergj kobergj kobergj approved these changes

@labkode labkode Awaiting requested review from labkode labkode is a code owner

@glpatcern glpatcern Awaiting requested review from glpatcern glpatcern is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@butonic @rhafer @kobergj