fix: share jail usage for the listSharedWithMe endpoint #8016
Conversation
|
Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes. |
|
I am still a bit unsure about the partent references we're setting. In case of an accepted share we now return this
|
|
Trying to build this locally fails with |
fschade
force-pushed
the
graph-beta-fix-shared-with-me
branch
from
2037c18
to
2c09d30
Compare
thanks, please try again, should be fixed now |
|
The The part after |
|
So to detect if a share is accepted or declined we would have to check if The docs say: So with this PR that is not true anymore. |
|
parentReference.driveId is statResponse.GetInfo().GetSpace().GetRoot() the remote item is only attached if the share is accepted, e.g. ShareState_SHARE_STATE_ACCEPTED but not for ShareState_SHARE_STATE_PENDING and ShareState_SHARE_STATE_REJECTED |
|
@individual-it, it still misses the @Client.Synchronize property, ill add it tomorrow, can you have a look in the meantime and check if it works for you that way? |
fschade
force-pushed
the
graph-beta-fix-shared-with-me
branch
from
44bf1fc
to
360599f
Compare
|
Works generally well. id and etag are not present when the share is not accepted and that is the way we discussed it yesterday 👍 |
|
PR to test this changes in ocis-php-sdk: owncloud/ocis-php-sdk#166 |
|
@individual-it, contains @Client.Synchronize now but you need to link following pr to build: i keep it in the current state now to discussion it on tuesday with @micbar |
fschade
force-pushed
the
graph-beta-fix-shared-with-me
branch
from
b8d07fe
to
fcc0b26
Compare
|
@individual-it we had another conversation this morning regarding the
can you please check if thats ok for you and the sdk youre working on? |
|
i leave this pr in draft state for today to have room for discussion since the topic seems to be controversial. If a drive item is shared to the same grantee, first via group and second directly to the user identity, the share aka driveItem does not get normalized and appears multiple times instead. in a future pr we should only list one drive item and multiple permission entries instead. FollowUp PR needed. At the moment the tests are still disabled, as soon as we have agreed on a status I will adapt all tests FYI: @micbar, @individual-it, @butonic, @rhafer |
There was a problem hiding this comment.
- Currently both, the outer
driveItemand the wrappedremoteItem, contain apermissionsproperty. Apart from the duplication, I think it's wrong. Only the innerremoteItemshould have that property. - Also I think moving the ui.hidden and @client.synchronize flags from the
permissionproperty into the theremoteItemis wrong. Both flags are share specific properties in the CS3 API. If you create a share with a user and that user hides the share and after the same item is share to that user via group membership, the item will be visible again as it is a different share. (We basically need to implement it the same on the libregraph level for permission, as we can't really set a correctui.hiddenvalue on the remoteitem in cases where multiple shares are received for the same it item. - When one of the received shares is a share from a project space the API will just return a 404 (it seems the owner of the shared item is not a valid userid but the project space id). -> reported as sharing-ng: Emtpy
sharedWithMeresponse when received shares contain share from project space #8215
{
"error": {
"code": "itemNotFound",
"innererror": {
"date": "2024-01-10T16:06:33Z",
"request-id": "23a8b0919805/ArGUHkKdIn-000002"
},
"message": "not found"
}
}
rhafer
force-pushed
the
graph-beta-fix-shared-with-me
branch
from
27d4d43
to
a05662b
Compare
How would that work with the |
The hidden and synchronized flag need to be part of the permission. |
rhafer
force-pushed
the
graph-beta-fix-shared-with-me
branch
from
a05662b
to
9080e53
Compare
According to #6993 (comment) the
Also according to the above linked issue, the I'll rework this PR accordingly. |
rhafer
force-pushed
the
graph-beta-fix-shared-with-me
branch
from
2c22d48
to
6054569
Compare
- remove unnecessary stat for accepted items - only display permission actions if the role cannot be resolved - add permission user and group displayName
…graph For readability and reduced complexity of the sharedWithMe method. It was getting too large already.
…emoteItem Sematically the outer driveItem shouldn't carryt the permission. It's the `remoteItem` that reflects the grantee's permissions.
The value of driveItem.remoteItem.shared.Owner should match the owner property of the received share not the owner property of the resourceInfo.
The outer parentreference should refer to the drive containing the mountpoint. In our case this is the storagespaceid of the virtual share jail. Also 'CreatedBy' should be the same as on the wrapped remote item. Not the share creator.
rhafer
force-pushed
the
graph-beta-fix-shared-with-me
branch
from
6054569
to
e5c1042
Compare
|
I am moving this out of draft now. I think it is ready for review. There is still the know bug with shares created from space, but in order to unblock @individual-it from making progress on the php sdk I'd rather handle that in a separate PR. |
rhafer
dismissed
their stale review
remaining issue will be handled in a separate PR
|
Description
The graph beta
ListSharedWithMeendpoint was rebuilt and now uses the share jail.since the output highly relies on the share state, e.g.
SHARE_STATE_ACCEPTEDSHARE_STATE_PENDINGSHARE_STATE_REJECTEDthe implementation looks complicated at first glance which is due to the different states.
The code is intended to serve as a basis for discussion and primarily show whether the right thing is happening here, since the cs3 stat does not return jailed references.
@butonic, If you find time, please take a look at the code to see if it does the right thing.
@individual-it, In the meantime, you can test with the php sdk to see if everything works.
the unit tests will fail at the moment and need to be updated, same for the libregraph api clients (due to missing remoteItem permissions)
Related Issue
sharedWithMe#7826Motivation and Context
The previous implementation of the graph beta
ListSharedWithMehad not used the required share jailHow Has This Been Tested?
Output
{ "value": [ { "createdBy": { "user": { "displayName": "Admin", "id": "33c4dae1-084a-4b1a-af16-62dd499a43db" } }, "id": "82a26d6a-acc2-4074-92ec-4f6d9d0c8e03$33c4dae1-084a-4b1a-af16-62dd499a43db!db7c807c-55f2-48a6-98be-580d695c5921", "lastModifiedDateTime": "2023-12-18T16:54:09.932155608+01:00", "name": "REJECTED", "parentReference": { "driveId": "82a26d6a-acc2-4074-92ec-4f6d9d0c8e03$33c4dae1-084a-4b1a-af16-62dd499a43db!33c4dae1-084a-4b1a-af16-62dd499a43db", "driveType": "personal" }, "permissions": [ { "@libre.graph.permissions.actions": [ "libre.graph/driveItem/permissions/create", "libre.graph/driveItem/path/read", "libre.graph/driveItem/quota/read", "libre.graph/driveItem/content/read", "libre.graph/driveItem/children/read", "libre.graph/driveItem/deleted/read", "libre.graph/driveItem/basic/read" ], "grantedToV2": { "user": { "displayName": "", "id": "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c" } }, "id": "82a26d6a-acc2-4074-92ec-4f6d9d0c8e03:33c4dae1-084a-4b1a-af16-62dd499a43db:7caf033f-bbdc-4705-b18f-d60f4782030f", "roles": [ "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5" ] } ] }, { "createdBy": { "user": { "displayName": "Admin", "id": "33c4dae1-084a-4b1a-af16-62dd499a43db" } }, "createdDateTime": "2023-12-18T16:54:16.068284+01:00", "id": "a0ca6a90-a365-4782-871e-d44447bbc668$a0ca6a90-a365-4782-871e-d44447bbc668!82a26d6a-acc2-4074-92ec-4f6d9d0c8e03:33c4dae1-084a-4b1a-af16-62dd499a43db:9a47489b-9824-4694-94f2-17e70183d989", "lastModifiedDateTime": "2023-12-18T16:54:16.068284+01:00", "name": "ACCEPTED", "parentReference": { "driveId": "82a26d6a-acc2-4074-92ec-4f6d9d0c8e03$33c4dae1-084a-4b1a-af16-62dd499a43db!33c4dae1-084a-4b1a-af16-62dd499a43db", "driveType": "personal" }, "remoteItem": { "createdBy": { "user": { "displayName": "Admin", "id": "33c4dae1-084a-4b1a-af16-62dd499a43db" } }, "eTag": "44c83f7d54cf706425776424adc8c48c", "folder": {}, "id": "82a26d6a-acc2-4074-92ec-4f6d9d0c8e03$33c4dae1-084a-4b1a-af16-62dd499a43db!0fceb583-b3ac-4fb0-b87e-d683292a377e", "lastModifiedDateTime": "2023-12-18T16:53:50.087649795+01:00", "name": "ACCEPTED", "permissions": [ { "@libre.graph.permissions.actions": [ "libre.graph/driveItem/permissions/create", "libre.graph/driveItem/path/read", "libre.graph/driveItem/quota/read", "libre.graph/driveItem/content/read", "libre.graph/driveItem/children/read", "libre.graph/driveItem/deleted/read", "libre.graph/driveItem/basic/read" ], "grantedToV2": { "user": { "displayName": "", "id": "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c" } }, "id": "82a26d6a-acc2-4074-92ec-4f6d9d0c8e03:33c4dae1-084a-4b1a-af16-62dd499a43db:9a47489b-9824-4694-94f2-17e70183d989", "roles": [ "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5" ] } ], "shared": { "owner": { "user": { "displayName": "Admin", "id": "33c4dae1-084a-4b1a-af16-62dd499a43db" } }, "sharedBy": { "user": { "displayName": "Admin", "id": "33c4dae1-084a-4b1a-af16-62dd499a43db" } }, "sharedDateTime": "2023-12-18T16:54:16.068284+01:00" } } } ] }Types of changes
Checklist: