-
Notifications
You must be signed in to change notification settings - Fork 164
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: share jail usage for the listSharedWithMe endpoint #8016
fix: share jail usage for the listSharedWithMe endpoint #8016
Conversation
Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes. |
I am still a bit unsure about the partent references we're setting. In case of an accepted share we now return this
|
Trying to build this locally fails with |
2037c18
to
2c09d30
Compare
thanks, please try again, should be fixed now |
The
The part after |
So to detect if a share is accepted or declined we would have to check if The docs say: So with this PR that is not true anymore. |
parentReference.driveId is statResponse.GetInfo().GetSpace().GetRoot() the remote item is only attached if the share is accepted, e.g. ShareState_SHARE_STATE_ACCEPTED but not for ShareState_SHARE_STATE_PENDING and ShareState_SHARE_STATE_REJECTED |
@individual-it, it still misses the @Client.Synchronize property, ill add it tomorrow, can you have a look in the meantime and check if it works for you that way? |
44bf1fc
to
360599f
Compare
Works generally well. id and etag are not present when the share is not accepted and that is the way we discussed it yesterday 👍 |
PR to test this changes in ocis-php-sdk: owncloud/ocis-php-sdk#166 |
@individual-it, contains @Client.Synchronize now but you need to link following pr to build: i keep it in the current state now to discussion it on tuesday with @micbar |
b8d07fe
to
fcc0b26
Compare
@individual-it we had another conversation this morning regarding the
can you please check if thats ok for you and the sdk youre working on? |
i leave this pr in draft state for today to have room for discussion since the topic seems to be controversial. If a drive item is shared to the same grantee, first via group and second directly to the user identity, the share aka driveItem does not get normalized and appears multiple times instead. in a future pr we should only list one drive item and multiple permission entries instead. FollowUp PR needed. At the moment the tests are still disabled, as soon as we have agreed on a status I will adapt all tests FYI: @micbar, @individual-it, @butonic, @rhafer |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Currently both, the outer
driveItem
and the wrappedremoteItem
, contain apermissions
property. Apart from the duplication, I think it's wrong. Only the innerremoteItem
should have that property. - Also I think moving the ui.hidden and @client.synchronize flags from the
permission
property into the theremoteItem
is wrong. Both flags are share specific properties in the CS3 API. If you create a share with a user and that user hides the share and after the same item is share to that user via group membership, the item will be visible again as it is a different share. (We basically need to implement it the same on the libregraph level for permission, as we can't really set a correctui.hidden
value on the remoteitem in cases where multiple shares are received for the same it item. - When one of the received shares is a share from a project space the API will just return a 404 (it seems the owner of the shared item is not a valid userid but the project space id). -> reported as sharing-ng: Emtpy
sharedWithMe
response when received shares contain share from project space #8215
{
"error": {
"code": "itemNotFound",
"innererror": {
"date": "2024-01-10T16:06:33Z",
"request-id": "23a8b0919805/ArGUHkKdIn-000002"
},
"message": "not found"
}
}
27d4d43
to
a05662b
Compare
How would that work with the |
The hidden and synchronized flag need to be part of the permission. |
a05662b
to
9080e53
Compare
According to #6993 (comment) the
Also according to the above linked issue, the I'll rework this PR accordingly. |
2c22d48
to
6054569
Compare
- remove unnecessary stat for accepted items - only display permission actions if the role cannot be resolved - add permission user and group displayName
…graph For readability and reduced complexity of the sharedWithMe method. It was getting too large already.
…emoteItem Sematically the outer driveItem shouldn't carryt the permission. It's the `remoteItem` that reflects the grantee's permissions.
The value of driveItem.remoteItem.shared.Owner should match the owner property of the received share not the owner property of the resourceInfo.
The outer parentreference should refer to the drive containing the mountpoint. In our case this is the storagespaceid of the virtual share jail. Also 'CreatedBy' should be the same as on the wrapped remote item. Not the share creator.
6054569
to
e5c1042
Compare
I am moving this out of draft now. I think it is ready for review. There is still the know bug with shares created from space, but in order to unblock @individual-it from making progress on the php sdk I'd rather handle that in a separate PR. |
remaining issue will be handled in a separate PR
Quality Gate passedThe SonarCloud Quality Gate passed, but some issues were introduced. 4 New issues |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM so far.
Will do some testing after we build an rc.2
Description
The graph beta
ListSharedWithMe
endpoint was rebuilt and now uses the share jail.since the output highly relies on the share state, e.g.
SHARE_STATE_ACCEPTED
SHARE_STATE_PENDING
SHARE_STATE_REJECTED
the implementation looks complicated at first glance which is due to the different states.
The code is intended to serve as a basis for discussion and primarily show whether the right thing is happening here, since the cs3 stat does not return jailed references.
@butonic, If you find time, please take a look at the code to see if it does the right thing.
@individual-it, In the meantime, you can test with the php sdk to see if everything works.
the unit tests will fail at the moment and need to be updated, same for the libregraph api clients (due to missing remoteItem permissions)
Related Issue
sharedWithMe
#7826Motivation and Context
The previous implementation of the graph beta
ListSharedWithMe
had not used the required share jailHow Has This Been Tested?
Output
Types of changes
Checklist: