-
Notifications
You must be signed in to change notification settings - Fork 180
/
handler-acl-content-lock.go
92 lines (80 loc) · 3.38 KB
/
handler-acl-content-lock.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
/*
* Copyright (c) 2019-2021. Abstrium SAS <team (at) pydio.com>
* This file is part of Pydio Cells.
*
* Pydio Cells is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Pydio Cells is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Pydio Cells. If not, see <http://www.gnu.org/licenses/>.
*
* The latest code can be found at <https://pydio.com>.
*/
package acl
import (
"context"
"io"
"github.com/pydio/cells/v4/common/nodes/abstract"
"github.com/pydio/cells/v4/common/nodes"
"github.com/pydio/cells/v4/common/nodes/models"
"github.com/pydio/cells/v4/common/proto/tree"
"github.com/pydio/cells/v4/common/utils/permissions"
)
func WithContentLockFilter() nodes.Option {
return func(options *nodes.RouterOptions) {
if !options.AdminView {
options.Wrappers = append(options.Wrappers, &ContentLockFilter{})
}
}
}
// ContentLockFilter checks for user-defined content locks in the context AccessList.
type ContentLockFilter struct {
abstract.Handler
}
func (a *ContentLockFilter) Adapt(h nodes.Handler, options nodes.RouterOptions) nodes.Handler {
a.AdaptOptions(h, options)
return a
}
// PutObject check locks before allowing Put operation.
func (a *ContentLockFilter) PutObject(ctx context.Context, node *tree.Node, reader io.Reader, requestData *models.PutRequestData) (models.ObjectInfo, error) {
if branchInfo, ok := nodes.GetBranchInfo(ctx, "in"); ok && branchInfo.IsInternal() {
return a.Next.PutObject(ctx, node, reader, requestData)
}
if err := permissions.CheckContentLock(ctx, node); err != nil {
return models.ObjectInfo{}, err
}
return a.Next.PutObject(ctx, node, reader, requestData)
}
func (a *ContentLockFilter) MultipartCreate(ctx context.Context, target *tree.Node, requestData *models.MultipartRequestData) (string, error) {
if branchInfo, ok := nodes.GetBranchInfo(ctx, "in"); ok && branchInfo.IsInternal() {
return a.Next.MultipartCreate(ctx, target, requestData)
}
if err := permissions.CheckContentLock(ctx, target); err != nil {
return "", err
}
return a.Next.MultipartCreate(ctx, target, requestData)
}
// CopyObject should check: quota on CopyObject operation? Can we copy an object on top of an existing node?
func (a *ContentLockFilter) CopyObject(ctx context.Context, from *tree.Node, to *tree.Node, requestData *models.CopyRequestData) (models.ObjectInfo, error) {
return a.Next.CopyObject(ctx, from, to, requestData)
}
func (a *ContentLockFilter) WrappedCanApply(srcCtx context.Context, targetCtx context.Context, operation *tree.NodeChangeEvent) error {
var lockErr error
switch operation.GetType() {
case tree.NodeChangeEvent_CREATE, tree.NodeChangeEvent_UPDATE_CONTENT:
lockErr = permissions.CheckContentLock(targetCtx, operation.GetTarget())
case tree.NodeChangeEvent_DELETE, tree.NodeChangeEvent_UPDATE_PATH:
lockErr = permissions.CheckContentLock(srcCtx, operation.GetSource())
}
if lockErr != nil {
return lockErr
}
return a.Next.WrappedCanApply(srcCtx, targetCtx, operation)
}