From 21135ae50bdc395cc790f45bcdd5587eb38e38a4 Mon Sep 17 00:00:00 2001 From: Giuseppe Lo Presti Date: Mon, 2 Dec 2024 15:32:43 +0100 Subject: [PATCH] Remove shadow namespace and externalize create_home and user quota logic to script * Replaced home creation function with external script * Removed shadow namespace and related code * eosfs: also removed user quota logic, externalized to the create_home_hook script --- pkg/eosclient/eosgrpc/eosgrpc.go | 6 +- pkg/storage/utils/eosfs/config.go | 27 +-- pkg/storage/utils/eosfs/eosfs.go | 368 ++++-------------------------- pkg/storage/utils/eosfs/upload.go | 4 - 4 files changed, 44 insertions(+), 361 deletions(-) diff --git a/pkg/eosclient/eosgrpc/eosgrpc.go b/pkg/eosclient/eosgrpc/eosgrpc.go index e23e99d15e..634adfaf26 100644 --- a/pkg/eosclient/eosgrpc/eosgrpc.go +++ b/pkg/eosclient/eosgrpc/eosgrpc.go @@ -840,13 +840,9 @@ func (c *Client) GetQuota(ctx context.Context, username string, rootAuth eosclie return nil, errtypes.InternalError(fmt.Sprintf("Quota error from eos. info: '%#v'", resp.Quota)) } - qi := new(eosclient.QuotaInfo) - if resp == nil { - return nil, errtypes.InternalError("Out of memory") - } - // Let's loop on all the quotas that match this uid (apparently there can be many) // If there are many for this node, we sum them up + qi := new(eosclient.QuotaInfo) for i := 0; i < len(resp.Quota.Quotanode); i++ { log.Debug().Str("func", "GetQuota").Str("quotanode:", fmt.Sprintf("%d: %#v", i, resp.Quota.Quotanode[i])).Msg("") diff --git a/pkg/storage/utils/eosfs/config.go b/pkg/storage/utils/eosfs/config.go index 6017edf671..86b54c7496 100644 --- a/pkg/storage/utils/eosfs/config.go +++ b/pkg/storage/utils/eosfs/config.go @@ -26,25 +26,6 @@ type Config struct { // QuotaNode for storing quota information QuotaNode string `mapstructure:"quota_node"` - // DefaultQuotaBytes sets the default maximum bytes available for a user - DefaultQuotaBytes uint64 `mapstructure:"default_quota_bytes"` - - // DefaultSecondaryQuotaBytes sets the default maximum bytes available for a secondary user - DefaultSecondaryQuotaBytes uint64 `mapstructure:"default_secondary_quota_bytes"` - - // DefaultQuotaFiles sets the default maximum files available for a user - DefaultQuotaFiles uint64 `mapstructure:"default_quota_files"` - - // ShadowNamespace for storing shadow data - ShadowNamespace string `mapstructure:"shadow_namespace"` - - // UploadsNamespace for storing upload data - UploadsNamespace string `mapstructure:"uploads_namespace"` - - // ShareFolder defines the name of the folder in the - // shadowed namespace. Ex: /eos/user/.shadow/h/hugo/MyShares - ShareFolder string `mapstructure:"share_folder"` - // Location of the eos binary. // Default is /usr/bin/eos. EosBinary string `mapstructure:"eos_binary"` @@ -149,9 +130,6 @@ type Config struct { // revisions-related operations. ImpersonateOwnerforRevisions bool `mapstructure:"impersonate_owner_for_revisions"` - // Whether to enable the post create home hook - EnablePostCreateHomeHook bool `mapstructure:"enable_post_create_home_hook"` - // HTTP connections to EOS: max number of idle conns MaxIdleConns int `mapstructure:"max_idle_conns"` @@ -177,8 +155,9 @@ type Config struct { // Default is 3600 TokenExpiry int - // Path of the script to run after an user home folder has been created - OnPostCreateHomeHook string `mapstructure:"on_post_create_home_hook"` + // Path of the script to run in order to create a user home folder + // TODO(lopresti): to be replaced by a call to the Resource Lifecycle API being developed + CreateHomeHook string `mapstructure:"create_home_hook"` // Maximum entries count a ListRecycle call may return: if exceeded, ListRecycle // will return a BadRequest error diff --git a/pkg/storage/utils/eosfs/eosfs.go b/pkg/storage/utils/eosfs/eosfs.go index 9a33e99227..7abeef3ada 100644 --- a/pkg/storage/utils/eosfs/eosfs.go +++ b/pkg/storage/utils/eosfs/eosfs.go @@ -86,31 +86,11 @@ func (c *Config) ApplyDefaults() { c.Namespace = "/" } - if c.ShadowNamespace == "" { - c.ShadowNamespace = path.Join(c.Namespace, ".shadow") - } - // Quota node defaults to namespace if empty if c.QuotaNode == "" { c.QuotaNode = c.Namespace } - if c.DefaultQuotaBytes == 0 { - c.DefaultQuotaBytes = 2000000000000 // 1 TB logical - } - if c.DefaultSecondaryQuotaBytes == 0 { - c.DefaultSecondaryQuotaBytes = c.DefaultQuotaBytes - } - if c.DefaultQuotaFiles == 0 { - c.DefaultQuotaFiles = 1000000 // 1 Million - } - - if c.ShareFolder == "" { - c.ShareFolder = "/MyShares" - } - // ensure share folder always starts with slash - c.ShareFolder = path.Join("/", c.ShareFolder) - if c.EosBinary == "" { c.EosBinary = "/usr/bin/eos" } @@ -289,50 +269,27 @@ func getUser(ctx context.Context) (*userpb.User, error) { func (fs *eosfs) getLayout(ctx context.Context) (layout string) { if fs.conf.EnableHome { - u, err := getUser(ctx) - if err != nil { - panic(err) - } + u := appctx.ContextMustGetUser(ctx) layout = templates.WithUser(u, fs.conf.UserLayout) } return } -func (fs *eosfs) getInternalHome(ctx context.Context) (string, error) { +func (fs *eosfs) getInternalHome(ctx context.Context) string { if !fs.conf.EnableHome { - return "", errtypes.NotSupported("eos: get home not supported") - } - - u, err := getUser(ctx) - if err != nil { - err = errors.Wrap(err, "eosfs: wrap: no user in ctx and home is enabled") - return "", err + // TODO(lopresti): this is to be removed as we always want to support home, + // cf. https://github.com/cs3org/reva/pull/4940 + return "/" } + u := appctx.ContextMustGetUser(ctx) relativeHome := templates.WithUser(u, fs.conf.UserLayout) - return relativeHome, nil -} - -func (fs *eosfs) wrapShadow(ctx context.Context, fn string) (internal string) { - if fs.conf.EnableHome { - layout, err := fs.getInternalHome(ctx) - if err != nil { - panic(err) - } - internal = path.Join(fs.conf.ShadowNamespace, layout, fn) - } else { - internal = path.Join(fs.conf.ShadowNamespace, fn) - } - return + return relativeHome } func (fs *eosfs) wrap(ctx context.Context, fn string) (internal string) { if fs.conf.EnableHome { - layout, err := fs.getInternalHome(ctx) - if err != nil { - panic(err) - } - internal = path.Join(fs.conf.Namespace, layout, fn) + internal = path.Join(fs.conf.Namespace, fs.getInternalHome(ctx), fn) } else { internal = path.Join(fs.conf.Namespace, fn) } @@ -344,7 +301,7 @@ func (fs *eosfs) wrap(ctx context.Context, fn string) (internal string) { func (fs *eosfs) unwrap(ctx context.Context, internal string) (string, error) { log := appctx.GetLogger(ctx) layout := fs.getLayout(ctx) - ns, err := fs.getNsMatch(internal, []string{fs.conf.Namespace, fs.conf.ShadowNamespace}) + ns, err := fs.getNsMatch(internal, []string{fs.conf.Namespace}) if err != nil { return "", err } @@ -388,39 +345,17 @@ func (fs *eosfs) unwrapInternal(ctx context.Context, ns, np, layout string) (str return external, nil } -func (fs *eosfs) resolveRefForbidShareFolder(ctx context.Context, ref *provider.Reference) (string, eosclient.Authorization, error) { - p, err := fs.resolve(ctx, ref) - if err != nil { - return "", eosclient.Authorization{}, errors.Wrap(err, "eosfs: error resolving reference") - } - if fs.isShareFolder(ctx, p) { - return "", eosclient.Authorization{}, errtypes.PermissionDenied("eosfs: cannot perform operation under the virtual share folder") - } - fn := fs.wrap(ctx, p) - - u, err := getUser(ctx) - if err != nil { - return "", eosclient.Authorization{}, errors.Wrap(err, "eosfs: no user in ctx") - } - auth, err := fs.getUserAuth(ctx, u, fn) - if err != nil { - return "", eosclient.Authorization{}, err - } - - return fn, auth, nil -} - func (fs *eosfs) resolveRefAndGetAuth(ctx context.Context, ref *provider.Reference) (string, eosclient.Authorization, error) { p, err := fs.resolve(ctx, ref) if err != nil { return "", eosclient.Authorization{}, errors.Wrap(err, "eosfs: error resolving reference") } - fn := fs.wrap(ctx, p) u, err := getUser(ctx) if err != nil { return "", eosclient.Authorization{}, errors.Wrap(err, "eosfs: no user in ctx") } + fn := fs.wrap(ctx, p) auth, err := fs.getUserAuth(ctx, u, fn) if err != nil { return "", eosclient.Authorization{}, err @@ -463,20 +398,6 @@ func (fs *eosfs) getPath(ctx context.Context, id *provider.ResourceId) (string, return fs.unwrap(ctx, eosFileInfo.File) } -func (fs *eosfs) isShareFolder(ctx context.Context, p string) bool { - return strings.HasPrefix(p, fs.conf.ShareFolder) -} - -func (fs *eosfs) isShareFolderRoot(ctx context.Context, p string) bool { - return path.Clean(p) == fs.conf.ShareFolder -} - -func (fs *eosfs) isShareFolderChild(ctx context.Context, p string) bool { - p = path.Clean(p) - vals := strings.Split(p, fs.conf.ShareFolder+"/") - return len(vals) > 1 && vals[1] != "" -} - func (fs *eosfs) GetPathByID(ctx context.Context, id *provider.ResourceId) (string, error) { fid, err := strconv.ParseUint(id.OpaqueId, 10, 64) if err != nil { @@ -668,8 +589,6 @@ func (fs *eosfs) GetLock(ctx context.Context, ref *provider.Reference) (*provide if err != nil { return nil, errors.Wrap(err, "eosfs: error resolving reference") } - path = fs.wrap(ctx, path) - user, err := getUser(ctx) if err != nil { return nil, errors.Wrap(err, "eosfs: no user in ctx") @@ -685,6 +604,7 @@ func (fs *eosfs) GetLock(ctx context.Context, ref *provider.Reference) (*provide return nil, errtypes.BadRequest("user has no read access on resource") } + path = fs.wrap(ctx, path) return fs.getLock(ctx, user, path, ref) } @@ -731,7 +651,6 @@ func (fs *eosfs) SetLock(ctx context.Context, ref *provider.Reference, l *provid if err != nil { return errors.Wrap(err, "eosfs: error resolving reference") } - path = fs.wrap(ctx, path) user, err := getUser(ctx) if err != nil { @@ -762,6 +681,7 @@ func (fs *eosfs) SetLock(ctx context.Context, ref *provider.Reference, l *provid } } + path = fs.wrap(ctx, path) return fs.setLock(ctx, l, path) } @@ -1227,13 +1147,6 @@ func (fs *eosfs) GetMD(ctx context.Context, ref *provider.Reference, mdKeys []st return fs.convertToResourceInfo(ctx, eosFileInfo) } - // if path is home we need to add in the response any shadow folder in the shadow homedirectory. - if fs.conf.EnableHome { - if fs.isShareFolder(ctx, p) { - return fs.getMDShareFolder(ctx, p, mdKeys) - } - } - eosFileInfo, err := fs.c.GetFileInfoByPath(ctx, auth, fn) if err != nil { return nil, err @@ -1242,45 +1155,12 @@ func (fs *eosfs) GetMD(ctx context.Context, ref *provider.Reference, mdKeys []st return fs.convertToResourceInfo(ctx, eosFileInfo) } -func (fs *eosfs) getMDShareFolder(ctx context.Context, p string, mdKeys []string) (*provider.ResourceInfo, error) { - fn := fs.wrapShadow(ctx, p) - - auth := utils.GetDaemonAuth() - - eosFileInfo, err := fs.c.GetFileInfoByPath(ctx, auth, fn) - if err != nil { - return nil, err - } - - if fs.isShareFolderRoot(ctx, p) { - return fs.convertToResourceInfo(ctx, eosFileInfo) - } - return fs.convertToFileReference(ctx, eosFileInfo) -} - func (fs *eosfs) ListFolder(ctx context.Context, ref *provider.Reference, mdKeys []string) ([]*provider.ResourceInfo, error) { p, err := fs.resolve(ctx, ref) if err != nil { return nil, errors.Wrap(err, "eosfs: error resolving reference") } - if fs.conf.EnableHome { - return fs.listWithHome(ctx, p) - } - - return fs.listWithNominalHome(ctx, p) -} - -func (fs *eosfs) listWithHome(ctx context.Context, p string) ([]*provider.ResourceInfo, error) { - if fs.isShareFolderRoot(ctx, p) { - return fs.listShareFolderRoot(ctx, p) - } - - if fs.isShareFolderChild(ctx, p) { - return nil, errtypes.PermissionDenied("eos: error listing folders inside the shared folder, only file references are stored inside") - } - - // path points to a resource in the nominal home return fs.listWithNominalHome(ctx, p) } @@ -1323,41 +1203,6 @@ func (fs *eosfs) listWithNominalHome(ctx context.Context, p string) (finfos []*p return finfos, nil } -func (fs *eosfs) listShareFolderRoot(ctx context.Context, p string) (finfos []*provider.ResourceInfo, err error) { - fn := fs.wrapShadow(ctx, p) - - u, err := getUser(ctx) - if err != nil { - return nil, errors.Wrap(err, "eosfs: no user in ctx") - } - // lightweight accounts don't have share folders, so we're passing an empty string as path - auth, err := fs.getUserAuth(ctx, u, "") - if err != nil { - return nil, err - } - - eosFileInfos, err := fs.c.List(ctx, auth, fn) - if err != nil { - return nil, errors.Wrap(err, "eosfs: error listing") - } - - for _, eosFileInfo := range eosFileInfos { - // filter out sys files - if !fs.conf.ShowHiddenSysFiles { - base := path.Base(eosFileInfo.File) - if hiddenReg.MatchString(base) { - continue - } - } - - if finfo, err := fs.convertToFileReference(ctx, eosFileInfo); err == nil { - finfos = append(finfos, finfo) - } - } - - return finfos, nil -} - // CreateStorageSpace creates a storage space. func (fs *eosfs) CreateStorageSpace(ctx context.Context, req *provider.CreateStorageSpaceRequest) (*provider.CreateStorageSpaceResponse, error) { return nil, fmt.Errorf("unimplemented: CreateStorageSpace") @@ -1394,37 +1239,6 @@ func (fs *eosfs) GetHome(ctx context.Context) (string, error) { return "/", nil } -func (fs *eosfs) createShadowHome(ctx context.Context) error { - u, err := getUser(ctx) - if err != nil { - return errors.Wrap(err, "eosfs: no user in ctx") - } - - daemonAuth := utils.GetDaemonAuth() - - home := fs.wrapShadow(ctx, "/") - shadowFolders := []string{fs.conf.ShareFolder} - - for _, sf := range shadowFolders { - fn := path.Join(home, sf) - _, err = fs.c.GetFileInfoByPath(ctx, daemonAuth, fn) - if err != nil { - if _, ok := err.(errtypes.IsNotFound); !ok { - return errors.Wrap(err, "eosfs: error verifying if shadow directory exists") - } - err = fs.createUserDir(ctx, u, fn, false) - if err != nil { - return err - } - } - } - - log := appctx.GetLogger(ctx) - log.Info().Str("home", home).Interface("user", u.Id).Msg("created shadow home") - - return nil -} - func (fs *eosfs) createNominalHome(ctx context.Context) error { home := fs.wrap(ctx, "/") @@ -1432,17 +1246,13 @@ func (fs *eosfs) createNominalHome(ctx context.Context) error { if err != nil { return errors.Wrap(err, "eosfs: no user in ctx") } + auth, err := fs.getUserAuth(ctx, u, "") if err != nil { return err } - rootAuth, err := fs.getRootAuth(ctx) - if err != nil { - return nil - } - - _, err = fs.c.GetFileInfoByPath(ctx, rootAuth, home) + _, err = fs.c.GetFileInfoByPath(ctx, auth, home) if err == nil { // home already exists return nil } @@ -1451,41 +1261,21 @@ func (fs *eosfs) createNominalHome(ctx context.Context) error { return errors.Wrap(err, "eosfs: error verifying if user home directory exists") } - err = fs.createUserDir(ctx, u, home, false) - if err != nil { - err := errors.Wrap(err, "eosfs: error creating user dir") - return err - } - - // set quota for user, depending on its type - quotaBytes := fs.conf.DefaultQuotaBytes - if u.Id.Type != userpb.UserType_USER_TYPE_PRIMARY { - quotaBytes = fs.conf.DefaultSecondaryQuotaBytes - } - quotaInfo := &eosclient.SetQuotaInfo{ - Username: u.Username, - UID: auth.Role.UID, - GID: auth.Role.GID, - MaxBytes: quotaBytes, - MaxFiles: fs.conf.DefaultQuotaFiles, - QuotaNode: fs.conf.QuotaNode, - } - - err = fs.c.SetQuota(ctx, rootAuth, quotaInfo) - if err != nil { - err := errors.Wrap(err, "eosfs: error setting quota") - return err - } + log := appctx.GetLogger(ctx) + log.Info().Interface("user", u.Id).Msg("creating user home") - if fs.conf.EnablePostCreateHomeHook { - if err := fs.runPostCreateHomeHook(ctx); err != nil { - return errors.Wrap(err, "eosfs: error running post create home hook") + if fs.conf.CreateHomeHook != "" { + hook := exec.Command(fs.conf.CreateHomeHook, u.Username, utils.UserTypeToString(u.Id.Type)) + err = hook.Run() + log.Info().Interface("output", hook.Stdout).Err(err).Msg("create_home_hook output") + if err != nil { + return errors.Wrap(err, "eosfs: error running create home hook") } + } else { + log.Fatal().Msg("create_home_hook not configured") + return errtypes.NotFound("eosfs: create home hook not configured") } - log := appctx.GetLogger(ctx) - log.Info().Interface("quotaInfo", quotaInfo).Interface("user", u.Id).Msg("created nominal home") - return nil } @@ -1498,18 +1288,9 @@ func (fs *eosfs) CreateHome(ctx context.Context) error { return errors.Wrap(err, "eosfs: error creating nominal home") } - if err := fs.createShadowHome(ctx); err != nil { - return errors.Wrap(err, "eosfs: error creating shadow home") - } - return nil } -func (fs *eosfs) runPostCreateHomeHook(ctx context.Context) error { - user := appctx.ContextMustGetUser(ctx) - return exec.Command(fs.conf.OnPostCreateHomeHook, user.Username).Run() -} - func (fs *eosfs) createUserDir(ctx context.Context, u *userpb.User, path string, recursiveAttr bool) error { rootAuth, err := fs.getRootAuth(ctx) if err != nil { @@ -1572,15 +1353,11 @@ func (fs *eosfs) createUserDir(ctx context.Context, u *userpb.User, path string, func (fs *eosfs) CreateDir(ctx context.Context, ref *provider.Reference) error { log := appctx.GetLogger(ctx) + p, err := fs.resolve(ctx, ref) if err != nil { return errors.Wrap(err, "eosfs: error resolving reference") } - if fs.isShareFolder(ctx, p) { - return errtypes.PermissionDenied("eosfs: cannot perform operation under the virtual share folder") - } - fn := fs.wrap(ctx, p) - u, err := getUser(ctx) if err != nil { return errors.Wrap(err, "eosfs: no user in ctx") @@ -1588,6 +1365,7 @@ func (fs *eosfs) CreateDir(ctx context.Context, ref *provider.Reference) error { // We need the auth corresponding to the parent directory // as the file might not exist at the moment + fn := fs.wrap(ctx, p) auth, err := fs.getUserAuth(ctx, u, path.Dir(fn)) if err != nil { return err @@ -1611,25 +1389,19 @@ func (fs *eosfs) TouchFile(ctx context.Context, ref *provider.Reference) error { } func (fs *eosfs) CreateReference(ctx context.Context, p string, targetURI *url.URL) error { - // TODO(labkode): for the time being we only allow creating references - // in the virtual share folder to not pollute the nominal user tree. - if !fs.isShareFolder(ctx, p) { - return errtypes.PermissionDenied("eosfs: cannot create references outside the share folder: share_folder=" + fs.conf.ShareFolder + " path=" + p) - } - u, err := getUser(ctx) + _, err := getUser(ctx) if err != nil { return errors.Wrap(err, "eosfs: no user in ctx") } - fn := fs.wrapShadow(ctx, p) - // TODO(labkode): with the grpc plugin we can create a file touching with xattrs. - // Current mechanism is: touch to hidden dir, set xattr, rename. + // Current mechanism is: touch to hidden location, set xattr, rename. + fn := fs.wrap(ctx, p) dir, base := path.Split(fn) tmp := path.Join(dir, fmt.Sprintf(".sys.reva#.%s", base)) cboxAuth := utils.GetEmptyAuth() - if err := fs.createUserDir(ctx, u, tmp, false); err != nil { + if err := fs.c.CreateDir(ctx, cboxAuth, tmp); err != nil { err = errors.Wrapf(err, "eosfs: error creating temporary ref file") return err } @@ -1660,17 +1432,12 @@ func (fs *eosfs) Delete(ctx context.Context, ref *provider.Reference) error { if err != nil { return errors.Wrap(err, "eosfs: error resolving reference") } - - if fs.isShareFolder(ctx, p) { - return fs.deleteShadow(ctx, p) - } - - fn := fs.wrap(ctx, p) - u, err := getUser(ctx) if err != nil { return errors.Wrap(err, "eosfs: no user in ctx") } + + fn := fs.wrap(ctx, p) auth, err := fs.getUserAuth(ctx, u, fn) if err != nil { return err @@ -1679,50 +1446,23 @@ func (fs *eosfs) Delete(ctx context.Context, ref *provider.Reference) error { return fs.c.Remove(ctx, auth, fn, false) } -func (fs *eosfs) deleteShadow(ctx context.Context, p string) error { - if fs.isShareFolderRoot(ctx, p) { - return errtypes.PermissionDenied("eosfs: cannot delete the virtual share folder") - } - - if fs.isShareFolderChild(ctx, p) { - fn := fs.wrapShadow(ctx, p) - - // in order to remove the folder or the file without - // moving it to the recycle bin, we should take - // the privileges of the root - auth, err := fs.getRootAuth(ctx) - if err != nil { - return err - } - - return fs.c.Remove(ctx, auth, fn, true) +func (fs *eosfs) Move(ctx context.Context, oldRef, newRef *provider.Reference) error { + u, err := getUser(ctx) + if err != nil { + return errors.Wrap(err, "eosfs: no user in ctx") } - return errors.New("eosfs: shadow delete of share folder that is neither root nor child. path=" + p) -} - -func (fs *eosfs) Move(ctx context.Context, oldRef, newRef *provider.Reference) error { oldPath, err := fs.resolve(ctx, oldRef) if err != nil { return errors.Wrap(err, "eosfs: error resolving reference") } - newPath, err := fs.resolve(ctx, newRef) if err != nil { return errors.Wrap(err, "eosfs: error resolving reference") } - if fs.isShareFolder(ctx, oldPath) || fs.isShareFolder(ctx, newPath) { - return fs.moveShadow(ctx, oldPath, newPath) - } - oldFn := fs.wrap(ctx, oldPath) newFn := fs.wrap(ctx, newPath) - - u, err := getUser(ctx) - if err != nil { - return errors.Wrap(err, "eosfs: no user in ctx") - } auth, err := fs.getUserAuth(ctx, u, oldFn) if err != nil { return err @@ -1731,36 +1471,8 @@ func (fs *eosfs) Move(ctx context.Context, oldRef, newRef *provider.Reference) e return fs.c.Rename(ctx, auth, oldFn, newFn) } -func (fs *eosfs) moveShadow(ctx context.Context, oldPath, newPath string) error { - if fs.isShareFolderRoot(ctx, oldPath) || fs.isShareFolderRoot(ctx, newPath) { - return errtypes.PermissionDenied("eosfs: cannot move/rename the virtual share folder") - } - - // only rename of the reference is allowed, hence having the same basedir - bold, _ := path.Split(oldPath) - bnew, _ := path.Split(newPath) - - if bold != bnew { - return errtypes.PermissionDenied("eosfs: cannot move references under the virtual share folder") - } - - oldfn := fs.wrapShadow(ctx, oldPath) - newfn := fs.wrapShadow(ctx, newPath) - - u, err := getUser(ctx) - if err != nil { - return errors.Wrap(err, "eosfs: no user in ctx") - } - auth, err := fs.getUserAuth(ctx, u, "") - if err != nil { - return err - } - - return fs.c.Rename(ctx, auth, oldfn, newfn) -} - func (fs *eosfs) Download(ctx context.Context, ref *provider.Reference) (io.ReadCloser, error) { - fn, auth, err := fs.resolveRefForbidShareFolder(ctx, ref) + fn, auth, err := fs.resolveRefAndGetAuth(ctx, ref) if err != nil { return nil, err } @@ -1837,7 +1549,7 @@ func (fs *eosfs) DownloadRevision(ctx context.Context, ref *provider.Reference, return nil, errtypes.PermissionDenied("eosfs: user doesn't have permissions to download revisions") } } else { - fn, auth, err = fs.resolveRefForbidShareFolder(ctx, ref) + fn, auth, err = fs.resolveRefAndGetAuth(ctx, ref) if err != nil { return nil, err } @@ -1870,7 +1582,7 @@ func (fs *eosfs) RestoreRevision(ctx context.Context, ref *provider.Reference, r return errtypes.PermissionDenied("eosfs: user doesn't have permissions to restore revisions") } } else { - fn, auth, err = fs.resolveRefForbidShareFolder(ctx, ref) + fn, auth, err = fs.resolveRefAndGetAuth(ctx, ref) if err != nil { return err } diff --git a/pkg/storage/utils/eosfs/upload.go b/pkg/storage/utils/eosfs/upload.go index fb46c2699d..5de666ae97 100644 --- a/pkg/storage/utils/eosfs/upload.go +++ b/pkg/storage/utils/eosfs/upload.go @@ -36,10 +36,6 @@ func (fs *eosfs) Upload(ctx context.Context, ref *provider.Reference, r io.ReadC return errors.Wrap(err, "eos: error resolving reference") } - if fs.isShareFolder(ctx, p) { - return errtypes.PermissionDenied("eos: cannot upload under the virtual share folder") - } - ok, err := chunking.IsChunked(p) if err != nil { return errors.Wrap(err, "eos: error checking path")