no need to introduce dedicated roles

Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
owncloud · Aug 13, 2024 · 0c766c3 · 0c766c3
1 parent 8da4e26
commit 0c766c3
Show file tree

Hide file tree

Showing 4 changed files with 195 additions and 268 deletions.
diff --git a/services/graph/pkg/unifiedrole/unifiedrole.go b/services/graph/pkg/unifiedrole/unifiedrole.go
@@ -156,6 +156,14 @@ func NewViewerUnifiedRole() *libregraph.UnifiedRoleDefinition {
 				AllowedResourceActions: convert(r),
 				Condition:              proto.String(UnifiedRoleConditionFolder),
 			},
+			{
+				AllowedResourceActions: convert(r),
+				Condition:              proto.String(UnifiedRoleConditionFileFederatedUser),
+			},
+			{
+				AllowedResourceActions: convert(r),
+				Condition:              proto.String(UnifiedRoleConditionFolderFederatedUser),
+			},
 		},
 		LibreGraphWeight: proto.Int32(0),
 	}
@@ -190,6 +198,10 @@ func NewEditorUnifiedRole() *libregraph.UnifiedRoleDefinition {
 				AllowedResourceActions: convert(r),
 				Condition:              proto.String(UnifiedRoleConditionFolder),
 			},
+			{
+				AllowedResourceActions: convert(r),
+				Condition:              proto.String(UnifiedRoleConditionFolderFederatedUser),
+			},
 		},
 		LibreGraphWeight: proto.Int32(0),
 	}
@@ -224,6 +236,10 @@ func NewFileEditorUnifiedRole() *libregraph.UnifiedRoleDefinition {
 				AllowedResourceActions: convert(r),
 				Condition:              proto.String(UnifiedRoleConditionFile),
 			},
+			{
+				AllowedResourceActions: convert(r),
+				Condition:              proto.String(UnifiedRoleConditionFileFederatedUser),
+			},
 		},
 		LibreGraphWeight: proto.Int32(0),
 	}
@@ -284,48 +300,6 @@ func NewSecureViewerUnifiedRole() *libregraph.UnifiedRoleDefinition {
 	}
 }
 
-// NewFederatedViewerUnifiedRole creates a federated viewer role
-func NewFederatedViewerUnifiedRole() *libregraph.UnifiedRoleDefinition {
-	r := conversions.NewViewerRole()
-	return &libregraph.UnifiedRoleDefinition{
-		Id:          proto.String(UnifiedRoleFederatedViewerID),
-		Description: proto.String("View and download."),
-		DisplayName: displayName(r),
-		RolePermissions: []libregraph.UnifiedRolePermission{
-			{
-				AllowedResourceActions: convert(r),
-				Condition:              proto.String(UnifiedRoleConditionFileFederatedUser),
-			},
-			{
-				AllowedResourceActions: convert(r),
-				Condition:              proto.String(UnifiedRoleConditionFolderFederatedUser),
-			},
-		},
-		LibreGraphWeight: proto.Int32(0),
-	}
-}
-
-// NewFederatedEditorUnifiedRole creates a federated editor role
-func NewFederatedEditorUnifiedRole() *libregraph.UnifiedRoleDefinition {
-	r := conversions.NewEditorRole()
-	return &libregraph.UnifiedRoleDefinition{
-		Id:          proto.String(UnifiedRoleFederatedEditorID),
-		Description: proto.String("View, download and edit."),
-		DisplayName: displayName(r),
-		RolePermissions: []libregraph.UnifiedRolePermission{
-			{
-				AllowedResourceActions: convert(r),
-				Condition:              proto.String(UnifiedRoleConditionFileFederatedUser),
-			},
-			{
-				AllowedResourceActions: convert(r),
-				Condition:              proto.String(UnifiedRoleConditionFolderFederatedUser),
-			},
-		},
-		LibreGraphWeight: proto.Int32(0),
-	}
-}
-
 // NewUnifiedRoleFromID returns a unified role definition from the provided id
 func NewUnifiedRoleFromID(id string) (*libregraph.UnifiedRoleDefinition, error) {
 	for _, definition := range GetBuiltinRoleDefinitionList() {
@@ -349,8 +323,6 @@ func GetBuiltinRoleDefinitionList() []*libregraph.UnifiedRoleDefinition {
 		NewEditorLiteUnifiedRole(),
 		NewManagerUnifiedRole(),
 		NewSecureViewerUnifiedRole(),
-		NewFederatedViewerUnifiedRole(),
-		NewFederatedEditorUnifiedRole(),
 	}
 }
 

diff --git a/services/graph/pkg/unifiedrole/unifiedrole_test.go b/services/graph/pkg/unifiedrole/unifiedrole_test.go
@@ -155,22 +155,34 @@ var _ = Describe("unifiedroles", func() {
 			),
 
 			Entry(
-				"FederatedViewerUnifiedRole | share",
-				rolesToAction(unifiedrole.NewFederatedViewerUnifiedRole()),
+				"ViewerUnifiedRole | share",
+				rolesToAction(unifiedrole.NewViewerUnifiedRole()),
 				unifiedrole.UnifiedRoleConditionFile,
 				true,
 				[]*libregraph.UnifiedRoleDefinition{
-					unifiedrole.NewFederatedViewerUnifiedRole(),
+					unifiedrole.NewViewerUnifiedRole(),
 				},
 			),
+
 			Entry(
-				"FederatedEditorUnifiedRole | share",
-				rolesToAction(unifiedrole.NewFederatedEditorUnifiedRole()),
+				"EditorUnifiedRole | share folder",
+				rolesToAction(unifiedrole.NewEditorUnifiedRole()),
+				unifiedrole.UnifiedRoleConditionFolder,
+				true,
+				[]*libregraph.UnifiedRoleDefinition{
+					unifiedrole.NewViewerUnifiedRole(),
+					unifiedrole.NewEditorUnifiedRole(),
+				},
+			),
+
+			Entry(
+				"EditorUnifiedRole | share file",
+				rolesToAction(unifiedrole.NewEditorUnifiedRole()),
 				unifiedrole.UnifiedRoleConditionFile,
 				true,
 				[]*libregraph.UnifiedRoleDefinition{
-					unifiedrole.NewFederatedViewerUnifiedRole(),
-					unifiedrole.NewFederatedEditorUnifiedRole(),
+					unifiedrole.NewViewerUnifiedRole(),
+					unifiedrole.NewFileEditorUnifiedRole(),
 				},
 			),
 

diff --git a/services/storage-users/pkg/revaconfig/drivers.go b/services/storage-users/pkg/revaconfig/drivers.go
@@ -146,6 +146,12 @@ func OwnCloudSQL(cfg *config.Config) map[string]interface{} {
 		"dbport":          cfg.Drivers.OwnCloudSQL.DBPort,
 		"dbname":          cfg.Drivers.OwnCloudSQL.DBName,
 		"userprovidersvc": cfg.Drivers.OwnCloudSQL.UsersProviderEndpoint,
+		"tokens": map[string]interface{}{
+			"download_endpoint":      cfg.DataServerURL,
+			"datagateway_endpoint":   cfg.DataGatewayURL,
+			"transfer_shared_secret": cfg.Commons.TransferSecret,
+			"transfer_expires":       cfg.TransferExpires,
+		},
 	}
 }