github.com/cs3org/reva/v2@v2.27.7/pkg/auth/scope/receivedshare.go

github.com/cs3org/reva/v2@v2.27.7/pkg/auth/scope/receivedshare.go (about)

     1  // Copyright 2018-2021 CERN
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  //
    15  // In applying this license, CERN does not waive the privileges and immunities
    16  // granted to it by virtue of its status as an Intergovernmental Organization
    17  // or submit itself to any jurisdiction.
    18  
    19  package scope
    20  
    21  import (
    22  	"context"
    23  	"fmt"
    24  
    25  	authpb "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1"
    26  	collaboration "github.com/cs3org/go-cs3apis/cs3/sharing/collaboration/v1beta1"
    27  	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
    28  	"github.com/cs3org/reva/v2/pkg/errtypes"
    29  	"github.com/cs3org/reva/v2/pkg/utils"
    30  	"github.com/rs/zerolog"
    31  )
    32  
    33  func receivedShareScope(_ context.Context, scope *authpb.Scope, resource interface{}, logger *zerolog.Logger) (bool, error) {
    34  	var share collaboration.ReceivedShare
    35  	err := utils.UnmarshalJSONToProtoV1(scope.Resource.Value, &share)
    36  	if err != nil {
    37  		return false, err
    38  	}
    39  
    40  	switch v := resource.(type) {
    41  	case *collaboration.GetReceivedShareRequest:
    42  		return checkShareRef(share.Share, v.GetRef()), nil
    43  	case *collaboration.UpdateReceivedShareRequest:
    44  		return checkShare(share.Share, v.GetShare().GetShare()), nil
    45  	case string:
    46  		return checkSharePath(v) || checkResourcePath(v), nil
    47  	}
    48  
    49  	msg := fmt.Sprintf("resource type assertion failed: %+v", resource)
    50  	logger.Debug().Str("scope", "receivedShareScope").Msg(msg)
    51  	return false, errtypes.InternalError(msg)
    52  }
    53  
    54  // AddReceivedShareScope adds the scope to allow access to a received user/group share and
    55  // the shared resource.
    56  func AddReceivedShareScope(share *collaboration.ReceivedShare, role authpb.Role, scopes map[string]*authpb.Scope) (map[string]*authpb.Scope, error) {
    57  	// Create a new "scope share" to only expose the required fields to the scope.
    58  	scopeShare := &collaboration.Share{Id: share.Share.Id, Owner: share.Share.Owner, Creator: share.Share.Creator, ResourceId: share.Share.ResourceId}
    59  
    60  	val, err := utils.MarshalProtoV1ToJSON(&collaboration.ReceivedShare{Share: scopeShare})
    61  	if err != nil {
    62  		return nil, err
    63  	}
    64  	if scopes == nil {
    65  		scopes = make(map[string]*authpb.Scope)
    66  	}
    67  	scopes["receivedshare:"+share.Share.Id.OpaqueId] = &authpb.Scope{
    68  		Resource: &types.OpaqueEntry{
    69  			Decoder: "json",
    70  			Value:   val,
    71  		},
    72  		Role: role,
    73  	}
    74  	return scopes, nil
    75  }