eliott/ocis
1
0
Fork 0
mirror of https://github.com/owncloud/ocis synced 2026-04-26 01:35:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: fix deny access to prevent a regression

Browse Source
This commit is contained in:
Michael Barz
2024-11-22 09:54:12 +01:00
parent 271455703b
commit bac2256c5f
11 changed files with 126 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
services/graph/pkg/service/v0/base.go
View File

@@ -482,6 +482,10 @@ func (g BaseGraphService) cs3UserShareToPermission(ctx context.Context, share *c
perm.SetRoles([]string{role.GetId()})
} else {
actions := unifiedrole.CS3ResourcePermissionsToLibregraphActions(share.GetPermissions().GetPermissions())
// neither a role nor actions are set, we need to return "none" as a hint in the actions
if len(actions) == 0 {
actions = []string{"none"}
}
perm.SetLibreGraphPermissionsActions(actions)
perm.SetRoles(nil)
}
@@ -1079,7 +1083,7 @@ func (g BaseGraphService) updateUserShare(ctx context.Context, permissionID stri
}
allowedResourceActions = unifiedrole.GetAllowedResourceActions(role, condition)
if len(allowedResourceActions) == 0 {
if len(allowedResourceActions) == 0 && role.GetId() != unifiedrole.UnifiedRoleDeniedID {
return nil, errorcode.New(errorcode.InvalidRequest, "role not applicable to this resource")
}
}