Fix file system grants

internal/http/services/owncloud/ocs/conversions/main.go

@@ -28,12 +28,12 @@ import (
 
 	"github.com/cs3org/reva/pkg/publicshare"
 	"github.com/cs3org/reva/pkg/user"
-	"github.com/cs3org/reva/pkg/utils"
 
 	grouppb "github.com/cs3org/go-cs3apis/cs3/identity/group/v1beta1"
 	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	collaboration "github.com/cs3org/go-cs3apis/cs3/sharing/collaboration/v1beta1"
 	link "github.com/cs3org/go-cs3apis/cs3/sharing/link/v1beta1"
+	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	publicsharemgr "github.com/cs3org/reva/pkg/publicshare/manager/registry"
 	usermgr "github.com/cs3org/reva/pkg/user/manager/registry"
@@ -180,13 +180,12 @@ func CS3Share2ShareData(ctx context.Context, share *collaboration.Share) (*Share
 		UIDFileOwner: LocalUserIDToString(share.GetOwner()),
 	}
 
-	uid, gid := utils.ExtractGranteeID(share.GetGrantee())
-	if uid != nil {
+	if share.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_USER {
 		sd.ShareType = ShareTypeUser
-		sd.ShareWith = LocalUserIDToString(uid)
-	} else if gid != nil {
+		sd.ShareWith = LocalUserIDToString(share.Grantee.GetUserId())
+	} else if share.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_USER {
 		sd.ShareType = ShareTypeGroup
-		sd.ShareWith = LocalGroupIDToString(gid)
+		sd.ShareWith = LocalGroupIDToString(share.Grantee.GetGroupId())
 	}
 
 	if share.Id != nil {

pkg/cbox/share/sql/conversions.go

@@ -27,20 +27,18 @@ import (
 	collaboration "github.com/cs3org/go-cs3apis/cs3/sharing/collaboration/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	typespb "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
-	"github.com/cs3org/reva/pkg/utils"
 )
 
 func formatGrantee(g *provider.Grantee) (int, string) {
 	var granteeType int
 	var formattedID string
-	uid, gid := utils.ExtractGranteeID(g)
 	switch g.Type {
 	case provider.GranteeType_GRANTEE_TYPE_USER:
 		granteeType = 0
-		formattedID = formatUserID(uid)
+		formattedID = formatUserID(g.GetUserId())
 	case provider.GranteeType_GRANTEE_TYPE_GROUP:
 		granteeType = 1
-		formattedID = gid.OpaqueId
+		formattedID = formatGroupID(g.GetGroupId())
 	default:
 		granteeType = -1
 	}
@@ -55,7 +53,7 @@ func extractGrantee(t int, g string) *provider.Grantee {
 		grantee.Id = &provider.Grantee_UserId{UserId: extractUserID(g)}
 	case 1:
 		grantee.Type = provider.GranteeType_GRANTEE_TYPE_GROUP
-		grantee.Id = &provider.Grantee_GroupId{GroupId: &grouppb.GroupId{OpaqueId: g}}
+		grantee.Id = &provider.Grantee_GroupId{GroupId: extractGroupID(g)}
 	default:
 		grantee.Type = provider.GranteeType_GRANTEE_TYPE_INVALID
 	}
@@ -150,6 +148,21 @@ func extractUserID(u string) *userpb.UserId {
 	return &userpb.UserId{OpaqueId: parts[0]}
 }
 
+func formatGroupID(u *grouppb.GroupId) string {
+	if u.Idp != "" {
+		return fmt.Sprintf("%s:%s", u.OpaqueId, u.Idp)
+	}
+	return u.OpaqueId
+}
+
+func extractGroupID(u string) *grouppb.GroupId {
+	parts := strings.Split(u, ":")
+	if len(parts) > 1 {
+		return &grouppb.GroupId{OpaqueId: parts[0], Idp: parts[1]}
+	}
+	return &grouppb.GroupId{OpaqueId: parts[0]}
+}
+
 func convertToCS3Share(s dbShare) *collaboration.Share {
 	ts := &typespb.Timestamp{
 		Seconds: uint64(s.STime),

pkg/share/manager/json/json.go

@@ -130,11 +130,10 @@ func (m *shareModel) Save() error {
 	temp.Shares = []*collaboration.Share{}
 	for i := range m.Shares {
 		s := *m.Shares[i]
-		u, g := utils.ExtractGranteeID(s.Grantee)
 		if s.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_USER {
-			temp.Grantees = append(temp.Grantees, u)
+			temp.Grantees = append(temp.Grantees, s.Grantee.GetUserId())
 		} else if s.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_GROUP {
-			temp.Grantees = append(temp.Grantees, g)
+			temp.Grantees = append(temp.Grantees, s.Grantee.GetGroupId())
 		}
 		s.Grantee = &provider.Grantee{Type: s.Grantee.Type}
 		temp.Shares = append(temp.Shares, &s)

pkg/storage/fs/ocis/grants.go

@@ -124,7 +124,7 @@ func (fs *ocisfs) RemoveGrant(ctx context.Context, ref *provider.Reference, g *p
 
 	var attr string
 	if g.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_GROUP {
-		attr = grantPrefix + _groupAcePrefix + g.Grantee.GetUserId().OpaqueId
+		attr = grantPrefix + _groupAcePrefix + g.Grantee.GetGroupId().OpaqueId
 	} else {
 		attr = grantPrefix + _userAcePrefix + g.Grantee.GetUserId().OpaqueId
 	}

pkg/storage/fs/owncloud/owncloud.go

@@ -1064,7 +1064,7 @@ func (fs *ocfs) RemoveGrant(ctx context.Context, ref *provider.Reference, g *pro
 
 	var attr string
 	if g.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_GROUP {
-		attr = sharePrefix + "g:" + g.Grantee.GetUserId().OpaqueId
+		attr = sharePrefix + "g:" + g.Grantee.GetGroupId().OpaqueId
 	} else {
 		attr = sharePrefix + "u:" + g.Grantee.GetUserId().OpaqueId
 	}

pkg/storage/fs/s3ng/grants.go

@@ -126,7 +126,7 @@ func (fs *s3ngfs) RemoveGrant(ctx context.Context, ref *provider.Reference, g *p
 
 	var attr string
 	if g.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_GROUP {
-		attr = xattrs.GrantPrefix + xattrs.GroupAcePrefix + g.Grantee.GetUserId().OpaqueId
+		attr = xattrs.GrantPrefix + xattrs.GroupAcePrefix + g.Grantee.GetGroupId().OpaqueId
 	} else {
 		attr = xattrs.GrantPrefix + xattrs.UserAcePrefix + g.Grantee.GetUserId().OpaqueId
 	}

pkg/storage/utils/ace/ace.go

@@ -24,6 +24,7 @@ import (
 	"strconv"
 	"strings"
 
+	grouppb "github.com/cs3org/go-cs3apis/cs3/identity/group/v1beta1"
 	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 )
@@ -132,7 +133,7 @@ func FromGrant(g *provider.Grant) *ACE {
 	}
 	if g.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_GROUP {
 		e.flags = "g"
-		e.principal = "g:" + g.Grantee.GetUserId().OpaqueId
+		e.principal = "g:" + g.Grantee.GetGroupId().OpaqueId
 	} else {
 		e.principal = "u:" + g.Grantee.GetUserId().OpaqueId
 	}
@@ -180,13 +181,18 @@ func Unmarshal(principal string, v []byte) (e *ACE, err error) {
 
 // Grant returns a CS3 grant
 func (e *ACE) Grant() *provider.Grant {
-	return &provider.Grant{
+	g := &provider.Grant{
 		Grantee: &provider.Grantee{
-			Id:   &provider.Grantee_UserId{UserId: &userpb.UserId{OpaqueId: e.principal}},
 			Type: e.granteeType(),
 		},
 		Permissions: e.grantPermissionSet(),
 	}
+	if e.granteeType() == provider.GranteeType_GRANTEE_TYPE_GROUP {
+		g.Grantee.Id = &provider.Grantee_GroupId{GroupId: &grouppb.GroupId{OpaqueId: e.principal}}
+	} else if e.granteeType() == provider.GranteeType_GRANTEE_TYPE_USER {
+		g.Grantee.Id = &provider.Grantee_UserId{UserId: &userpb.UserId{OpaqueId: e.principal}}
+	}
+	return g
 }
 
 // granteeType returns the CS3 grantee type

pkg/storage/utils/localfs/localfs.go

@@ -31,6 +31,7 @@ import (
 	"strings"
 	"time"
 
+	grouppb "github.com/cs3org/go-cs3apis/cs3/identity/group/v1beta1"
 	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
@@ -432,7 +433,12 @@ func (fs *localfs) AddGrant(ctx context.Context, ref *provider.Reference, g *pro
 	if err != nil {
 		return errors.Wrap(err, "localfs: error getting grantee type")
 	}
-	grantee := fmt.Sprintf("%s:%s@%s", granteeType, g.Grantee.GetUserId().OpaqueId, g.Grantee.GetUserId().Idp)
+	var grantee string
+	if granteeType == "u" {
+		grantee = fmt.Sprintf("%s:%s@%s", granteeType, g.Grantee.GetUserId().OpaqueId, g.Grantee.GetUserId().Idp)
+	} else if granteeType == "g" {
+		grantee = fmt.Sprintf("%s:%s@%s", granteeType, g.Grantee.GetGroupId().OpaqueId, g.Grantee.GetGroupId().Idp)
+	}
 
 	err = fs.addToACLDB(ctx, fn, grantee, role)
 	if err != nil {
@@ -461,9 +467,12 @@ func (fs *localfs) ListGrants(ctx context.Context, ref *provider.Reference) ([]*
 		if err != nil {
 			return nil, errors.Wrap(err, "localfs: error scanning db rows")
 		}
-		grantee := &provider.Grantee{
-			Id:   &provider.Grantee_UserId{UserId: &userpb.UserId{OpaqueId: granteeID[2:]}},
-			Type: grants.GetGranteeType(string(granteeID[0])),
+		grantee := &provider.Grantee{Type: grants.GetGranteeType(string(granteeID[0]))}
+		parts := strings.Split(granteeID[2:], "@")
+		if granteeID[0] == 'u' {
+			grantee.Id = &provider.Grantee_UserId{UserId: &userpb.UserId{OpaqueId: parts[0], Idp: parts[1]}}
+		} else if granteeID[0] == 'g' {
+			grantee.Id = &provider.Grantee_GroupId{GroupId: &grouppb.GroupId{OpaqueId: parts[0], Idp: parts[1]}}
 		}
 		permissions := grants.GetGrantPermissionSet(role)
 
@@ -487,7 +496,12 @@ func (fs *localfs) RemoveGrant(ctx context.Context, ref *provider.Reference, g *
 	if err != nil {
 		return errors.Wrap(err, "localfs: error getting grantee type")
 	}
-	grantee := fmt.Sprintf("%s:%s@%s", granteeType, g.Grantee.GetUserId().OpaqueId, g.Grantee.GetUserId().Idp)
+	var grantee string
+	if granteeType == "u" {
+		grantee = fmt.Sprintf("%s:%s@%s", granteeType, g.Grantee.GetUserId().OpaqueId, g.Grantee.GetUserId().Idp)
+	} else if granteeType == "g" {
+		grantee = fmt.Sprintf("%s:%s@%s", granteeType, g.Grantee.GetGroupId().OpaqueId, g.Grantee.GetGroupId().Idp)
+	}
 
 	err = fs.removeFromACLDB(ctx, fn, grantee)
 	if err != nil {