Remove role-based checks

cs3org · Apr 30, 2021 · 328cc3f · 328cc3f
1 parent 37e22c3
commit 328cc3f
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 8 deletions.
diff --git a/pkg/auth/scope/publicshare.go b/pkg/auth/scope/publicshare.go
@@ -49,14 +49,16 @@ func publicshareScope(scope *authpb.Scope, resource interface{}) (bool, error) {
 		return checkStorageRef(&share, v.GetRef()), nil
 
 		// Editor role
+		// TODO(ishank011): Add role checks,
+		// need to return appropriate status codes in the ocs/ocdav layers.
 	case *provider.CreateContainerRequest:
-		return scope.Role == authpb.Role_ROLE_EDITOR && checkStorageRef(&share, v.GetRef()), nil
+		return checkStorageRef(&share, v.GetRef()), nil
 	case *provider.DeleteRequest:
-		return scope.Role == authpb.Role_ROLE_EDITOR && checkStorageRef(&share, v.GetRef()), nil
+		return checkStorageRef(&share, v.GetRef()), nil
 	case *provider.MoveRequest:
-		return scope.Role == authpb.Role_ROLE_EDITOR && checkStorageRef(&share, v.GetSource()) && checkStorageRef(&share, v.GetDestination()), nil
+		return checkStorageRef(&share, v.GetSource()) && checkStorageRef(&share, v.GetDestination()), nil
 	case *provider.InitiateFileUploadRequest:
-		return scope.Role == authpb.Role_ROLE_EDITOR && checkStorageRef(&share, v.GetRef()), nil
+		return checkStorageRef(&share, v.GetRef()), nil
 
 	case *link.GetPublicShareRequest:
 		return checkPublicShareRef(&share, v.GetRef()), nil

diff --git a/pkg/auth/scope/publicsharepath.go b/pkg/auth/scope/publicsharepath.go
@@ -48,14 +48,16 @@ func publicsharepathScope(scope *authpb.Scope, resource interface{}) (bool, erro
 		return strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil
 
 		// Editor role
+		// TODO(ishank011): Add role checks,
+		// need to return appropriate status codes in the ocs/ocdav layers.
 	case *provider.CreateContainerRequest:
-		return scope.Role == authpb.Role_ROLE_EDITOR && strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil
+		return strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil
 	case *provider.DeleteRequest:
-		return scope.Role == authpb.Role_ROLE_EDITOR && strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil
+		return strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil
 	case *provider.MoveRequest:
-		return scope.Role == authpb.Role_ROLE_EDITOR && strings.HasPrefix(v.GetSource().GetPath(), ref.GetPath()) && strings.HasPrefix(v.GetDestination().GetPath(), ref.GetPath()), nil
+		return strings.HasPrefix(v.GetSource().GetPath(), ref.GetPath()) && strings.HasPrefix(v.GetDestination().GetPath(), ref.GetPath()), nil
 	case *provider.InitiateFileUploadRequest:
-		return scope.Role == authpb.Role_ROLE_EDITOR && strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil
+		return strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil
 	}
 
 	return false, errtypes.InternalError(fmt.Sprintf("resource type assertion failed: %+v", resource))