From 328cc3fd3fdd2c41fa7e658568cf56ce1a1d52b5 Mon Sep 17 00:00:00 2001 From: Ishank Arora Date: Fri, 30 Apr 2021 11:08:14 +0200 Subject: [PATCH] Remove role-based checks --- pkg/auth/scope/publicshare.go | 10 ++++++---- pkg/auth/scope/publicsharepath.go | 10 ++++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/pkg/auth/scope/publicshare.go b/pkg/auth/scope/publicshare.go index f304f9f9b0e..b88f48c78a3 100644 --- a/pkg/auth/scope/publicshare.go +++ b/pkg/auth/scope/publicshare.go @@ -49,14 +49,16 @@ func publicshareScope(scope *authpb.Scope, resource interface{}) (bool, error) { return checkStorageRef(&share, v.GetRef()), nil // Editor role + // TODO(ishank011): Add role checks, + // need to return appropriate status codes in the ocs/ocdav layers. case *provider.CreateContainerRequest: - return scope.Role == authpb.Role_ROLE_EDITOR && checkStorageRef(&share, v.GetRef()), nil + return checkStorageRef(&share, v.GetRef()), nil case *provider.DeleteRequest: - return scope.Role == authpb.Role_ROLE_EDITOR && checkStorageRef(&share, v.GetRef()), nil + return checkStorageRef(&share, v.GetRef()), nil case *provider.MoveRequest: - return scope.Role == authpb.Role_ROLE_EDITOR && checkStorageRef(&share, v.GetSource()) && checkStorageRef(&share, v.GetDestination()), nil + return checkStorageRef(&share, v.GetSource()) && checkStorageRef(&share, v.GetDestination()), nil case *provider.InitiateFileUploadRequest: - return scope.Role == authpb.Role_ROLE_EDITOR && checkStorageRef(&share, v.GetRef()), nil + return checkStorageRef(&share, v.GetRef()), nil case *link.GetPublicShareRequest: return checkPublicShareRef(&share, v.GetRef()), nil diff --git a/pkg/auth/scope/publicsharepath.go b/pkg/auth/scope/publicsharepath.go index fde60360dc7..118d8fc8877 100644 --- a/pkg/auth/scope/publicsharepath.go +++ b/pkg/auth/scope/publicsharepath.go @@ -48,14 +48,16 @@ func publicsharepathScope(scope *authpb.Scope, resource interface{}) (bool, erro return strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil // Editor role + // TODO(ishank011): Add role checks, + // need to return appropriate status codes in the ocs/ocdav layers. case *provider.CreateContainerRequest: - return scope.Role == authpb.Role_ROLE_EDITOR && strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil + return strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil case *provider.DeleteRequest: - return scope.Role == authpb.Role_ROLE_EDITOR && strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil + return strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil case *provider.MoveRequest: - return scope.Role == authpb.Role_ROLE_EDITOR && strings.HasPrefix(v.GetSource().GetPath(), ref.GetPath()) && strings.HasPrefix(v.GetDestination().GetPath(), ref.GetPath()), nil + return strings.HasPrefix(v.GetSource().GetPath(), ref.GetPath()) && strings.HasPrefix(v.GetDestination().GetPath(), ref.GetPath()), nil case *provider.InitiateFileUploadRequest: - return scope.Role == authpb.Role_ROLE_EDITOR && strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil + return strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil } return false, errtypes.InternalError(fmt.Sprintf("resource type assertion failed: %+v", resource))