Add other request types for permissions

cs3org · Apr 30, 2021 · 52b5c4b · 52b5c4b
1 parent 01b01b6
commit 52b5c4b
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 1 deletion.
diff --git a/internal/grpc/interceptors/auth/auth.go b/internal/grpc/interceptors/auth/auth.go
@@ -260,7 +260,9 @@ func dismantleToken(ctx context.Context, tkn string, req interface{}, mgr token.
 				if strings.HasPrefix(ref.GetPath(), statResponse.Info.Path) {
 					// The path corresponds to the resource to which the token has access.
 					// Add it to the scope map
-					val, err := utils.MarshalProtoV1ToJSON(ref)
+					val, err := utils.MarshalProtoV1ToJSON(&provider.Reference{
+						Spec: &provider.Reference_Path{Path: statResponse.Info.Path},
+					})
 					if err != nil {
 						return nil, err
 					}
@@ -293,6 +295,12 @@ func extractRef(req interface{}) (*provider.Reference, bool) {
 		return v.GetRef(), true
 	case *provider.ListContainerRequest:
 		return v.GetRef(), true
+	case *provider.CreateContainerRequest:
+		return v.GetRef(), true
+	case *provider.DeleteRequest:
+		return v.GetRef(), true
+	case *provider.MoveRequest:
+		return v.GetSource(), true
 	case *provider.InitiateFileDownloadRequest:
 		return v.GetRef(), true
 	case *provider.InitiateFileUploadRequest:

diff --git a/pkg/auth/scope/publicshare.go b/pkg/auth/scope/publicshare.go
@@ -44,6 +44,12 @@ func publicshareScope(scope *authpb.Scope, resource interface{}) (bool, error) {
 		return checkStorageRef(&share, v.GetRef()), nil
 	case *provider.ListContainerRequest:
 		return checkStorageRef(&share, v.GetRef()), nil
+	case *provider.CreateContainerRequest:
+		return checkStorageRef(&share, v.GetRef()), nil
+	case *provider.DeleteRequest:
+		return checkStorageRef(&share, v.GetRef()), nil
+	case *provider.MoveRequest:
+		return checkStorageRef(&share, v.GetSource()) && checkStorageRef(&share, v.GetDestination()), nil
 	case *provider.InitiateFileDownloadRequest:
 		return checkStorageRef(&share, v.GetRef()), nil
 	case *provider.InitiateFileUploadRequest:
@@ -71,6 +77,12 @@ func publicsharepathScope(scope *authpb.Scope, resource interface{}) (bool, erro
 		return strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil
 	case *provider.ListContainerRequest:
 		return strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil
+	case *provider.CreateContainerRequest:
+		return strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil
+	case *provider.DeleteRequest:
+		return strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil
+	case *provider.MoveRequest:
+		return strings.HasPrefix(v.GetSource().GetPath(), ref.GetPath()) && strings.HasPrefix(v.GetDestination().GetPath(), ref.GetPath()), nil
 	case *provider.InitiateFileDownloadRequest:
 		return strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil
 	case *provider.InitiateFileUploadRequest: