From 52b5c4b4622cc61abc2efca6523deb83e5743271 Mon Sep 17 00:00:00 2001 From: Ishank Arora Date: Thu, 29 Apr 2021 19:59:14 +0200 Subject: [PATCH] Add other request types for permissions --- internal/grpc/interceptors/auth/auth.go | 10 +++++++++- pkg/auth/scope/publicshare.go | 12 ++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/internal/grpc/interceptors/auth/auth.go b/internal/grpc/interceptors/auth/auth.go index 8132a9b9112..6c92c175fb8 100644 --- a/internal/grpc/interceptors/auth/auth.go +++ b/internal/grpc/interceptors/auth/auth.go @@ -260,7 +260,9 @@ func dismantleToken(ctx context.Context, tkn string, req interface{}, mgr token. if strings.HasPrefix(ref.GetPath(), statResponse.Info.Path) { // The path corresponds to the resource to which the token has access. // Add it to the scope map - val, err := utils.MarshalProtoV1ToJSON(ref) + val, err := utils.MarshalProtoV1ToJSON(&provider.Reference{ + Spec: &provider.Reference_Path{Path: statResponse.Info.Path}, + }) if err != nil { return nil, err } @@ -293,6 +295,12 @@ func extractRef(req interface{}) (*provider.Reference, bool) { return v.GetRef(), true case *provider.ListContainerRequest: return v.GetRef(), true + case *provider.CreateContainerRequest: + return v.GetRef(), true + case *provider.DeleteRequest: + return v.GetRef(), true + case *provider.MoveRequest: + return v.GetSource(), true case *provider.InitiateFileDownloadRequest: return v.GetRef(), true case *provider.InitiateFileUploadRequest: diff --git a/pkg/auth/scope/publicshare.go b/pkg/auth/scope/publicshare.go index 34b8ec688f4..989c1bb3c40 100644 --- a/pkg/auth/scope/publicshare.go +++ b/pkg/auth/scope/publicshare.go @@ -44,6 +44,12 @@ func publicshareScope(scope *authpb.Scope, resource interface{}) (bool, error) { return checkStorageRef(&share, v.GetRef()), nil case *provider.ListContainerRequest: return checkStorageRef(&share, v.GetRef()), nil + case *provider.CreateContainerRequest: + return checkStorageRef(&share, v.GetRef()), nil + case *provider.DeleteRequest: + return checkStorageRef(&share, v.GetRef()), nil + case *provider.MoveRequest: + return checkStorageRef(&share, v.GetSource()) && checkStorageRef(&share, v.GetDestination()), nil case *provider.InitiateFileDownloadRequest: return checkStorageRef(&share, v.GetRef()), nil case *provider.InitiateFileUploadRequest: @@ -71,6 +77,12 @@ func publicsharepathScope(scope *authpb.Scope, resource interface{}) (bool, erro return strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil case *provider.ListContainerRequest: return strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil + case *provider.CreateContainerRequest: + return strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil + case *provider.DeleteRequest: + return strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil + case *provider.MoveRequest: + return strings.HasPrefix(v.GetSource().GetPath(), ref.GetPath()) && strings.HasPrefix(v.GetDestination().GetPath(), ref.GetPath()), nil case *provider.InitiateFileDownloadRequest: return strings.HasPrefix(v.GetRef().GetPath(), ref.GetPath()), nil case *provider.InitiateFileUploadRequest: