From 5d8c4d5d2e78761641d9bb9d16ef30abd46722eb Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <39946305+gmgigi96@users.noreply.github.com>
Date: Wed, 6 Sep 2023 15:21:01 +0200
Subject: [PATCH] Disable trashbin on a storage provider (#4163)

---
 changelog/unreleased/notrashbin.md            |  6 ++
 internal/grpc/interceptors/loader/loader.go   |  1 +
 .../interceptors/notrashbin/notrashbin.go     | 79 +++++++++++++++++++
 3 files changed, 86 insertions(+)
 create mode 100644 changelog/unreleased/notrashbin.md
 create mode 100644 internal/grpc/interceptors/notrashbin/notrashbin.go

diff --git a/changelog/unreleased/notrashbin.md b/changelog/unreleased/notrashbin.md
new file mode 100644
index 0000000000..0d7e7065d1
--- /dev/null
+++ b/changelog/unreleased/notrashbin.md
@@ -0,0 +1,6 @@
+Enhancement: Disable trashbin on a storage provider
+
+Added a GRPC interceptor that disable the trashbin
+on a storage provider.
+
+https://github.com/cs3org/reva/pull/4163
\ No newline at end of file
diff --git a/internal/grpc/interceptors/loader/loader.go b/internal/grpc/interceptors/loader/loader.go
index 5beab8b35c..9a3ef052d7 100644
--- a/internal/grpc/interceptors/loader/loader.go
+++ b/internal/grpc/interceptors/loader/loader.go
@@ -21,6 +21,7 @@ package loader
 import (
 	// Load core GRPC services.
 	_ "github.com/cs3org/reva/internal/grpc/interceptors/eventsmiddleware"
+	_ "github.com/cs3org/reva/internal/grpc/interceptors/notrashbin"
 	_ "github.com/cs3org/reva/internal/grpc/interceptors/noversions"
 	_ "github.com/cs3org/reva/internal/grpc/interceptors/readonly"
 	// Add your own service here.
diff --git a/internal/grpc/interceptors/notrashbin/notrashbin.go b/internal/grpc/interceptors/notrashbin/notrashbin.go
new file mode 100644
index 0000000000..cac0a89b02
--- /dev/null
+++ b/internal/grpc/interceptors/notrashbin/notrashbin.go
@@ -0,0 +1,79 @@
+// Copyright 2018-2023 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
+package notrashbin
+
+import (
+	"context"
+
+	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+	"github.com/cs3org/reva/pkg/rgrpc"
+	rstatus "github.com/cs3org/reva/pkg/rgrpc/status"
+	"google.golang.org/grpc"
+)
+
+const (
+	defaultPriority = 200
+)
+
+func init() {
+	rgrpc.RegisterUnaryInterceptor("notrashbin", NewUnary)
+}
+
+// NewUnary returns a new unary interceptor
+// that checks grpc calls and blocks write requests.
+func NewUnary(_ map[string]interface{}) (grpc.UnaryServerInterceptor, int, error) {
+	return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
+		switch req.(type) {
+		case *provider.ListContainerRequest:
+			resp, err := handler(ctx, req)
+			if listResp, ok := resp.(*provider.ListContainerResponse); ok && listResp.Infos != nil {
+				for _, info := range listResp.Infos {
+					if info.PermissionSet != nil {
+						info.PermissionSet.ListRecycle = false
+						info.PermissionSet.RestoreRecycleItem = false
+						info.PermissionSet.PurgeRecycle = false
+					}
+				}
+			}
+			return resp, err
+		case *provider.StatRequest:
+			resp, err := handler(ctx, req)
+			if statResp, ok := resp.(*provider.StatResponse); ok && statResp.Info != nil && statResp.Info.PermissionSet != nil {
+				statResp.Info.PermissionSet.ListRecycle = false
+				statResp.Info.PermissionSet.RestoreRecycleItem = false
+				statResp.Info.PermissionSet.PurgeRecycle = false
+			}
+			return resp, err
+		case *provider.ListRecycleRequest:
+			return &provider.ListRecycleResponse{
+				Status: rstatus.NewPermissionDenied(ctx, nil, "permission denied: tried to list recycle bin on a no trashbin storage"),
+			}, nil
+		case *provider.RestoreRecycleItemRequest:
+			return &provider.RestoreRecycleItemResponse{
+				Status: rstatus.NewPermissionDenied(ctx, nil, "permission denied: tried to restore recycle item on a no trashbin storage"),
+			}, nil
+		case *provider.PurgeRecycleRequest:
+			return &provider.PurgeRecycleResponse{
+				Status: rstatus.NewPermissionDenied(ctx, nil, "permission denied: tried to purge recycle bin on a no trashbin storage"),
+			}, nil
+		default:
+			return handler(ctx, req)
+		}
+	}, defaultPriority, nil
+}