Fix broken permissions in PROPFIND on project folder over gRPC

The permissions returned by PROPFIND on a folder in a project were erroneous because ACL permissions were being ignored. This stems from a bug in grpcMDResponseToFileInfo, where the SysACL attribute of the FileInfo struct was not being populated.
cs3org · Oct 25, 2024 · 950b1c5 · 950b1c5
1 parent 10664f4
commit 950b1c5
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 1 deletion.
diff --git a/changelog/unreleased/propfind-perms-grpc.md b/changelog/unreleased/propfind-perms-grpc.md
@@ -0,0 +1,8 @@
+Bugfix: broken PROPFIND perms on gRPC
+
+When using the EOS gRPC stack, the permissions returned by PROPFIND
+on a folder in a project were erroneous because ACL permissions were
+being ignored. This stems from a bug in grpcMDResponseToFileInfo, 
+where the SysACL attribute of the FileInfo struct was not being populated.
+
+See: https://github.com/cs3org/reva/pull/4901
diff --git a/pkg/eosclient/eosgrpc/eosgrpc.go b/pkg/eosclient/eosgrpc/eosgrpc.go
@@ -1242,7 +1242,9 @@ func (c *Client) List(ctx context.Context, auth eosclient.Authorization, dpath s
 			if parent != nil && parent.SysACL != nil {
 				if fi.SysACL == nil {
 					log.Warn().Str("func", "List").Str("path", dpath).Str("SysACL is nil, taking parent", "").Msg("grpc response")
-					fi.SysACL.Entries = parent.SysACL.Entries
+					fi.SysACL = &acl.ACLs{
+						Entries: parent.SysACL.Entries,
+					}
 				} else {
 					fi.SysACL.Entries = append(fi.SysACL.Entries, parent.SysACL.Entries...)
 				}
@@ -1629,6 +1631,10 @@ func (c *Client) grpcMDResponseToFileInfo(ctx context.Context, st *erpc.MDRespon
 			fi.Attrs[strings.TrimPrefix(k, "user.")] = string(v)
 		}
 
+		if fi.Attrs["sys.acl"] != "" {
+			fi.SysACL = aclAttrToAclStruct(fi.Attrs["sys.acl"])
+		}
+
 		fi.TreeSize = uint64(st.Cmd.TreeSize)
 		fi.Size = fi.TreeSize
 		// TODO(lopresti) this info is missing in the EOS Protobuf, cf. EOS-5974
@@ -1649,6 +1655,10 @@ func (c *Client) grpcMDResponseToFileInfo(ctx context.Context, st *erpc.MDRespon
 			fi.Attrs[strings.TrimPrefix(k, "user.")] = string(v)
 		}
 
+		if fi.Attrs["sys.acl"] != "" {
+			fi.SysACL = aclAttrToAclStruct(fi.Attrs["sys.acl"])
+		}
+
 		fi.Size = st.Fmd.Size
 
 		if st.Fmd.Checksum != nil {
@@ -1663,3 +1673,23 @@ func (c *Client) grpcMDResponseToFileInfo(ctx context.Context, st *erpc.MDRespon
 	}
 	return fi, nil
 }
+
+func aclAttrToAclStruct(aclAttr string) *acl.ACLs {
+	entries := strings.Split(aclAttr, ",")
+
+	acl := &acl.ACLs{}
+
+	for _, entry := range entries {
+		parts := strings.Split(entry, ":")
+		if len(parts) != 3 {
+			continue
+		}
+		aclType := parts[0]
+		qualifier := parts[1]
+		permissions := parts[2]
+
+		acl.SetEntry(aclType, qualifier, permissions)
+	}
+
+	return acl
+}