diff --git a/pkg/cbox/storage/eoswrapper/eoswrapper.go b/pkg/cbox/storage/eoswrapper/eoswrapper.go index b62bc90d97..bee697e620 100644 --- a/pkg/cbox/storage/eoswrapper/eoswrapper.go +++ b/pkg/cbox/storage/eoswrapper/eoswrapper.go @@ -40,7 +40,7 @@ func init() { } const ( - eosProjectsNamespace = "/eos/project/" + eosProjectsNamespace = "/eos/project" // We can use a regex for these, but that might have inferior performance projectSpaceGroupsPrefix = "cernbox-project-" @@ -147,8 +147,7 @@ func (w *wrapper) setProjectSharingPermissions(ctx context.Context, r *provider. if strings.HasPrefix(w.conf.Namespace, eosProjectsNamespace) { // Extract project name from the path resembling /c/cernbox or /c/cernbox/minutes/.. - path := strings.TrimPrefix(r.Path, eosProjectsNamespace) - parts := strings.SplitN(path, "/", 4) + parts := strings.SplitN(r.Path, "/", 4) if len(parts) != 4 && len(parts) != 3 { return errtypes.BadRequest("eoswrapper: path does not follow the allowed format") } diff --git a/pkg/eosclient/eosbinary/eosbinary.go b/pkg/eosclient/eosbinary/eosbinary.go index ac5e4dff4b..539a961fc0 100644 --- a/pkg/eosclient/eosbinary/eosbinary.go +++ b/pkg/eosclient/eosbinary/eosbinary.go @@ -875,6 +875,8 @@ func (c *Client) parseFind(dirPath, raw string) ([]*eosclient.FileInfo, error) { rawLines := strings.FieldsFunc(raw, func(c rune) bool { return c == '\n' }) + + var parent *eosclient.FileInfo for _, rl := range rawLines { if rl == "" { continue @@ -887,10 +889,20 @@ func (c *Client) parseFind(dirPath, raw string) ([]*eosclient.FileInfo, error) { // we skip the current directory as eos find will return the directory we // ask to find if fi.File == path.Clean(dirPath) { + parent = fi continue } + finfos = append(finfos, fi) } + + for _, fi := range finfos { + // For files, inherit ACLs from the parent + if !fi.IsDir && parent != nil { + fi.SysACL.Entries = append(fi.SysACL.Entries, parent.SysACL.Entries...) + } + } + return finfos, nil } diff --git a/pkg/eosclient/eosgrpc/eosgrpc.go b/pkg/eosclient/eosgrpc/eosgrpc.go index a85ec28f41..a3835bed25 100644 --- a/pkg/eosclient/eosgrpc/eosgrpc.go +++ b/pkg/eosclient/eosgrpc/eosgrpc.go @@ -1113,13 +1113,14 @@ func (c *Client) List(ctx context.Context, auth eosclient.Authorization, dpath s } var mylst []*eosclient.FileInfo + var parent *eosclient.FileInfo i := 0 for { rsp, err := resp.Recv() if err != nil { if err == io.EOF { log.Debug().Str("path", dpath).Int("nitems", i).Msg("OK, no more items, clean exit") - return mylst, nil + break } // We got an error while reading items. We log this as an error and we return @@ -1136,14 +1137,6 @@ func (c *Client) List(ctx context.Context, auth eosclient.Authorization, dpath s return nil, errtypes.NotFound(dpath) } - i++ - - // The first item is the directory itself... skip - if i == 1 { - log.Debug().Str("func", "List").Str("path", dpath).Str("skipping first item resp:", fmt.Sprintf("%#v", rsp)).Msg("grpc response") - continue - } - log.Debug().Str("func", "List").Str("path", dpath).Str("item resp:", fmt.Sprintf("%#v", rsp)).Msg("grpc response") myitem, err := c.grpcMDResponseToFileInfo(rsp, dpath) @@ -1153,9 +1146,25 @@ func (c *Client) List(ctx context.Context, auth eosclient.Authorization, dpath s return nil, err } + i++ + // The first item is the directory itself... skip + if i == 1 { + parent = myitem + log.Debug().Str("func", "List").Str("path", dpath).Str("skipping first item resp:", fmt.Sprintf("%#v", rsp)).Msg("grpc response") + continue + } + mylst = append(mylst, myitem) } + for _, info := range mylst { + if !info.IsDir && parent != nil { + info.SysACL.Entries = append(info.SysACL.Entries, parent.SysACL.Entries...) + } + } + + return mylst, nil + } // Read reads a file from the mgm and returns a handle to read it diff --git a/pkg/storage/utils/eosfs/eosfs.go b/pkg/storage/utils/eosfs/eosfs.go index e9f7715d64..a8efcef510 100644 --- a/pkg/storage/utils/eosfs/eosfs.go +++ b/pkg/storage/utils/eosfs/eosfs.go @@ -1482,6 +1482,8 @@ func (fs *eosfs) ListRecycle(ctx context.Context, basePath, key, relativePath st if err != nil { return nil, err } + } else { + return nil, errtypes.PermissionDenied("eosfs: user doesn't have permissions to restore recycled items") } } else { // We just act on the logged-in user's recycle bin @@ -1531,6 +1533,8 @@ func (fs *eosfs) RestoreRecycleItem(ctx context.Context, basePath, key, relative if err != nil { return err } + } else { + return errtypes.PermissionDenied("eosfs: user doesn't have permissions to restore recycled items") } } else { // We just act on the logged-in user's recycle bin diff --git a/pkg/storage/utils/grants/grants.go b/pkg/storage/utils/grants/grants.go index 32f18a8d8a..57efbdb8da 100644 --- a/pkg/storage/utils/grants/grants.go +++ b/pkg/storage/utils/grants/grants.go @@ -78,8 +78,10 @@ func GetGrantPermissionSet(perm string, isDir bool) *provider.ResourcePermission if strings.Contains(perm, "w") && !strings.Contains(perm, "!w") { rp.Move = true rp.Delete = true + rp.PurgeRecycle = true rp.InitiateFileUpload = true rp.RestoreFileVersion = true + rp.RestoreRecycleItem = true if isDir { rp.CreateContainer = true } @@ -87,6 +89,7 @@ func GetGrantPermissionSet(perm string, isDir bool) *provider.ResourcePermission if strings.Contains(perm, "x") && !strings.Contains(perm, "!x") { rp.ListFileVersions = true + rp.ListRecycle = true if isDir { rp.ListContainer = true } @@ -94,6 +97,7 @@ func GetGrantPermissionSet(perm string, isDir bool) *provider.ResourcePermission if strings.Contains(perm, "!d") { rp.Delete = false + rp.PurgeRecycle = false } if strings.Contains(perm, "m") && !strings.Contains(perm, "!m") {