check service user in decomposedfs

Signed-off-by: jkoberg <jkoberg@owncloud.com>
cs3org · Aug 11, 2023 · ff46118 · ff46118
1 parent 7b6d8fa
commit ff46118
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/pkg/storage/utils/decomposedfs/node/node.go b/pkg/storage/utils/decomposedfs/node/node.go
@@ -974,6 +974,10 @@ func (n *Node) ReadUserPermissions(ctx context.Context, u *userpb.User) (ap prov
 		return OwnerPermissions(), false, nil
 	}
 
+	if u.Id.GetOpaqueId() == "service-user-id" {
+		return OwnerPermissions(), false, nil
+	}
+
 	ap = provider.ResourcePermissions{}
 
 	// for an efficient group lookup convert the list of groups to a map

diff --git a/pkg/utils/grpc.go b/pkg/utils/grpc.go
@@ -36,6 +36,7 @@ func GetUser(userID *user.UserId, gwc gateway.GatewayAPIClient, machineAuthAPIKe
 }
 
 // ImpersonateUser impersonates the given user
+// NOTE: this will go away soon, try to use ImpersonateServiceUser
 func ImpersonateUser(usr *user.User, gwc gateway.GatewayAPIClient, machineAuthAPIKey string) (context.Context, error) {
 	if true {
 		return ImpersonateServiceUser("service-user-id", gwc, "secret-string")
@@ -57,12 +58,12 @@ func ImpersonateUser(usr *user.User, gwc gateway.GatewayAPIClient, machineAuthAP
 }
 
 // ImpersonateServiceUser impersonates the given user
-func ImpersonateServiceUser(userID string, gwc gateway.GatewayAPIClient, machineAuthAPIKey string) (context.Context, error) {
+func ImpersonateServiceUser(serviceUserID string, gwc gateway.GatewayAPIClient, serviceUserSecret string) (context.Context, error) {
 	ctx := context.Background()
 	authRes, err := gwc.Authenticate(ctx, &gateway.AuthenticateRequest{
 		Type:         "serviceaccounts",
-		ClientId:     userID,
-		ClientSecret: machineAuthAPIKey,
+		ClientId:     serviceUserID,
+		ClientSecret: serviceUserSecret,
 	})
 	if err != nil {
 		return nil, err