From 4bd4228d70cfac6a7843dd8dbe016f55517b03d6 Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhaferkamp@owncloud.com>
Date: Wed, 7 Sep 2022 12:13:04 +0200
Subject: [PATCH] Fix "delete-all-home-spaces" permission check

We were using the wrong permission name and the permission check was
implemented in a way, that the deleting user needed to have the
"delete-all-home-spaces" permission AND manager access to the space.
---
 .../check-home-space-delte-permission.md      |  3 ++-
 pkg/storage/utils/decomposedfs/spaces.go      | 19 +++++++++++--------
 2 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/changelog/unreleased/check-home-space-delte-permission.md b/changelog/unreleased/check-home-space-delte-permission.md
index 4674385fe8..a0a237d7b4 100644
--- a/changelog/unreleased/check-home-space-delte-permission.md
+++ b/changelog/unreleased/check-home-space-delte-permission.md
@@ -3,4 +3,5 @@ Enhancement: Add canDeleteAllHomeSpaces permission
 We added a permission to the admin role in ocis that allows deleting homespaces on user delete.
 
 https://github.com/cs3org/reva/pull/3180
-https://github.com/owncloud/ocis/pull/4447/files
\ No newline at end of file
+https://github.com/cs3org/reva/pull/3202
+https://github.com/owncloud/ocis/pull/4447/files
diff --git a/pkg/storage/utils/decomposedfs/spaces.go b/pkg/storage/utils/decomposedfs/spaces.go
index 5314d5b25e..3d6dfaac9b 100644
--- a/pkg/storage/utils/decomposedfs/spaces.go
+++ b/pkg/storage/utils/decomposedfs/spaces.go
@@ -199,7 +199,7 @@ func (fs *Decomposedfs) canListAllSpaces(ctx context.Context) bool {
 func (fs *Decomposedfs) canDeleteAllHomeSpaces(ctx context.Context) bool {
 	user := ctxpkg.ContextMustGetUser(ctx)
 	checkRes, err := fs.permissionsClient.CheckPermission(ctx, &cs3permissions.CheckPermissionRequest{
-		Permission: "can-delete-all-home-spaces",
+		Permission: "delete-all-home-spaces",
 		SubjectRef: &cs3permissions.SubjectReference{
 			Spec: &cs3permissions.SubjectReference_UserId{
 				UserId: user.Id,
@@ -635,13 +635,16 @@ func (fs *Decomposedfs) DeleteStorageSpace(ctx context.Context, req *provider.De
 		return errtypes.InternalError(fmt.Sprintf("space %s does not have a spacetype, possible corrupt decompsedfs", n.ID))
 	}
 
-	if st == "personal" && !fs.canDeleteAllHomeSpaces(ctx) {
-		return errtypes.PermissionDenied(fmt.Sprintf("user is not allowed to delete home space %s", n.ID))
-	}
-
-	// only managers are allowed to disable or purge a drive
-	if err := fs.checkManagerPermission(ctx, n); err != nil {
-		return errtypes.PermissionDenied(fmt.Sprintf("user is not allowed to delete spaces %s", n.ID))
+	switch {
+	case st == "personal":
+		if !fs.canDeleteAllHomeSpaces(ctx) {
+			return errtypes.PermissionDenied(fmt.Sprintf("user is not allowed to delete home space %s", n.ID))
+		}
+	default:
+		// only managers are allowed to disable or purge a drive
+		if err := fs.checkManagerPermission(ctx, n); err != nil {
+			return errtypes.PermissionDenied(fmt.Sprintf("user is not allowed to delete spaces %s", n.ID))
+		}
 	}
 
 	if purge {