From d41899168ad10724ba38db2db37df368ffbb3a07 Mon Sep 17 00:00:00 2001
From: jkoberg <jkoberg@owncloud.com>
Date: Tue, 22 Aug 2023 15:29:50 +0200
Subject: [PATCH 1/3] changelog

Signed-off-by: jkoberg <jkoberg@owncloud.com>
---
 changelog/unreleased/auto-accept-shares.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 changelog/unreleased/auto-accept-shares.md

diff --git a/changelog/unreleased/auto-accept-shares.md b/changelog/unreleased/auto-accept-shares.md
new file mode 100644
index 0000000000..acb2577728
--- /dev/null
+++ b/changelog/unreleased/auto-accept-shares.md
@@ -0,0 +1,5 @@
+Enhancement: Auto-Accept Shares through ServiceAccounts
+
+Auto accept shares with service accounts
+
+https://github.com/cs3org/reva/pull/4129

From bce2d6f73ada6baa4e7d1493db6a849a0285198c Mon Sep 17 00:00:00 2001
From: jkoberg <jkoberg@owncloud.com>
Date: Tue, 22 Aug 2023 15:11:08 +0200
Subject: [PATCH 2/3] allow service users to accept shares for other users

Signed-off-by: jkoberg <jkoberg@owncloud.com>
---
 .../usershareprovider/usershareprovider.go    |  4 +++-
 pkg/cbox/share/sql/sql.go                     |  3 ++-
 pkg/share/manager/cs3/cs3.go                  |  9 ++++++--
 pkg/share/manager/cs3/cs3_test.go             |  4 ++--
 pkg/share/manager/json/json.go                | 20 ++++++++++-------
 pkg/share/manager/json/json_test.go           |  2 +-
 pkg/share/manager/jsoncs3/jsoncs3.go          | 11 ++++++----
 pkg/share/manager/jsoncs3/jsoncs3_test.go     | 12 +++++-----
 pkg/share/manager/memory/memory.go            | 22 ++++++++++++-------
 pkg/share/manager/owncloudsql/owncloudsql.go  |  4 +++-
 .../manager/owncloudsql/owncloudsql_test.go   | 12 +++++-----
 pkg/share/mocks/Manager.go                    | 20 +++++++++--------
 pkg/share/share.go                            |  2 +-
 13 files changed, 75 insertions(+), 50 deletions(-)

diff --git a/internal/grpc/services/usershareprovider/usershareprovider.go b/internal/grpc/services/usershareprovider/usershareprovider.go
index 26901427dd..fdec41b1b2 100644
--- a/internal/grpc/services/usershareprovider/usershareprovider.go
+++ b/internal/grpc/services/usershareprovider/usershareprovider.go
@@ -301,7 +301,9 @@ func (s *service) UpdateReceivedShare(ctx context.Context, req *collaboration.Up
 		}, nil
 	}
 
-	share, err := s.sm.UpdateReceivedShare(ctx, req.Share, req.UpdateMask)
+	var uid *userpb.UserId
+	_ = utils.ReadJSONFromOpaque(req.Opaque, "userid", uid)
+	share, err := s.sm.UpdateReceivedShare(ctx, req.Share, req.UpdateMask, uid)
 	if err != nil {
 		return &collaboration.UpdateReceivedShareResponse{
 			Status: status.NewInternal(ctx, "error updating received share"),
diff --git a/pkg/cbox/share/sql/sql.go b/pkg/cbox/share/sql/sql.go
index b9b484b9d7..813a967b11 100644
--- a/pkg/cbox/share/sql/sql.go
+++ b/pkg/cbox/share/sql/sql.go
@@ -27,6 +27,7 @@ import (
 	"strings"
 	"time"
 
+	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	collaboration "github.com/cs3org/go-cs3apis/cs3/sharing/collaboration/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	typespb "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
@@ -453,7 +454,7 @@ func (m *mgr) GetReceivedShare(ctx context.Context, ref *collaboration.ShareRefe
 
 }
 
-func (m *mgr) UpdateReceivedShare(ctx context.Context, share *collaboration.ReceivedShare, fieldMask *field_mask.FieldMask) (*collaboration.ReceivedShare, error) {
+func (m *mgr) UpdateReceivedShare(ctx context.Context, share *collaboration.ReceivedShare, fieldMask *field_mask.FieldMask, _ *userpb.UserId) (*collaboration.ReceivedShare, error) {
 	user := ctxpkg.ContextMustGetUser(ctx)
 
 	rs, err := m.GetReceivedShare(ctx, &collaboration.ShareReference{Spec: &collaboration.ShareReference_Id{Id: share.Share.Id}})
diff --git a/pkg/share/manager/cs3/cs3.go b/pkg/share/manager/cs3/cs3.go
index be03a0583d..04bb9d20be 100644
--- a/pkg/share/manager/cs3/cs3.go
+++ b/pkg/share/manager/cs3/cs3.go
@@ -617,7 +617,7 @@ func (m *Manager) GetReceivedShare(ctx context.Context, ref *collaboration.Share
 }
 
 // UpdateReceivedShare updates the received share with share state.
-func (m *Manager) UpdateReceivedShare(ctx context.Context, rshare *collaboration.ReceivedShare, fieldMask *field_mask.FieldMask) (*collaboration.ReceivedShare, error) {
+func (m *Manager) UpdateReceivedShare(ctx context.Context, rshare *collaboration.ReceivedShare, fieldMask *field_mask.FieldMask, forUser *userpb.UserId) (*collaboration.ReceivedShare, error) {
 	if err := m.initialize(); err != nil {
 		return nil, err
 	}
@@ -643,7 +643,12 @@ func (m *Manager) UpdateReceivedShare(ctx context.Context, rshare *collaboration
 		}
 	}
 
-	err = m.persistReceivedShare(ctx, user.Id, rs)
+	uid := user.GetId()
+	if user.GetId().GetType() == userpb.UserType_USER_TYPE_SERVICE {
+		uid = forUser
+	}
+
+	err = m.persistReceivedShare(ctx, uid, rs)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/share/manager/cs3/cs3_test.go b/pkg/share/manager/cs3/cs3_test.go
index 70aec0c6c2..9389fdeecd 100644
--- a/pkg/share/manager/cs3/cs3_test.go
+++ b/pkg/share/manager/cs3/cs3_test.go
@@ -609,7 +609,7 @@ var _ = Describe("Manager", func() {
 				rs.MountPoint.Path = "newPath/"
 
 				rrs, err := m.UpdateReceivedShare(granteeCtx,
-					rs, &fieldmaskpb.FieldMask{Paths: []string{"state", "mount_point"}})
+					rs, &fieldmaskpb.FieldMask{Paths: []string{"state", "mount_point"}}, nil)
 				Expect(err).ToNot(HaveOccurred())
 				Expect(rrs).ToNot(BeNil())
 				Expect(rrs.Share.ResourceId).ToNot(BeNil())
@@ -630,7 +630,7 @@ var _ = Describe("Manager", func() {
 				rs.MountPoint.Path = "newPath/"
 
 				rrs, err := m.UpdateReceivedShare(granteeCtx,
-					rs, &fieldmaskpb.FieldMask{Paths: []string{"mount_point"}})
+					rs, &fieldmaskpb.FieldMask{Paths: []string{"mount_point"}}, nil)
 				Expect(err).ToNot(HaveOccurred())
 				Expect(rrs).ToNot(BeNil())
 				Expect(rrs.Share.ResourceId).ToNot(BeNil())
diff --git a/pkg/share/manager/json/json.go b/pkg/share/manager/json/json.go
index 520988790d..0d0b7b4982 100644
--- a/pkg/share/manager/json/json.go
+++ b/pkg/share/manager/json/json.go
@@ -548,7 +548,7 @@ func (m *mgr) getReceived(ctx context.Context, ref *collaboration.ShareReference
 	return m.convert(user.Id, s), nil
 }
 
-func (m *mgr) UpdateReceivedShare(ctx context.Context, receivedShare *collaboration.ReceivedShare, fieldMask *field_mask.FieldMask) (*collaboration.ReceivedShare, error) {
+func (m *mgr) UpdateReceivedShare(ctx context.Context, receivedShare *collaboration.ReceivedShare, fieldMask *field_mask.FieldMask, forUser *userv1beta1.UserId) (*collaboration.ReceivedShare, error) {
 	rs, err := m.getReceived(ctx, &collaboration.ShareReference{Spec: &collaboration.ShareReference_Id{Id: receivedShare.Share.Id}})
 	if err != nil {
 		return nil, err
@@ -568,27 +568,31 @@ func (m *mgr) UpdateReceivedShare(ctx context.Context, receivedShare *collaborat
 		}
 	}
 
-	user := ctxpkg.ContextMustGetUser(ctx)
+	u := ctxpkg.ContextMustGetUser(ctx)
+	uid := u.GetId().String()
+	if u.GetId().GetType() == userv1beta1.UserType_USER_TYPE_SERVICE {
+		uid = forUser.String()
+	}
 	// Persist state
-	if v, ok := m.model.State[user.Id.String()]; ok {
+	if v, ok := m.model.State[uid]; ok {
 		v[rs.Share.Id.String()] = rs.State
-		m.model.State[user.Id.String()] = v
+		m.model.State[uid] = v
 	} else {
 		a := map[string]collaboration.ShareState{
 			rs.Share.Id.String(): rs.State,
 		}
-		m.model.State[user.Id.String()] = a
+		m.model.State[uid] = a
 	}
 
 	// Persist mount point
-	if v, ok := m.model.MountPoint[user.Id.String()]; ok {
+	if v, ok := m.model.MountPoint[uid]; ok {
 		v[rs.Share.Id.String()] = rs.MountPoint
-		m.model.MountPoint[user.Id.String()] = v
+		m.model.MountPoint[uid] = v
 	} else {
 		a := map[string]*provider.Reference{
 			rs.Share.Id.String(): rs.MountPoint,
 		}
-		m.model.MountPoint[user.Id.String()] = a
+		m.model.MountPoint[uid] = a
 	}
 
 	if err := m.model.Save(); err != nil {
diff --git a/pkg/share/manager/json/json_test.go b/pkg/share/manager/json/json_test.go
index f80d870c1c..18f169aa2d 100644
--- a/pkg/share/manager/json/json_test.go
+++ b/pkg/share/manager/json/json_test.go
@@ -100,7 +100,7 @@ var _ = Describe("Json", func() {
 			rs.MountPoint = &providerv1beta1.Reference{Path: "newPath/"}
 
 			_, err = m.UpdateReceivedShare(granteeCtx,
-				rs, &fieldmaskpb.FieldMask{Paths: []string{"state", "mount_point"}})
+				rs, &fieldmaskpb.FieldMask{Paths: []string{"state", "mount_point"}}, nil)
 			Expect(err).ToNot(HaveOccurred())
 		})
 
diff --git a/pkg/share/manager/jsoncs3/jsoncs3.go b/pkg/share/manager/jsoncs3/jsoncs3.go
index 661767f9ce..2fe7eb11e3 100644
--- a/pkg/share/manager/jsoncs3/jsoncs3.go
+++ b/pkg/share/manager/jsoncs3/jsoncs3.go
@@ -978,7 +978,7 @@ func (m *Manager) getReceived(ctx context.Context, ref *collaboration.ShareRefer
 }
 
 // UpdateReceivedShare updates the received share with share state.
-func (m *Manager) UpdateReceivedShare(ctx context.Context, receivedShare *collaboration.ReceivedShare, fieldMask *field_mask.FieldMask) (*collaboration.ReceivedShare, error) {
+func (m *Manager) UpdateReceivedShare(ctx context.Context, receivedShare *collaboration.ReceivedShare, fieldMask *field_mask.FieldMask, forUser *userv1beta1.UserId) (*collaboration.ReceivedShare, error) {
 	ctx, span := appctx.GetTracerProvider(ctx).Tracer(tracerName).Start(ctx, "UpdateReceivedShare")
 	defer span.End()
 
@@ -1003,10 +1003,13 @@ func (m *Manager) UpdateReceivedShare(ctx context.Context, receivedShare *collab
 	}
 
 	// write back
+	u := ctxpkg.ContextMustGetUser(ctx)
+	uid := u.GetId().GetOpaqueId()
+	if u.GetId().GetType() == userv1beta1.UserType_USER_TYPE_SERVICE {
+		uid = forUser.GetOpaqueId()
+	}
 
-	userID := ctxpkg.ContextMustGetUser(ctx)
-
-	err = m.UserReceivedStates.Add(ctx, userID.GetId().GetOpaqueId(), rs.Share.ResourceId.StorageId+shareid.IDDelimiter+rs.Share.ResourceId.SpaceId, rs)
+	err = m.UserReceivedStates.Add(ctx, uid, rs.Share.ResourceId.StorageId+shareid.IDDelimiter+rs.Share.ResourceId.SpaceId, rs)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/share/manager/jsoncs3/jsoncs3_test.go b/pkg/share/manager/jsoncs3/jsoncs3_test.go
index 702b6defa5..f6459effd2 100644
--- a/pkg/share/manager/jsoncs3/jsoncs3_test.go
+++ b/pkg/share/manager/jsoncs3/jsoncs3_test.go
@@ -840,7 +840,7 @@ var _ = Describe("Jsoncs3", func() {
 					Expect(err).ToNot(HaveOccurred())
 
 					rs.State = collaboration.ShareState_SHARE_STATE_ACCEPTED
-					_, err = m.UpdateReceivedShare(granteeCtx, rs, &fieldmaskpb.FieldMask{Paths: []string{"state"}})
+					_, err = m.UpdateReceivedShare(granteeCtx, rs, &fieldmaskpb.FieldMask{Paths: []string{"state"}}, nil)
 					Expect(err).ToNot(HaveOccurred())
 
 					received, err := m.ListReceivedShares(granteeCtx, []*collaboration.Filter{})
@@ -921,7 +921,7 @@ var _ = Describe("Jsoncs3", func() {
 				Expect(rs.State).To(Equal(collaboration.ShareState_SHARE_STATE_PENDING))
 
 				rs.State = collaboration.ShareState_SHARE_STATE_ACCEPTED
-				rs, err = m.UpdateReceivedShare(granteeCtx, rs, &fieldmaskpb.FieldMask{Paths: []string{"state"}})
+				rs, err = m.UpdateReceivedShare(granteeCtx, rs, &fieldmaskpb.FieldMask{Paths: []string{"state"}}, nil)
 				Expect(err).ToNot(HaveOccurred())
 				Expect(rs.State).To(Equal(collaboration.ShareState_SHARE_STATE_ACCEPTED))
 
@@ -946,7 +946,7 @@ var _ = Describe("Jsoncs3", func() {
 				rs.MountPoint = &providerv1beta1.Reference{
 					Path: "newMP",
 				}
-				rs, err = m.UpdateReceivedShare(granteeCtx, rs, &fieldmaskpb.FieldMask{Paths: []string{"mount_point"}})
+				rs, err = m.UpdateReceivedShare(granteeCtx, rs, &fieldmaskpb.FieldMask{Paths: []string{"mount_point"}}, nil)
 				Expect(err).ToNot(HaveOccurred())
 				Expect(rs.MountPoint.Path).To(Equal("newMP"))
 
@@ -967,7 +967,7 @@ var _ = Describe("Jsoncs3", func() {
 				})
 				Expect(err).ToNot(HaveOccurred())
 
-				_, err = m.UpdateReceivedShare(granteeCtx, rs, &fieldmaskpb.FieldMask{Paths: []string{"invalid"}})
+				_, err = m.UpdateReceivedShare(granteeCtx, rs, &fieldmaskpb.FieldMask{Paths: []string{"invalid"}}, nil)
 				Expect(err).To(HaveOccurred())
 			})
 
@@ -992,7 +992,7 @@ var _ = Describe("Jsoncs3", func() {
 					Expect(rs.State).To(Equal(collaboration.ShareState_SHARE_STATE_PENDING))
 
 					rs.State = collaboration.ShareState_SHARE_STATE_ACCEPTED
-					rs, err = m.UpdateReceivedShare(granteeCtx, rs, &fieldmaskpb.FieldMask{Paths: []string{"state"}})
+					rs, err = m.UpdateReceivedShare(granteeCtx, rs, &fieldmaskpb.FieldMask{Paths: []string{"state"}}, nil)
 					Expect(err).ToNot(HaveOccurred())
 					Expect(rs.State).To(Equal(collaboration.ShareState_SHARE_STATE_ACCEPTED))
 
@@ -1015,7 +1015,7 @@ var _ = Describe("Jsoncs3", func() {
 					Expect(rs.State).To(Equal(collaboration.ShareState_SHARE_STATE_PENDING))
 
 					rs.State = collaboration.ShareState_SHARE_STATE_ACCEPTED
-					rs, err = m.UpdateReceivedShare(granteeCtx, rs, &fieldmaskpb.FieldMask{Paths: []string{"state"}})
+					rs, err = m.UpdateReceivedShare(granteeCtx, rs, &fieldmaskpb.FieldMask{Paths: []string{"state"}}, nil)
 					Expect(err).ToNot(HaveOccurred())
 					Expect(rs.State).To(Equal(collaboration.ShareState_SHARE_STATE_ACCEPTED))
 
diff --git a/pkg/share/manager/memory/memory.go b/pkg/share/manager/memory/memory.go
index 4a54302c15..ea5abd7955 100644
--- a/pkg/share/manager/memory/memory.go
+++ b/pkg/share/manager/memory/memory.go
@@ -29,6 +29,7 @@ import (
 	"github.com/cs3org/reva/v2/pkg/share"
 	"google.golang.org/genproto/protobuf/field_mask"
 
+	userv1beta1 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	collaboration "github.com/cs3org/go-cs3apis/cs3/sharing/collaboration/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	typespb "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
@@ -343,13 +344,12 @@ func (m *manager) getReceived(ctx context.Context, ref *collaboration.ShareRefer
 	return nil, errtypes.NotFound(ref.String())
 }
 
-func (m *manager) UpdateReceivedShare(ctx context.Context, receivedShare *collaboration.ReceivedShare, fieldMask *field_mask.FieldMask) (*collaboration.ReceivedShare, error) {
+func (m *manager) UpdateReceivedShare(ctx context.Context, receivedShare *collaboration.ReceivedShare, fieldMask *field_mask.FieldMask, forUser *userv1beta1.UserId) (*collaboration.ReceivedShare, error) {
 	rs, err := m.getReceived(ctx, &collaboration.ShareReference{Spec: &collaboration.ShareReference_Id{Id: receivedShare.Share.Id}})
 	if err != nil {
 		return nil, err
 	}
 
-	user := ctxpkg.ContextMustGetUser(ctx)
 	m.lock.Lock()
 	defer m.lock.Unlock()
 
@@ -364,25 +364,31 @@ func (m *manager) UpdateReceivedShare(ctx context.Context, receivedShare *collab
 		}
 	}
 
+	u := ctxpkg.ContextMustGetUser(ctx)
+	uid := u.GetId().String()
+	if u.GetId().GetType() == userv1beta1.UserType_USER_TYPE_SERVICE {
+		uid = forUser.String()
+	}
+
 	// Persist state
-	if v, ok := m.shareState[user.Id.String()]; ok {
+	if v, ok := m.shareState[uid]; ok {
 		v[rs.Share.Id] = rs.State
-		m.shareState[user.Id.String()] = v
+		m.shareState[uid] = v
 	} else {
 		a := map[*collaboration.ShareId]collaboration.ShareState{
 			rs.Share.Id: rs.State,
 		}
-		m.shareState[user.Id.String()] = a
+		m.shareState[uid] = a
 	}
 	// Persist mount point
-	if v, ok := m.shareMountPoint[user.Id.String()]; ok {
+	if v, ok := m.shareMountPoint[uid]; ok {
 		v[rs.Share.Id] = rs.MountPoint
-		m.shareMountPoint[user.Id.String()] = v
+		m.shareMountPoint[uid] = v
 	} else {
 		a := map[*collaboration.ShareId]*provider.Reference{
 			rs.Share.Id: rs.MountPoint,
 		}
-		m.shareMountPoint[user.Id.String()] = a
+		m.shareMountPoint[uid] = a
 	}
 
 	return rs, nil
diff --git a/pkg/share/manager/owncloudsql/owncloudsql.go b/pkg/share/manager/owncloudsql/owncloudsql.go
index edca29181c..d5f28c4a12 100644
--- a/pkg/share/manager/owncloudsql/owncloudsql.go
+++ b/pkg/share/manager/owncloudsql/owncloudsql.go
@@ -27,6 +27,7 @@ import (
 	"strings"
 	"time"
 
+	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	collaboration "github.com/cs3org/go-cs3apis/cs3/sharing/collaboration/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	typespb "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
@@ -422,7 +423,8 @@ func (m *mgr) GetReceivedShare(ctx context.Context, ref *collaboration.ShareRefe
 
 }
 
-func (m *mgr) UpdateReceivedShare(ctx context.Context, receivedShare *collaboration.ReceivedShare, fieldMask *field_mask.FieldMask) (*collaboration.ReceivedShare, error) {
+func (m *mgr) UpdateReceivedShare(ctx context.Context, receivedShare *collaboration.ReceivedShare, fieldMask *field_mask.FieldMask, _ *userpb.UserId) (*collaboration.ReceivedShare, error) {
+	// TODO: How to inject the uid when a UserId is set? override it in the ctx? Add parameter to GetReceivedShare?
 	rs, err := m.GetReceivedShare(ctx, &collaboration.ShareReference{Spec: &collaboration.ShareReference_Id{Id: receivedShare.Share.Id}})
 	if err != nil {
 		return nil, err
diff --git a/pkg/share/manager/owncloudsql/owncloudsql_test.go b/pkg/share/manager/owncloudsql/owncloudsql_test.go
index 01c483d08e..5c6d767082 100644
--- a/pkg/share/manager/owncloudsql/owncloudsql_test.go
+++ b/pkg/share/manager/owncloudsql/owncloudsql_test.go
@@ -372,7 +372,7 @@ var _ = Describe("SQL manager", func() {
 			Expect(share.State).To(Equal(collaboration.ShareState_SHARE_STATE_ACCEPTED))
 
 			share.State = collaboration.ShareState_SHARE_STATE_REJECTED
-			_, err = mgr.UpdateReceivedShare(ctx, share, &fieldmaskpb.FieldMask{Paths: []string{"foo"}})
+			_, err = mgr.UpdateReceivedShare(ctx, share, &fieldmaskpb.FieldMask{Paths: []string{"foo"}}, nil)
 			Expect(err).To(HaveOccurred())
 		})
 
@@ -386,12 +386,12 @@ var _ = Describe("SQL manager", func() {
 
 			share.State = collaboration.ShareState_SHARE_STATE_REJECTED
 
-			share, err = mgr.UpdateReceivedShare(ctx, share, &fieldmaskpb.FieldMask{Paths: []string{"mount_point"}})
+			share, err = mgr.UpdateReceivedShare(ctx, share, &fieldmaskpb.FieldMask{Paths: []string{"mount_point"}}, nil)
 			Expect(err).ToNot(HaveOccurred())
 			Expect(share.State).To(Equal(collaboration.ShareState_SHARE_STATE_ACCEPTED))
 
 			share.State = collaboration.ShareState_SHARE_STATE_REJECTED
-			share, err = mgr.UpdateReceivedShare(ctx, share, &fieldmaskpb.FieldMask{Paths: []string{"state"}})
+			share, err = mgr.UpdateReceivedShare(ctx, share, &fieldmaskpb.FieldMask{Paths: []string{"state"}}, nil)
 			Expect(err).ToNot(HaveOccurred())
 			Expect(share.State).To(Equal(collaboration.ShareState_SHARE_STATE_REJECTED))
 
@@ -411,12 +411,12 @@ var _ = Describe("SQL manager", func() {
 
 			share.MountPoint = &provider.Reference{Path: "foo"}
 
-			share, err = mgr.UpdateReceivedShare(ctx, share, &fieldmaskpb.FieldMask{Paths: []string{"state"}})
+			share, err = mgr.UpdateReceivedShare(ctx, share, &fieldmaskpb.FieldMask{Paths: []string{"state"}}, nil)
 			Expect(err).ToNot(HaveOccurred())
 			Expect(share.MountPoint.Path).To(Equal("shared"))
 
 			share.MountPoint = &provider.Reference{Path: "foo"}
-			share, err = mgr.UpdateReceivedShare(ctx, share, &fieldmaskpb.FieldMask{Paths: []string{"mount_point"}})
+			share, err = mgr.UpdateReceivedShare(ctx, share, &fieldmaskpb.FieldMask{Paths: []string{"mount_point"}}, nil)
 			Expect(err).ToNot(HaveOccurred())
 			Expect(share.MountPoint.Path).To(Equal("foo"))
 
@@ -465,7 +465,7 @@ var _ = Describe("SQL manager", func() {
 				share.MountPoint = &provider.Reference{Path: "foo"}
 
 				By("overriding the child share information for the current user")
-				share, err = mgr.UpdateReceivedShare(ctx, share, &fieldmaskpb.FieldMask{Paths: []string{"mount_point"}})
+				share, err = mgr.UpdateReceivedShare(ctx, share, &fieldmaskpb.FieldMask{Paths: []string{"mount_point"}}, nil)
 				Expect(err).ToNot(HaveOccurred())
 				Expect(share.MountPoint.Path).To(Equal("foo"))
 
diff --git a/pkg/share/mocks/Manager.go b/pkg/share/mocks/Manager.go
index f1315836eb..c48a7ba6d9 100644
--- a/pkg/share/mocks/Manager.go
+++ b/pkg/share/mocks/Manager.go
@@ -30,6 +30,8 @@ import (
 	mock "github.com/stretchr/testify/mock"
 
 	providerv1beta1 "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+
+	userv1beta1 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 )
 
 // Manager is an autogenerated mock type for the Manager type
@@ -181,25 +183,25 @@ func (_m *Manager) Unshare(ctx context.Context, ref *collaborationv1beta1.ShareR
 	return r0
 }
 
-// UpdateReceivedShare provides a mock function with given fields: ctx, _a1, fieldMask
-func (_m *Manager) UpdateReceivedShare(ctx context.Context, _a1 *collaborationv1beta1.ReceivedShare, fieldMask *fieldmaskpb.FieldMask) (*collaborationv1beta1.ReceivedShare, error) {
-	ret := _m.Called(ctx, _a1, fieldMask)
+// UpdateReceivedShare provides a mock function with given fields: ctx, _a1, fieldMask, forUser
+func (_m *Manager) UpdateReceivedShare(ctx context.Context, _a1 *collaborationv1beta1.ReceivedShare, fieldMask *fieldmaskpb.FieldMask, forUser *userv1beta1.UserId) (*collaborationv1beta1.ReceivedShare, error) {
+	ret := _m.Called(ctx, _a1, fieldMask, forUser)
 
 	var r0 *collaborationv1beta1.ReceivedShare
 	var r1 error
-	if rf, ok := ret.Get(0).(func(context.Context, *collaborationv1beta1.ReceivedShare, *fieldmaskpb.FieldMask) (*collaborationv1beta1.ReceivedShare, error)); ok {
-		return rf(ctx, _a1, fieldMask)
+	if rf, ok := ret.Get(0).(func(context.Context, *collaborationv1beta1.ReceivedShare, *fieldmaskpb.FieldMask, *userv1beta1.UserId) (*collaborationv1beta1.ReceivedShare, error)); ok {
+		return rf(ctx, _a1, fieldMask, forUser)
 	}
-	if rf, ok := ret.Get(0).(func(context.Context, *collaborationv1beta1.ReceivedShare, *fieldmaskpb.FieldMask) *collaborationv1beta1.ReceivedShare); ok {
-		r0 = rf(ctx, _a1, fieldMask)
+	if rf, ok := ret.Get(0).(func(context.Context, *collaborationv1beta1.ReceivedShare, *fieldmaskpb.FieldMask, *userv1beta1.UserId) *collaborationv1beta1.ReceivedShare); ok {
+		r0 = rf(ctx, _a1, fieldMask, forUser)
 	} else {
 		if ret.Get(0) != nil {
 			r0 = ret.Get(0).(*collaborationv1beta1.ReceivedShare)
 		}
 	}
 
-	if rf, ok := ret.Get(1).(func(context.Context, *collaborationv1beta1.ReceivedShare, *fieldmaskpb.FieldMask) error); ok {
-		r1 = rf(ctx, _a1, fieldMask)
+	if rf, ok := ret.Get(1).(func(context.Context, *collaborationv1beta1.ReceivedShare, *fieldmaskpb.FieldMask, *userv1beta1.UserId) error); ok {
+		r1 = rf(ctx, _a1, fieldMask, forUser)
 	} else {
 		r1 = ret.Error(1)
 	}
diff --git a/pkg/share/share.go b/pkg/share/share.go
index 3fb48c3b09..84f66a98f9 100644
--- a/pkg/share/share.go
+++ b/pkg/share/share.go
@@ -69,7 +69,7 @@ type Manager interface {
 	GetReceivedShare(ctx context.Context, ref *collaboration.ShareReference) (*collaboration.ReceivedShare, error)
 
 	// UpdateReceivedShare updates the received share with share state.
-	UpdateReceivedShare(ctx context.Context, share *collaboration.ReceivedShare, fieldMask *field_mask.FieldMask) (*collaboration.ReceivedShare, error)
+	UpdateReceivedShare(ctx context.Context, share *collaboration.ReceivedShare, fieldMask *field_mask.FieldMask, forUser *userv1beta1.UserId) (*collaboration.ReceivedShare, error)
 }
 
 // ReceivedShareWithUser holds the relevant information for representing a received share of a user

From edd41afedf6872baa8412b35bd23afec10ed26d8 Mon Sep 17 00:00:00 2001
From: jkoberg <jkoberg@owncloud.com>
Date: Thu, 31 Aug 2023 15:09:33 +0200
Subject: [PATCH 3/3] allow service users to get received shares

Signed-off-by: jkoberg <jkoberg@owncloud.com>
---
 .../grpc/services/usershareprovider/usershareprovider.go    | 6 +++---
 pkg/share/manager/cs3/cs3.go                                | 2 +-
 pkg/share/manager/json/json.go                              | 2 +-
 pkg/share/manager/jsoncs3/jsoncs3.go                        | 2 +-
 pkg/share/manager/memory/memory.go                          | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/internal/grpc/services/usershareprovider/usershareprovider.go b/internal/grpc/services/usershareprovider/usershareprovider.go
index fdec41b1b2..b850b5f4df 100644
--- a/internal/grpc/services/usershareprovider/usershareprovider.go
+++ b/internal/grpc/services/usershareprovider/usershareprovider.go
@@ -301,9 +301,9 @@ func (s *service) UpdateReceivedShare(ctx context.Context, req *collaboration.Up
 		}, nil
 	}
 
-	var uid *userpb.UserId
-	_ = utils.ReadJSONFromOpaque(req.Opaque, "userid", uid)
-	share, err := s.sm.UpdateReceivedShare(ctx, req.Share, req.UpdateMask, uid)
+	var uid userpb.UserId
+	_ = utils.ReadJSONFromOpaque(req.Opaque, "userid", &uid)
+	share, err := s.sm.UpdateReceivedShare(ctx, req.Share, req.UpdateMask, &uid)
 	if err != nil {
 		return &collaboration.UpdateReceivedShareResponse{
 			Status: status.NewInternal(ctx, "error updating received share"),
diff --git a/pkg/share/manager/cs3/cs3.go b/pkg/share/manager/cs3/cs3.go
index 04bb9d20be..ed5d665c2e 100644
--- a/pkg/share/manager/cs3/cs3.go
+++ b/pkg/share/manager/cs3/cs3.go
@@ -343,7 +343,7 @@ func (m *Manager) GetShare(ctx context.Context, ref *collaboration.ShareReferenc
 
 	// check if we are the owner or the grantee
 	user := ctxpkg.ContextMustGetUser(ctx)
-	if share.IsCreatedByUser(s, user) || share.IsGrantedToUser(s, user) {
+	if user.GetId().GetType() == userpb.UserType_USER_TYPE_SERVICE || share.IsCreatedByUser(s, user) || share.IsGrantedToUser(s, user) {
 		return s, nil
 	}
 
diff --git a/pkg/share/manager/json/json.go b/pkg/share/manager/json/json.go
index 0d0b7b4982..7f78e226e7 100644
--- a/pkg/share/manager/json/json.go
+++ b/pkg/share/manager/json/json.go
@@ -542,7 +542,7 @@ func (m *mgr) getReceived(ctx context.Context, ref *collaboration.ShareReference
 		return nil, err
 	}
 	user := ctxpkg.ContextMustGetUser(ctx)
-	if !share.IsGrantedToUser(s, user) {
+	if user.GetId().GetType() != userv1beta1.UserType_USER_TYPE_SERVICE && !share.IsGrantedToUser(s, user) {
 		return nil, errtypes.NotFound(ref.String())
 	}
 	return m.convert(user.Id, s), nil
diff --git a/pkg/share/manager/jsoncs3/jsoncs3.go b/pkg/share/manager/jsoncs3/jsoncs3.go
index 2fe7eb11e3..2bfeeb0b0d 100644
--- a/pkg/share/manager/jsoncs3/jsoncs3.go
+++ b/pkg/share/manager/jsoncs3/jsoncs3.go
@@ -955,7 +955,7 @@ func (m *Manager) getReceived(ctx context.Context, ref *collaboration.ShareRefer
 		return nil, err
 	}
 	user := ctxpkg.ContextMustGetUser(ctx)
-	if !share.IsGrantedToUser(s, user) {
+	if user.GetId().GetType() != userv1beta1.UserType_USER_TYPE_SERVICE && !share.IsGrantedToUser(s, user) {
 		return nil, errtypes.NotFound(ref.String())
 	}
 	if share.IsExpired(s) {
diff --git a/pkg/share/manager/memory/memory.go b/pkg/share/manager/memory/memory.go
index ea5abd7955..2719320dbb 100644
--- a/pkg/share/manager/memory/memory.go
+++ b/pkg/share/manager/memory/memory.go
@@ -335,7 +335,7 @@ func (m *manager) getReceived(ctx context.Context, ref *collaboration.ShareRefer
 	user := ctxpkg.ContextMustGetUser(ctx)
 	for _, s := range m.shares {
 		if sharesEqual(ref, s) {
-			if share.IsGrantedToUser(s, user) {
+			if user.GetId().GetType() == userv1beta1.UserType_USER_TYPE_SERVICE || share.IsGrantedToUser(s, user) {
 				rs := m.convert(ctx, s)
 				return rs, nil
 			}