Update and delete OCM shares (cs3org#3937)

* implemented DeleteRemoteUser * update state of received ocm share * fix cmd * removed old comment * add endpoint to delete accepted user * remove federated share * fix linter * accept/reject ocm recevied shares * update access methods in sql driver * inject time for unit tests * add unit tests for UpdateShare * removed tests for DeleteShare * update permissions of federated shares from ocs * update go-cs3apis * fix linter * add command in cli to remove an accepted user * update permissions of ocm share from cli * optimized query build when updating access methods * fix update ocm share in ocs * fix update received ocm share * return share id when accepting/reject ocm share * filter ocm shares by status * fix update received share * expose state of ocm share * set correct user type when deleting user * add share info when creating ocm share * disabled nextcloud unit test * add changelog * trigger pipeline * add header * fix rebase * fix linter
gmgigi96 · Jun 28, 2023 · 8bd0ac7 · 8bd0ac7
1 parent f18c8f0
commit 8bd0ac7
Show file tree

Hide file tree

Showing 28 changed files with 1,265 additions and 128 deletions.
diff --git a/changelog/unreleased/update_remove_ocm_share.md b/changelog/unreleased/update_remove_ocm_share.md
@@ -0,0 +1,10 @@
+Enhancement: Manage OCM shares
+
+Implements the following item regarding OCM:
+  - update of OCM shares in both grpc and ocs layer,
+    allowing an user to update permissions and expiration of the share
+  - deletion of OCM shares in both grpc and ocs layer
+  - accept/reject of received OCM shares
+  - remove accepted remote users
+
+https://github.com/cs3org/reva/pull/3937
diff --git a/cmd/reva/main.go b/cmd/reva/main.go
@@ -56,6 +56,7 @@ var (
 		moveCommand(),
 		mkdirCommand(),
 		ocmFindAcceptedUsersCommand(),
+		ocmRemoveAcceptedUser(),
 		ocmInviteGenerateCommand(),
 		ocmInviteForwardCommand(),
 		ocmShareCreateCommand(),

diff --git a/cmd/reva/ocm-remove-accepted-user.go b/cmd/reva/ocm-remove-accepted-user.go
@@ -0,0 +1,77 @@
+// Copyright 2018-2023 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
+package main
+
+import (
+	"errors"
+	"fmt"
+	"io"
+
+	userv1beta1 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
+	invitepb "github.com/cs3org/go-cs3apis/cs3/ocm/invite/v1beta1"
+	rpcv1beta1 "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
+)
+
+func ocmRemoveAcceptedUser() *command {
+	cmd := newCommand("ocm-remove-accepted-user")
+	cmd.Description = func() string { return "remove a remote user from the personal user list" }
+	cmd.Usage = func() string { return "Usage: ocm-remove-accepted-user [-flags]" }
+
+	user := cmd.String("user", "", "the user id")
+	idp := cmd.String("idp", "", "the idp of the user")
+
+	cmd.ResetFlags = func() {
+		*user, *idp = "", ""
+	}
+
+	cmd.Action = func(w ...io.Writer) error {
+		// validate flags
+		if *user == "" {
+			return errors.New("User cannot be empty: user -user flag\n" + cmd.Usage())
+		}
+
+		if *idp == "" {
+			return errors.New("IdP cannot be empty: use -idp flag\n" + cmd.Usage())
+		}
+
+		ctx := getAuthContext()
+		client, err := getClient()
+		if err != nil {
+			return err
+		}
+
+		res, err := client.DeleteAcceptedUser(ctx, &invitepb.DeleteAcceptedUserRequest{
+			RemoteUserId: &userv1beta1.UserId{
+				Type:     userv1beta1.UserType_USER_TYPE_FEDERATED,
+				Idp:      *idp,
+				OpaqueId: *user,
+			},
+		})
+		if err != nil {
+			return err
+		}
+		if res.Status.Code != rpcv1beta1.Code_CODE_OK {
+			return formatError(res.Status)
+		}
+
+		fmt.Println("OK")
+		return nil
+	}
+	return cmd
+}
diff --git a/cmd/reva/ocm-share-update.go b/cmd/reva/ocm-share-update.go
@@ -31,30 +31,26 @@ func ocmShareUpdateCommand() *command {
 	cmd := newCommand("ocm-share-update")
 	cmd.Description = func() string { return "update an OCM share" }
 	cmd.Usage = func() string { return "Usage: ocm-share-update [-flags] <share_id>" }
-	rol := cmd.String("rol", "viewer", "the permission for the share (viewer or editor)")
+
+	webdavRol := cmd.String("webdav-rol", "viewer", "the permission for the WebDAV access method (viewer or editor)")
+	webappViewMode := cmd.String("webapp-mode", "view", "the view mode for the Webapp access method (read or write)")
 
 	cmd.ResetFlags = func() {
-		*rol = "viewer"
+		*webdavRol, *webappViewMode = "viewer", "read"
 	}
 	cmd.Action = func(w ...io.Writer) error {
 		if cmd.NArg() < 1 {
 			return errors.New("Invalid arguments: " + cmd.Usage())
 		}
 
-		// validate flags
-		if *rol != viewerPermission && *rol != editorPermission {
-			return errors.New("Invalid rol: rol must be viewer or editor\n" + cmd.Usage())
-		}
-
 		id := cmd.Args()[0]
 
-		ctx := getAuthContext()
-		shareClient, err := getClient()
-		if err != nil {
-			return err
+		if *webdavRol == "" && *webappViewMode == "" {
+			return errors.New("use at least one of -webdav-rol or -webapp-mode flag")
 		}
 
-		perm, err := getOCMSharePerm(*rol)
+		ctx := getAuthContext()
+		shareClient, err := getClient()
 		if err != nil {
 			return err
 		}
@@ -67,13 +63,42 @@ func ocmShareUpdateCommand() *command {
 					},
 				},
 			},
-			Field: &ocm.UpdateOCMShareRequest_UpdateField{
-				Field: &ocm.UpdateOCMShareRequest_UpdateField_Permissions{
-					Permissions: &ocm.SharePermissions{
-						Permissions: perm,
+		}
+
+		if *webdavRol != "" {
+			perm, err := getOCMSharePerm(*webdavRol)
+			if err != nil {
+				return err
+			}
+			shareRequest.Field = append(shareRequest.Field, &ocm.UpdateOCMShareRequest_UpdateField{
+				Field: &ocm.UpdateOCMShareRequest_UpdateField_AccessMethods{
+					AccessMethods: &ocm.AccessMethod{
+						Term: &ocm.AccessMethod_WebdavOptions{
+							WebdavOptions: &ocm.WebDAVAccessMethod{
+								Permissions: perm,
+							},
+						},
 					},
 				},
-			},
+			})
+		}
+
+		if *webappViewMode != "" {
+			mode, err := getOCMViewMode(*webappViewMode)
+			if err != nil {
+				return err
+			}
+			shareRequest.Field = append(shareRequest.Field, &ocm.UpdateOCMShareRequest_UpdateField{
+				Field: &ocm.UpdateOCMShareRequest_UpdateField_AccessMethods{
+					AccessMethods: &ocm.AccessMethod{
+						Term: &ocm.AccessMethod_WebappOptions{
+							WebappOptions: &ocm.WebappAccessMethod{
+								ViewMode: mode,
+							},
+						},
+					},
+				},
+			})
 		}
 
 		shareRes, err := shareClient.UpdateOCMShare(ctx, shareRequest)

diff --git a/go.mod b/go.mod
@@ -15,7 +15,7 @@ require (
 	github.com/ceph/go-ceph v0.15.0
 	github.com/cheggaaa/pb v1.0.29
 	github.com/cs3org/cato v0.0.0-20200828125504-e418fc54dd5e
-	github.com/cs3org/go-cs3apis v0.0.0-20230508132523-e0d062e63b3b
+	github.com/cs3org/go-cs3apis v0.0.0-20230606135123-b799d47a6648
 	github.com/dgraph-io/ristretto v0.1.1
 	github.com/dolthub/go-mysql-server v0.14.0
 	github.com/eventials/go-tus v0.0.0-20200718001131-45c7ec8f5d59

diff --git a/go.sum b/go.sum
@@ -308,6 +308,8 @@ github.com/cs3org/cato v0.0.0-20200828125504-e418fc54dd5e h1:tqSPWQeueWTKnJVMJff
 github.com/cs3org/cato v0.0.0-20200828125504-e418fc54dd5e/go.mod h1:XJEZ3/EQuI3BXTp/6DUzFr850vlxq11I6satRtz0YQ4=
 github.com/cs3org/go-cs3apis v0.0.0-20230508132523-e0d062e63b3b h1:UCO7Rnf5bvIvRtETguV8IaTx73cImLlFWxrApCB0QsQ=
 github.com/cs3org/go-cs3apis v0.0.0-20230508132523-e0d062e63b3b/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY=
+github.com/cs3org/go-cs3apis v0.0.0-20230606135123-b799d47a6648 h1:gBz1JSC2u6o/TkUhWSdJZvacyTsVUzDouegRzvrJye4=
+github.com/cs3org/go-cs3apis v0.0.0-20230606135123-b799d47a6648/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=

diff --git a/internal/grpc/services/gateway/ocmcore.go b/internal/grpc/services/gateway/ocmcore.go
@@ -42,3 +42,35 @@ func (s *svc) CreateOCMCoreShare(ctx context.Context, req *ocmcore.CreateOCMCore
 
 	return res, nil
 }
+
+func (s *svc) UpdateOCMCoreShare(ctx context.Context, req *ocmcore.UpdateOCMCoreShareRequest) (*ocmcore.UpdateOCMCoreShareResponse, error) {
+	c, err := pool.GetOCMCoreClient(pool.Endpoint(s.c.OCMCoreEndpoint))
+	if err != nil {
+		return &ocmcore.UpdateOCMCoreShareResponse{
+			Status: status.NewInternal(ctx, err, "error getting ocm core client"),
+		}, nil
+	}
+
+	res, err := c.UpdateOCMCoreShare(ctx, req)
+	if err != nil {
+		return nil, errors.Wrap(err, "gateway: error calling UpdateOCMCoreShare")
+	}
+
+	return res, nil
+}
+
+func (s *svc) DeleteOCMCoreShare(ctx context.Context, req *ocmcore.DeleteOCMCoreShareRequest) (*ocmcore.DeleteOCMCoreShareResponse, error) {
+	c, err := pool.GetOCMCoreClient(pool.Endpoint(s.c.OCMCoreEndpoint))
+	if err != nil {
+		return &ocmcore.DeleteOCMCoreShareResponse{
+			Status: status.NewInternal(ctx, err, "error getting ocm core client"),
+		}, nil
+	}
+
+	res, err := c.DeleteOCMCoreShare(ctx, req)
+	if err != nil {
+		return nil, errors.Wrap(err, "gateway: error calling UpdateOCMCoreShare")
+	}
+
+	return res, nil
+}
diff --git a/internal/grpc/services/gateway/ocminvitemanager.go b/internal/grpc/services/gateway/ocminvitemanager.go
@@ -122,3 +122,19 @@ func (s *svc) FindAcceptedUsers(ctx context.Context, req *invitepb.FindAcceptedU
 
 	return res, nil
 }
+
+func (s *svc) DeleteAcceptedUser(ctx context.Context, req *invitepb.DeleteAcceptedUserRequest) (*invitepb.DeleteAcceptedUserResponse, error) {
+	c, err := pool.GetOCMInviteManagerClient(pool.Endpoint(s.c.OCMInviteManagerEndpoint))
+	if err != nil {
+		return &invitepb.DeleteAcceptedUserResponse{
+			Status: status.NewInternal(ctx, err, "error getting user invite provider client"),
+		}, nil
+	}
+
+	res, err := c.DeleteAcceptedUser(ctx, req)
+	if err != nil {
+		return nil, errors.Wrap(err, "gateway: error calling FindAcceptedUsers")
+	}
+
+	return res, nil
+}
diff --git a/internal/grpc/services/ocmcore/ocmcore.go b/internal/grpc/services/ocmcore/ocmcore.go
@@ -148,3 +148,11 @@ func (s *service) CreateOCMCoreShare(ctx context.Context, req *ocmcore.CreateOCM
 		Created: share.Ctime,
 	}, nil
 }
+
+func (s *service) UpdateOCMCoreShare(ctx context.Context, req *ocmcore.UpdateOCMCoreShareRequest) (*ocmcore.UpdateOCMCoreShareResponse, error) {
+	return nil, errtypes.NotSupported("not implemented")
+}
+
+func (s *service) DeleteOCMCoreShare(ctx context.Context, req *ocmcore.DeleteOCMCoreShareRequest) (*ocmcore.DeleteOCMCoreShareResponse, error) {
+	return nil, errtypes.NotSupported("not implemented")
+}
diff --git a/internal/grpc/services/ocminvitemanager/ocminvitemanager.go b/internal/grpc/services/ocminvitemanager/ocminvitemanager.go
@@ -369,3 +369,16 @@ func (s *service) FindAcceptedUsers(ctx context.Context, req *invitepb.FindAccep
 		AcceptedUsers: acceptedUsers,
 	}, nil
 }
+
+func (s *service) DeleteAcceptedUser(ctx context.Context, req *invitepb.DeleteAcceptedUserRequest) (*invitepb.DeleteAcceptedUserResponse, error) {
+	user := ctxpkg.ContextMustGetUser(ctx)
+	if err := s.repo.DeleteRemoteUser(ctx, user.Id, req.RemoteUserId); err != nil {
+		return &invitepb.DeleteAcceptedUserResponse{
+			Status: status.NewInternal(ctx, err, "error deleting remote users: "+err.Error()),
+		}, nil
+	}
+
+	return &invitepb.DeleteAcceptedUserResponse{
+		Status: status.NewOK(ctx),
+	}, nil
+}
diff --git a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
@@ -459,7 +459,12 @@ func (s *service) ListOCMShares(ctx context.Context, req *ocm.ListOCMSharesReque
 
 func (s *service) UpdateOCMShare(ctx context.Context, req *ocm.UpdateOCMShareRequest) (*ocm.UpdateOCMShareResponse, error) {
 	user := ctxpkg.ContextMustGetUser(ctx)
-	_, err := s.repo.UpdateShare(ctx, user, req.Ref, req.Field.GetPermissions()) // TODO(labkode): check what to update
+	if len(req.Field) == 0 {
+		return &ocm.UpdateOCMShareResponse{
+			Status: status.NewOK(ctx),
+		}, nil
+	}
+	_, err := s.repo.UpdateShare(ctx, user, req.Ref, req.Field...)
 	if err != nil {
 		if errors.Is(err, share.ErrShareNotFound) {
 			return &ocm.UpdateOCMShareResponse{
@@ -495,7 +500,7 @@ func (s *service) ListReceivedOCMShares(ctx context.Context, req *ocm.ListReceiv
 
 func (s *service) UpdateReceivedOCMShare(ctx context.Context, req *ocm.UpdateReceivedOCMShareRequest) (*ocm.UpdateReceivedOCMShareResponse, error) {
 	user := ctxpkg.ContextMustGetUser(ctx)
-	_, err := s.repo.UpdateReceivedShare(ctx, user, req.Share, req.UpdateMask) // TODO(labkode): check what to update
+	_, err := s.repo.UpdateReceivedShare(ctx, user, req.Share, req.UpdateMask)
 	if err != nil {
 		if errors.Is(err, share.ErrShareNotFound) {
 			return &ocm.UpdateReceivedOCMShareResponse{