graph: Set roles/actions in sharedByMe response (#7703)

* unifiedrole: Add CS3ResourcePermissionsToLibregraphActions Add function to convert CS3ResourcePermsissions to libregraph actions * unifiedrole: Fix strings for the UnifiedRoleConditionSelf The "Self/Owner/Grantee" string are not part the the constraint value * graph: Move getRoleDefinitionList to unifiedrole module rename it to GetBuiltinRoleDefinitionList and make it public * graph: turn libregraph resource actions into string constants * graph/sharedbyme: Set the correct roles (or actions) on permissions Try to map CS3 resource permissions on a share to one of the default libregraph UnifiedRoleDefinitions. If a match if found return the roleid in 'permissions.roles' attribute of the response. If no match if found convert the ResourcePermissions in to `libre.graph.permissions.actions` and return those in the response.
owncloud · Nov 17, 2023 · ba36727 · ba36727
1 parent 4b90187
commit ba36727
Show file tree

Hide file tree

Showing 85 changed files with 110 additions and 110 deletions.
diff --git a/apis/grpc_apis/ocis/messages/eventhistory/v0/grpc.md b/apis/grpc_apis/ocis/messages/eventhistory/v0/grpc.md
@@ -1,7 +1,7 @@
 ---
 title: "ocis.messages.eventhistory.v0"
 url: /apis/grpc_apis/ocis_messages_eventhistory_v0
-date: 2023-11-17T12:30:50Z
+date: 2023-11-17T14:43:17Z
 weight: 50
 geekdocRepo: https://github.com/owncloud/ocis
 ---

diff --git a/apis/grpc_apis/ocis/messages/policies/v0/grpc.md b/apis/grpc_apis/ocis/messages/policies/v0/grpc.md
@@ -1,7 +1,7 @@
 ---
 title: "ocis.messages.policies.v0"
 url: /apis/grpc_apis/ocis_messages_policies_v0
-date: 2023-11-17T12:30:50Z
+date: 2023-11-17T14:43:17Z
 weight: 50
 geekdocRepo: https://github.com/owncloud/ocis
 ---

diff --git a/apis/grpc_apis/ocis/messages/search/v0/grpc.md b/apis/grpc_apis/ocis/messages/search/v0/grpc.md
@@ -1,7 +1,7 @@
 ---
 title: "ocis.messages.search.v0"
 url: /apis/grpc_apis/ocis_messages_search_v0
-date: 2023-11-17T12:30:50Z
+date: 2023-11-17T14:43:17Z
 weight: 50
 geekdocRepo: https://github.com/owncloud/ocis
 ---

diff --git a/apis/grpc_apis/ocis/messages/settings/v0/grpc.md b/apis/grpc_apis/ocis/messages/settings/v0/grpc.md
@@ -1,7 +1,7 @@
 ---
 title: "ocis.messages.settings.v0"
 url: /apis/grpc_apis/ocis_messages_settings_v0
-date: 2023-11-17T12:30:50Z
+date: 2023-11-17T14:43:17Z
 weight: 50
 geekdocRepo: https://github.com/owncloud/ocis
 ---

diff --git a/apis/grpc_apis/ocis/messages/store/v0/grpc.md b/apis/grpc_apis/ocis/messages/store/v0/grpc.md
@@ -1,7 +1,7 @@
 ---
 title: "ocis.messages.store.v0"
 url: /apis/grpc_apis/ocis_messages_store_v0
-date: 2023-11-17T12:30:50Z
+date: 2023-11-17T14:43:17Z
 weight: 50
 geekdocRepo: https://github.com/owncloud/ocis
 ---

diff --git a/apis/grpc_apis/ocis/messages/thumbnails/v0/grpc.md b/apis/grpc_apis/ocis/messages/thumbnails/v0/grpc.md
@@ -1,7 +1,7 @@
 ---
 title: "ocis.messages.thumbnails.v0"
 url: /apis/grpc_apis/ocis_messages_thumbnails_v0
-date: 2023-11-17T12:30:50Z
+date: 2023-11-17T14:43:17Z
 weight: 50
 geekdocRepo: https://github.com/owncloud/ocis
 ---

diff --git a/apis/grpc_apis/ocis/services/eventhistory/v0/grpc.md b/apis/grpc_apis/ocis/services/eventhistory/v0/grpc.md
@@ -1,7 +1,7 @@
 ---
 title: "ocis.services.eventhistory.v0"
 url: /apis/grpc_apis/ocis_services_eventhistory_v0
-date: 2023-11-17T12:30:50Z
+date: 2023-11-17T14:43:17Z
 weight: 50
 geekdocRepo: https://github.com/owncloud/ocis
 ---

diff --git a/apis/grpc_apis/ocis/services/policies/v0/grpc.md b/apis/grpc_apis/ocis/services/policies/v0/grpc.md
@@ -1,7 +1,7 @@
 ---
 title: "ocis.services.policies.v0"
 url: /apis/grpc_apis/ocis_services_policies_v0
-date: 2023-11-17T12:30:50Z
+date: 2023-11-17T14:43:17Z
 weight: 50
 geekdocRepo: https://github.com/owncloud/ocis
 ---

diff --git a/apis/grpc_apis/ocis/services/search/v0/grpc.md b/apis/grpc_apis/ocis/services/search/v0/grpc.md
@@ -1,7 +1,7 @@
 ---
 title: "ocis.services.search.v0"
 url: /apis/grpc_apis/ocis_services_search_v0
-date: 2023-11-17T12:30:50Z
+date: 2023-11-17T14:43:17Z
 weight: 50
 geekdocRepo: https://github.com/owncloud/ocis
 ---

diff --git a/apis/grpc_apis/ocis/services/settings/v0/grpc.md b/apis/grpc_apis/ocis/services/settings/v0/grpc.md
@@ -1,7 +1,7 @@
 ---
 title: "ocis.services.settings.v0"
 url: /apis/grpc_apis/ocis_services_settings_v0
-date: 2023-11-17T12:30:50Z
+date: 2023-11-17T14:43:17Z
 weight: 50
 geekdocRepo: https://github.com/owncloud/ocis
 ---

diff --git a/apis/grpc_apis/ocis/services/store/v0/grpc.md b/apis/grpc_apis/ocis/services/store/v0/grpc.md
@@ -1,7 +1,7 @@
 ---
 title: "ocis.services.store.v0"
 url: /apis/grpc_apis/ocis_services_store_v0
-date: 2023-11-17T12:30:50Z
+date: 2023-11-17T14:43:17Z
 weight: 50
 geekdocRepo: https://github.com/owncloud/ocis
 ---

diff --git a/apis/grpc_apis/ocis/services/thumbnails/v0/grpc.md b/apis/grpc_apis/ocis/services/thumbnails/v0/grpc.md
@@ -1,7 +1,7 @@
 ---
 title: "ocis.services.thumbnails.v0"
 url: /apis/grpc_apis/ocis_services_thumbnails_v0
-date: 2023-11-17T12:30:50Z
+date: 2023-11-17T14:43:17Z
 weight: 50
 geekdocRepo: https://github.com/owncloud/ocis
 ---

diff --git a/services/_includes/adoc/antivirus_configvars.adoc b/services/_includes/adoc/antivirus_configvars.adoc
@@ -4,7 +4,7 @@
 
 ifeval::[{show-deprecation} == true]
 
-[#deprecation-note-2023-11-17-12-31-10]
+[#deprecation-note-2023-11-17-14-43-40]
 [caption=]
 .Deprecation notes for the antivirus service
 [width="100%",cols="~,~,~,~",options="header"]

diff --git a/services/_includes/adoc/app-provider_configvars.adoc b/services/_includes/adoc/app-provider_configvars.adoc
@@ -4,7 +4,7 @@
 
 ifeval::[{show-deprecation} == true]
 
-[#deprecation-note-2023-11-17-12-31-10]
+[#deprecation-note-2023-11-17-14-43-40]
 [caption=]
 .Deprecation notes for the app-provider service
 [width="100%",cols="~,~,~,~",options="header"]

diff --git a/services/_includes/adoc/app-registry_configvars.adoc b/services/_includes/adoc/app-registry_configvars.adoc
@@ -4,7 +4,7 @@
 
 ifeval::[{show-deprecation} == true]
 
-[#deprecation-note-2023-11-17-12-31-10]
+[#deprecation-note-2023-11-17-14-43-39]
 [caption=]
 .Deprecation notes for the app-registry service
 [width="100%",cols="~,~,~,~",options="header"]

diff --git a/services/_includes/adoc/audit_configvars.adoc b/services/_includes/adoc/audit_configvars.adoc
@@ -4,7 +4,7 @@
 
 ifeval::[{show-deprecation} == true]
 
-[#deprecation-note-2023-11-17-12-31-10]
+[#deprecation-note-2023-11-17-14-43-39]
 [caption=]
 .Deprecation notes for the audit service
 [width="100%",cols="~,~,~,~",options="header"]

diff --git a/services/_includes/adoc/auth-basic_configvars.adoc b/services/_includes/adoc/auth-basic_configvars.adoc
@@ -4,7 +4,7 @@
 
 ifeval::[{show-deprecation} == true]
 
-[#deprecation-note-2023-11-17-12-31-10]
+[#deprecation-note-2023-11-17-14-43-39]
 [caption=]
 .Deprecation notes for the auth-basic service
 [width="100%",cols="~,~,~,~",options="header"]
@@ -263,7 +263,7 @@ LDAP DN to use for simple bind authentication with the target LDAP server.
 a|`OCIS_LDAP_BIND_PASSWORD` +
 `LDAP_BIND_PASSWORD` +
 `AUTH_BASIC_LDAP_BIND_PASSWORD` +
-xref:deprecation-note-2023-11-17-12-31-10[Deprecation Note]
+xref:deprecation-note-2023-11-17-14-43-39[Deprecation Note]
 a| [subs=-attributes]
 ++string ++
 a| [subs=-attributes]

diff --git a/services/_includes/adoc/auth-bearer_configvars.adoc b/services/_includes/adoc/auth-bearer_configvars.adoc
@@ -4,7 +4,7 @@
 
 ifeval::[{show-deprecation} == true]
 
-[#deprecation-note-2023-11-17-12-31-10]
+[#deprecation-note-2023-11-17-14-43-39]
 [caption=]
 .Deprecation notes for the auth-bearer service
 [width="100%",cols="~,~,~,~",options="header"]

diff --git a/services/_includes/adoc/auth-machine_configvars.adoc b/services/_includes/adoc/auth-machine_configvars.adoc
@@ -4,7 +4,7 @@
 
 ifeval::[{show-deprecation} == true]
 
-[#deprecation-note-2023-11-17-12-31-10]
+[#deprecation-note-2023-11-17-14-43-40]
 [caption=]
 .Deprecation notes for the auth-machine service
 [width="100%",cols="~,~,~,~",options="header"]

diff --git a/services/_includes/adoc/auth-service_configvars.adoc b/services/_includes/adoc/auth-service_configvars.adoc
@@ -4,7 +4,7 @@
 
 ifeval::[{show-deprecation} == true]
 
-[#deprecation-note-2023-11-17-12-31-10]
+[#deprecation-note-2023-11-17-14-43-40]
 [caption=]
 .Deprecation notes for the auth-service service
 [width="100%",cols="~,~,~,~",options="header"]

diff --git a/services/_includes/adoc/clientlog_configvars.adoc b/services/_includes/adoc/clientlog_configvars.adoc
@@ -4,7 +4,7 @@
 
 ifeval::[{show-deprecation} == true]
 
-[#deprecation-note-2023-11-17-12-31-10]
+[#deprecation-note-2023-11-17-14-43-39]
 [caption=]
 .Deprecation notes for the clientlog service
 [width="100%",cols="~,~,~,~",options="header"]

diff --git a/services/_includes/adoc/eventhistory_configvars.adoc b/services/_includes/adoc/eventhistory_configvars.adoc
@@ -4,7 +4,7 @@
 
 ifeval::[{show-deprecation} == true]
 
-[#deprecation-note-2023-11-17-12-31-10]
+[#deprecation-note-2023-11-17-14-43-40]
 [caption=]
 .Deprecation notes for the eventhistory service
 [width="100%",cols="~,~,~,~",options="header"]

diff --git a/services/_includes/adoc/frontend_configvars.adoc b/services/_includes/adoc/frontend_configvars.adoc
@@ -4,7 +4,7 @@
 
 ifeval::[{show-deprecation} == true]
 
-[#deprecation-note-2023-11-17-12-31-10]
+[#deprecation-note-2023-11-17-14-43-39]
 [caption=]
 .Deprecation notes for the frontend service
 [width="100%",cols="~,~,~,~",options="header"]

diff --git a/services/_includes/adoc/gateway_configvars.adoc b/services/_includes/adoc/gateway_configvars.adoc
@@ -4,7 +4,7 @@
 
 ifeval::[{show-deprecation} == true]
 
-[#deprecation-note-2023-11-17-12-31-10]
+[#deprecation-note-2023-11-17-14-43-39]
 [caption=]
 .Deprecation notes for the gateway service
 [width="100%",cols="~,~,~,~",options="header"]

diff --git a/services/_includes/adoc/global_configvars.adoc b/services/_includes/adoc/global_configvars.adoc
@@ -33,7 +33,7 @@ a| [subs=-attributes]
 ++false ++
 
 a| [subs=-attributes]
-Flag to enable or disable the creation of the demo users.
+The default role assignments the demo users should be setup.
 
 a| `LDAP_BIND_PASSWORD`
 
@@ -248,7 +248,7 @@ a| [subs=-attributes]
 ++[]string ++
 
 a| [subs=-attributes]
-++[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Purge Restore] ++
+++[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires Upload-Checksum Upload-Offset X-HTTP-Method-Override Cache-Control] ++
 
 a| [subs=-attributes]
 A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.
@@ -273,7 +273,7 @@ a| [subs=-attributes]
 ++[]string ++
 
 a| [subs=-attributes]
-++[GET POST PUT PATCH DELETE OPTIONS] ++
+++[OPTIONS HEAD GET PUT POST DELETE MKCOL PROPFIND PROPPATCH MOVE COPY REPORT SEARCH] ++
 
 a| [subs=-attributes]
 A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.
@@ -678,7 +678,7 @@ a| [subs=-attributes]
 ++false ++
 
 a| [subs=-attributes]
-Whether to verify the server TLS certificates.
+Allow insecure connections to the GATEWAY service.
 
 a| `OCIS_JWT_SECRET`
 
@@ -822,7 +822,7 @@ a| [subs=-attributes]
 ++string ++
 
 a| [subs=-attributes]
-++uid=libregraph,ou=sysusers,o=libregraph-idm ++
+++uid=reva,ou=sysusers,o=libregraph-idm ++
 
 a| [subs=-attributes]
 LDAP DN to use for simple bind authentication with the target LDAP server.
@@ -893,7 +893,7 @@ a| [subs=-attributes]
 ++attribute ++
 
 a| [subs=-attributes]
-An option to control the behavior for disabling users. Supported options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed. Default is 'attribute'.
+An option to control the behavior for disabling users. Valid options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed.
 
 a| `OCIS_LDAP_GROUP_BASE_DN`
 
@@ -991,10 +991,10 @@ a| [subs=-attributes]
 ++string ++
 
 a| [subs=-attributes]
-++owncloudUUID ++
+++ownclouduuid ++
 
 a| [subs=-attributes]
-LDAP Attribute to use as the unique id for groups. This should be a stable globally unique ID like a UUID.
+LDAP Attribute to use as the unique id for groups. This should be a stable globally unique id (e.g. a UUID).
 
 a| `OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`
 
@@ -1011,7 +1011,7 @@ a| [subs=-attributes]
 ++false ++
 
 a| [subs=-attributes]
-Set this to true if the defined 'ID' attribute for groups is of the 'OCTETSTRING' syntax. This is required when using the 'objectGUID' attribute of Active Directory for the group ID's.
+Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group IDs.
 
 a| `OCIS_LDAP_GROUP_SCHEMA_MAIL`
 
@@ -1061,7 +1061,7 @@ a| [subs=-attributes]
 ++sub ++
 
 a| [subs=-attributes]
-LDAP search scope to use when looking up groups. Supported scopes are 'base', 'one' and 'sub'.
+LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'.
 
 a| `OCIS_LDAP_INSECURE`
 
@@ -1147,7 +1147,7 @@ a| [subs=-attributes]
 ++ownCloudUserEnabled ++
 
 a| [subs=-attributes]
-LDAP Attribute to use as a flag telling if the user is enabled or disabled.
+LDAP attribute to use as a flag telling if the user is enabled or disabled.
 
 a| `OCIS_LDAP_USER_FILTER`
 
@@ -1214,7 +1214,7 @@ a| [subs=-attributes]
 ++string ++
 
 a| [subs=-attributes]
-++owncloudUUID ++
+++ownclouduuid ++
 
 a| [subs=-attributes]
 LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID.
@@ -1234,7 +1234,7 @@ a| [subs=-attributes]
 ++false ++
 
 a| [subs=-attributes]
-Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is required when using the 'objectGUID' attribute of Active Directory for the user ID's.
+Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user IDs.
 
 a| `OCIS_LDAP_USER_SCHEMA_MAIL`
 
@@ -1303,7 +1303,7 @@ a| [subs=-attributes]
 ++sub ++
 
 a| [subs=-attributes]
-LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'.
+LDAP search scope to use when looking up users. Supported values are 'base', 'one' and 'sub'.
 
 a| `OCIS_LOG_COLOR`
 
@@ -1718,7 +1718,7 @@ a| [subs=-attributes]
 ++false ++
 
 a| [subs=-attributes]
-Set this to true if you want to enforce passwords on Uploader, Editor or Contributor shares. If not using the global OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD, you must define the FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD in the frontend service.
+Set this to true if you want to enforce passwords on Uploader, Editor or Contributor shares.
 
 a| `OCIS_SPACES_MAX_QUOTA`
 
@@ -1733,7 +1733,7 @@ a| [subs=-attributes]
 ++0 ++
 
 a| [subs=-attributes]
-Set a global max quota for spaces in bytes. A value of 0 equals unlimited. If not using the global OCIS_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA in the frontend service.
+Set the global max quota value in bytes. A value of 0 equals unlimited. The value is provided via capabilities.
 
 a| `OCIS_SYSTEM_USER_API_KEY`
 
@@ -1771,7 +1771,7 @@ a| [subs=-attributes]
 ++ ++
 
 a| [subs=-attributes]
-ID of the oCIS storage-system system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.
+ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.
 
 a| `OCIS_SYSTEM_USER_IDP`
 
@@ -2062,7 +2062,7 @@ a| [subs=-attributes]
 ++https://localhost:9200 ++
 
 a| [subs=-attributes]
-The public facing URL of WebDAV.
+URL where oCIS is reachable for users.
 
 a| `STORAGE_USERS_ASYNC_PROPAGATOR_PROPAGATION_DELAY`
 

diff --git a/services/_includes/adoc/graph_configvars.adoc b/services/_includes/adoc/graph_configvars.adoc
@@ -4,7 +4,7 @@
 
 ifeval::[{show-deprecation} == true]
 
-[#deprecation-note-2023-11-17-12-31-10]
+[#deprecation-note-2023-11-17-14-43-39]
 [caption=]
 .Deprecation notes for the graph service
 [width="100%",cols="~,~,~,~",options="header"]
@@ -488,7 +488,7 @@ LDAP DN to use for simple bind authentication with the target LDAP server.
 a|`OCIS_LDAP_BIND_PASSWORD` +
 `LDAP_BIND_PASSWORD` +
 `GRAPH_LDAP_BIND_PASSWORD` +
-xref:deprecation-note-2023-11-17-12-31-10[Deprecation Note]
+xref:deprecation-note-2023-11-17-14-43-39[Deprecation Note]
 a| [subs=-attributes]
 ++string ++
 a| [subs=-attributes]