Skip to content

Commit

Permalink
grant stat access to service users
Browse files Browse the repository at this point in the history 
Signed-off-by: jkoberg <[email protected]>
  • Loading branch information
@kobergj
kobergj committed Aug 17, 2023
1 parent ca1b994 commit 290716a
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 5 deletions.
5 changes: 4 additions & 1 deletion pkg/auth/manager/serviceaccounts/serviceaccounts.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,10 @@ func (m *manager) Authenticate(ctx context.Context, userID string, secret string
}
return &userpb.User{
// TODO: more details for service users?
Id: &userpb.UserId{OpaqueId: userID},
Id: &userpb.UserId{
OpaqueId: userID,
Type: userpb.UserType_USER_TYPE_SERVICE,
},
}, scope, nil
}

Expand Down
4 changes: 0 additions & 4 deletions pkg/storage/utils/decomposedfs/node/node.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -974,10 +974,6 @@ func (n *Node) ReadUserPermissions(ctx context.Context, u *userpb.User) (ap prov
return OwnerPermissions(), false, nil
}

if u.Id.GetOpaqueId() == "service-user-id" {
return OwnerPermissions(), false, nil
}

ap = provider.ResourcePermissions{}

// for an efficient group lookup convert the list of groups to a map
Expand Down
9 changes: 9 additions & 0 deletions pkg/storage/utils/decomposedfs/node/permissions.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"context"
"strings"

userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
"github.com/cs3org/reva/v2/pkg/appctx"
ctxpkg "github.com/cs3org/reva/v2/pkg/ctx"
Expand Down Expand Up @@ -113,6 +114,14 @@ func (p *Permissions) assemblePermissions(ctx context.Context, n *Node, failOnTr
return NoPermissions(), nil
}

if u.GetId().GetType() == userpb.UserType_USER_TYPE_SERVICE {
// service users are granted stat access
return provider.ResourcePermissions{
Stat: true,
ListContainer: true,
}, nil
}

// are we reading a revision?
if strings.Contains(n.ID, RevisionIDDelimiter) {
// verify revision key format
Expand Down

0 comments on commit 290716a

Please sign in to comment.