From 290716a125977485e31aba46dde33bc2a3f9f476 Mon Sep 17 00:00:00 2001
From: jkoberg <jkoberg@owncloud.com>
Date: Thu, 17 Aug 2023 11:21:53 +0200
Subject: [PATCH] grant stat access to service users

Signed-off-by: jkoberg <jkoberg@owncloud.com>
---
 pkg/auth/manager/serviceaccounts/serviceaccounts.go | 5 ++++-
 pkg/storage/utils/decomposedfs/node/node.go         | 4 ----
 pkg/storage/utils/decomposedfs/node/permissions.go  | 9 +++++++++
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/pkg/auth/manager/serviceaccounts/serviceaccounts.go b/pkg/auth/manager/serviceaccounts/serviceaccounts.go
index 43b09b7d183..48e16cf09db 100644
--- a/pkg/auth/manager/serviceaccounts/serviceaccounts.go
+++ b/pkg/auth/manager/serviceaccounts/serviceaccounts.go
@@ -68,7 +68,10 @@ func (m *manager) Authenticate(ctx context.Context, userID string, secret string
 	}
 	return &userpb.User{
 		// TODO: more details for service users?
-		Id: &userpb.UserId{OpaqueId: userID},
+		Id: &userpb.UserId{
+			OpaqueId: userID,
+			Type:     userpb.UserType_USER_TYPE_SERVICE,
+		},
 	}, scope, nil
 }
 
diff --git a/pkg/storage/utils/decomposedfs/node/node.go b/pkg/storage/utils/decomposedfs/node/node.go
index ae73eac27d7..a3e31ee90b3 100644
--- a/pkg/storage/utils/decomposedfs/node/node.go
+++ b/pkg/storage/utils/decomposedfs/node/node.go
@@ -974,10 +974,6 @@ func (n *Node) ReadUserPermissions(ctx context.Context, u *userpb.User) (ap prov
 		return OwnerPermissions(), false, nil
 	}
 
-	if u.Id.GetOpaqueId() == "service-user-id" {
-		return OwnerPermissions(), false, nil
-	}
-
 	ap = provider.ResourcePermissions{}
 
 	// for an efficient group lookup convert the list of groups to a map
diff --git a/pkg/storage/utils/decomposedfs/node/permissions.go b/pkg/storage/utils/decomposedfs/node/permissions.go
index 1e5017241b5..98af4a65160 100644
--- a/pkg/storage/utils/decomposedfs/node/permissions.go
+++ b/pkg/storage/utils/decomposedfs/node/permissions.go
@@ -22,6 +22,7 @@ import (
 	"context"
 	"strings"
 
+	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	"github.com/cs3org/reva/v2/pkg/appctx"
 	ctxpkg "github.com/cs3org/reva/v2/pkg/ctx"
@@ -113,6 +114,14 @@ func (p *Permissions) assemblePermissions(ctx context.Context, n *Node, failOnTr
 		return NoPermissions(), nil
 	}
 
+	if u.GetId().GetType() == userpb.UserType_USER_TYPE_SERVICE {
+		// service users are granted stat access
+		return provider.ResourcePermissions{
+			Stat:          true,
+			ListContainer: true,
+		}, nil
+	}
+
 	// are we reading a revision?
 	if strings.Contains(n.ID, RevisionIDDelimiter) {
 		// verify revision key format