From 411b5cad3cc1a88c42a72dd188c9f3444080fa38 Mon Sep 17 00:00:00 2001 From: Bruno Michel Date: Thu, 9 Jan 2025 17:27:19 +0100 Subject: [PATCH] Allow to patch password/expires_at for permissions --- docs/permissions.md | 30 +++++++++++++++++++++++++++- web/permissions/permissions.go | 36 +++++++++++++++++++++++++++------- 2 files changed, 58 insertions(+), 8 deletions(-) diff --git a/docs/permissions.md b/docs/permissions.md index 682a4597454..366efe56021 100644 --- a/docs/permissions.md +++ b/docs/permissions.md @@ -57,7 +57,7 @@ Some known types: - `io.cozy.jobs` and `io.cozy.triggers`, for [jobs](jobs.md) - `io.cozy.oauth.clients`, to list and revoke [OAuth 2 clients](auth.md) -It is also possible to use a wildcard to use a doctype and its sub-doctypes if +It is also possible to use a wildcard to use a doctype and its sub-doctypes if the doctype contains at least 3 `.`. For example, `io.cozy.bank.*` will give access to `io.cozy.bank`, `io.cozy.bank.accounts`, `io.cozy.bank.accounts.stats`, @@ -444,6 +444,34 @@ Accept: application/vnd.api+json } ``` +#### Request to update the password and the expiration date of the sharing link + +```http +PATCH /permissions/a340d5e0-d647-11e6-b66c-5fc9ce1e17c6 HTTP/1.1 +Host: cozy.example.net +Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ +Content-Type: application/vnd.api+json +Accept: application/vnd.api+json +``` + +```json +{ + "data": { + "id": "a340d5e0-d647-11e6-b66c-5fc9ce1e17c6", + "type": "io.cozy.permissions", + "attributes": { + "password": "NewPassword", + "expires_at": "2025-01-01T00:00:00Z" + }, + "cozyMetadata": { + "doctypeVersion": 1, + "metadataVersion": 1, + "updatedAt": "2019-05-14T12:00:37.372193145+02:00" + } + } +} +``` + #### Request to add permissions ```http diff --git a/web/permissions/permissions.go b/web/permissions/permissions.go index 33c01cf1e47..fe3ab2852be 100644 --- a/web/permissions/permissions.go +++ b/web/permissions/permissions.go @@ -357,19 +357,36 @@ func patchPermission(getPerms getPermsFunc, paramName string) echo.HandlerFunc { patchSet := patch.Permissions != nil && len(patch.Permissions) > 0 patchCodes := len(patch.Codes) > 0 - if patchCodes == patchSet { - return ErrPatchCodeOrSet - } - toPatch, err := getPerms(instance, c.Param(paramName)) if err != nil { return err } - if patchCodes { - if !current.CanUpdateShareByLink(toPatch) { - return permission.ErrNotParent + if !patchSet && !current.CanUpdateShareByLink(toPatch) { + return permission.ErrNotParent + } + + if patchCodes == patchSet { + if patchSet { + return ErrPatchCodeOrSet + } + if patch.Password == nil && patch.ExpiresAt == nil { + return ErrPatchCodeOrSet } + } + + if pass, _ := patch.Password.(string); pass != "" { + hash, err := crypto.GenerateFromPassphrase([]byte(pass)) + if err != nil { + return err + } + toPatch.Password = hash + } + if patch.ExpiresAt != nil { + toPatch.ExpiresAt = patch.ExpiresAt + } + + if patchCodes { toPatch.PatchCodes(patch.Codes) } @@ -406,6 +423,11 @@ func patchPermission(getPerms getPermsFunc, paramName string) echo.HandlerFunc { return err } + // Don't send the password hash to the client + if toPatch.Password != nil { + toPatch.Password = true + } + return jsonapi.Data(c, http.StatusOK, &APIPermission{toPatch, nil}, nil) } }