Make AddACL only recursive when it is passed a directory

cs3org · Oct 23, 2024 · aab7907 · aab7907
1 parent 10664f4
commit aab7907
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 2 deletions.
diff --git a/changelog/unreleased/addacl-recursive.md b/changelog/unreleased/addacl-recursive.md
@@ -0,0 +1,5 @@
+Bugfix: make AddACL only recursive on directories
+
+The current implementation of AddACL in the EOS gRPC client always sets msg.Recursive = true. This causes issues on the EOS side, because it will try running a recursive find on a file, which fails. This PR fixes this bug in Reva.
+
+https://github.com/cs3org/reva/pull/4898
diff --git a/pkg/eosclient/eosgrpc/eosgrpc.go b/pkg/eosclient/eosgrpc/eosgrpc.go
@@ -259,6 +259,13 @@ func (c *Client) AddACL(ctx context.Context, auth, rootAuth eosclient.Authorizat
 	log := appctx.GetLogger(ctx)
 	log.Info().Str("func", "AddACL").Str("uid,gid", auth.Role.UID+","+auth.Role.GID).Str("path", path).Msg("")
 
+	// First, we need to figure out if the path is a directory
+	// to know whether our request should be recursive
+	fileInfo, err := c.GetFileInfoByPath(ctx, auth, path)
+	if err != nil {
+		return err
+	}
+
 	// Init a new NSRequest
 	rq, err := c.initNSRequest(ctx, rootAuth, "")
 	if err != nil {
@@ -272,7 +279,7 @@ func (c *Client) AddACL(ctx context.Context, auth, rootAuth eosclient.Authorizat
 	msg := new(erpc.NSRequest_AclRequest)
 	msg.Cmd = erpc.NSRequest_AclRequest_ACL_COMMAND(erpc.NSRequest_AclRequest_ACL_COMMAND_value["MODIFY"])
 	msg.Type = erpc.NSRequest_AclRequest_ACL_TYPE(erpc.NSRequest_AclRequest_ACL_TYPE_value["SYS_ACL"])
-	msg.Recursive = true
+	msg.Recursive = fileInfo.IsDir
 	msg.Rule = a.CitrineSerialize()
 
 	msg.Id = new(erpc.MDId)
@@ -302,6 +309,13 @@ func (c *Client) RemoveACL(ctx context.Context, auth, rootAuth eosclient.Authori
 	log := appctx.GetLogger(ctx)
 	log.Info().Str("func", "RemoveACL").Str("uid,gid", auth.Role.UID+","+auth.Role.GID).Str("path", path).Msg("")
 
+	// First, we need to figure out if the path is a directory
+	// to know whether our request should be recursive
+	fileInfo, err := c.GetFileInfoByPath(ctx, auth, path)
+	if err != nil {
+		return err
+	}
+
 	acls, err := c.getACLForPath(ctx, auth, path)
 	if err != nil {
 		return err
@@ -319,7 +333,7 @@ func (c *Client) RemoveACL(ctx context.Context, auth, rootAuth eosclient.Authori
 	msg := new(erpc.NSRequest_AclRequest)
 	msg.Cmd = erpc.NSRequest_AclRequest_ACL_COMMAND(erpc.NSRequest_AclRequest_ACL_COMMAND_value["MODIFY"])
 	msg.Type = erpc.NSRequest_AclRequest_ACL_TYPE(erpc.NSRequest_AclRequest_ACL_TYPE_value["SYS_ACL"])
-	msg.Recursive = true
+	msg.Recursive = fileInfo.IsDir
 	msg.Rule = sysACL
 
 	msg.Id = new(erpc.MDId)