Make permission and role ids unique #5051
Conversation
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
|
Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes. |
|
Kudos, SonarCloud Quality Gate passed! |
|
@rhafer this may need some upgrade considerations |
Hm, thinking again about this, we might actually be lucky. The default roles will be re-created with the new permissions at startup of the settings service. So I think we won't need a migration. And #3432, while ugly, is unrelated to this. |
| @@ -563,9 +563,14 @@ func (g Service) hasStaticPermission(ctx context.Context, permissionID string) b | |||
| return false | |||
| } | |||
|
|
|||
| roleIDs = make([]string, 0, len(assignments)) | |||
| // deduplicate roleids | |||
There was a problem hiding this comment.
I guess this deduplication is mainly needed because of #3432 ?
I am fine merging this. But it seems to paper over a couple of issues:
- AFAIK for now we wanted to have a restriction so that every user can only have a single role assigned. This does not seem to be enforced anywhere.
- It is possible to create the same assignment multiple times. The server will happily create that over and over again.
Author: Jörn Friedrich Dreyer <jfd@owncloud.com>
Date: Tue Nov 15 16:51:49 2022 +0100
Make permission and role ids unique (#5051)
* make permission ids unique
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* deduplicate roleids after listing permissions
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
We've fixed the duplicate assignment of
79e13b30-3e22-11eb-bc51-0b9f0bad9a58for both:create-spaceandsettings-managementpermissions. We also deduplicate role ids after listing them internally to make permission retrieval more efficient.fixes #5033