-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
decomposedfs: make owner type optional #1978
Conversation
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
This is the wrong approach: |
@ishank011 @labkode @aduffeck AFAICT the lightweight accounts are only needed for sharing, eg. when giving external users access to a file or folder. When moving the share folder logic to the sharestorageprovider by @aduffeck this will affect the existing storage drivers in two ways:
In the spaces concept a lightweight account will only have access to storage spaces that are in fact shared folders or files in other storage providers (in Since guest acounts / lightweight accounts don't exist in the storage system (= not in LDAP) requests for them need to impersonate someone who does have access, eg. the share owner or the resource owner, but with an additional permissions mask. The storage driver itself does not need to handle lightweigth accounts. It should log them, but that can happen in the storage provider implementation. |
This is ok for now, but we need to
|
Why? Users will still make requests in their home namespace, and the storage drivers will determine the internal paths based on whether home is enabled or not. From that PR, just the shares folder will be moved out.
Lw accounts won't have any space allocated to them, so they won't be able to create share references in the shares folder. So their requests would be ID and absolute path based.
This should depend on the storage drivers IMO. They'll have multiple resources shared with them by different users so it won't be possible for them to impersonate any particular user at a global level. For example, when listing shares in ocdav, we need to stat every resource. The only place where this can happen is at the storage level. The driver can say that it does not support such accounts if these need to be present in the auth provider. |
What is the difference beween a home namespace (
I agree
well, we do have a resharing permission in oc10 ... and I am not saying we need that
both? that does not make sense, either id only, path only or combined, right?
Right, for lightweight accounts the share storage provider will make requests to the actual storage provider, impersonating the share owner or the file owner. We should decouple that. Again, that moves the logic into the share storage provider ... and out of the drivers. The latter should be dumb and only optionally integrate with users that exist in the os/filesystem. |
When reading the user from the extended attributes the user type might not be set, in this case we now return a user with an invalid type, which correctly reflects the state on disk.