iterate-ch · dkocher · Apr 3, 2024 · Dec 14, 2023 · Dec 20, 2023 · Dec 20, 2023
@@ -0,0 +1,164 @@
+package ch.cyberduck.core.ctera;
+
+import ch.cyberduck.core.Acl;
+import ch.cyberduck.core.LocaleFactory;
+import ch.cyberduck.core.Path;
+import ch.cyberduck.core.PathAttributes;
+import ch.cyberduck.core.dav.DAVAttributesFinderFeature;
+import ch.cyberduck.core.dav.DAVPathEncoder;
+import ch.cyberduck.core.dav.DAVSession;
+import ch.cyberduck.core.exception.AccessDeniedException;
+import ch.cyberduck.core.exception.BackgroundException;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
+import javax.xml.namespace.QName;
+import java.io.IOException;
+import java.text.MessageFormat;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+import com.github.sardine.DavResource;
+
+public class CteraAttributesFinderFeature extends DAVAttributesFinderFeature {
+    private static final Logger log = LogManager.getLogger(CteraAttributesFinderFeature.class);
+
+    public static final String CTERA_GUID = "guid";
+    public static final String CTERA_NAMESPACE_URI = "http://www.ctera.com/ns";
+    public static final String CTERA_NAMESPACE_PREFIX = "ctera";
+    /**
+     * Read Data: Allows or denies viewing data in files.
+     */
+    public static final Acl.Role READPERMISSION = new Acl.Role("readpermission");
+    /**
+     * Write Data: Allows or denies making changes to a file and overwriting existing content.
+     */
+    public static final Acl.Role WRITEPERMISSION = new Acl.Role("writepermission");
+    /**
+     * Execute File: Allows or denies running program (executable) files.
+     * Files only.
+     */
+    public static final Acl.Role EXECUTEPERMISSION = new Acl.Role("executepermission");
+    /**
+     * Allows or denies deleting the file or folder. If you don't have Delete permission on a file or folder,
+     * you can still delete it if you have been granted Delete Subfolders and Files on the parent folder.
+     */
+    public static final Acl.Role DELETEPERMISSION = new Acl.Role("deletepermission");
+    /**
+     * Create Files: Allows or denies creating files within the folder.
+     * Directories only.
+     * For future use, not used yet.
+     */
+    @Deprecated
+    public static final Acl.Role CREATEFILEPERMISSION = new Acl.Role(WRITEPERMISSION.getName());
+    /**
+     * Create Folders: Allows or denies creating subfolders within the folder.
+     * Directories only.
+     */
+    public static final Acl.Role CREATEDIRECTORIESPERMISSION = new Acl.Role("createdirectoriespermission");
+
+    public static final Set<Acl.Role> ALL_ACL_ROLES = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
+            READPERMISSION, WRITEPERMISSION, EXECUTEPERMISSION, DELETEPERMISSION, CREATEDIRECTORIESPERMISSION
+    )));
+    public static final Set<QName> ALL_ACL_QN = Collections.unmodifiableSet(ALL_ACL_ROLES.stream().map(CteraAttributesFinderFeature::toQn).collect(Collectors.toSet()));
+    public static final QName GUID_QN = new QName(CteraAttributesFinderFeature.CTERA_NAMESPACE_URI, CteraAttributesFinderFeature.CTERA_GUID, CteraAttributesFinderFeature.CTERA_NAMESPACE_PREFIX);
+
+    private final DAVSession session;
+
+    public CteraAttributesFinderFeature(final DAVSession session) {
+        super(session);
+        this.session = session;
+    }
+
+    public static QName toQn(final Acl.Role role) {
+        return new QName(CTERA_NAMESPACE_URI, role.getName(), CTERA_NAMESPACE_PREFIX);
+    }
+
+    public static String toProp(final QName qn) {
+        return qn.getLocalPart();
+    }
+
+    public static Acl.Role toRole(final QName qn) {
+        return new Acl.Role(toProp(qn));
+    }
+
+    /**
+     * @param customProps Custom properties from DAV resource
+     * @return Known ACLs in custom namespace
+     */
+    public static Acl toAcl(final Map<String, String> customProps) {
+        if(customProps.keySet().stream().anyMatch(property -> ALL_ACL_QN.stream().anyMatch(qn -> toProp(qn).equals(property)))) {
+            return new Acl(new Acl.CanonicalUser(), customProps.entrySet().stream().filter(property -> ALL_ACL_QN.stream().anyMatch(qn -> toProp(qn).equals(property.getKey())))
+                    .filter(property -> Boolean.parseBoolean(property.getValue())).map(property -> new Acl.Role(property.getKey())).distinct().toArray(Acl.Role[]::new));
+        }
+        // Ignore ACL in preflight checks as none of the custom roles is found
+        return Acl.EMPTY;
+    }
+
+    /**
+     * @param file File with ACLs to validate role
+     * @param role Assumed role
+     * @throws AccessDeniedException ACLs do not contain role
+     */
+    protected static void assumeRole(final Path file, final Acl.Role role) throws BackgroundException {
+        assumeRole(file, file.getName(), role);
+    }
+
+    protected static void assumeRole(final Path file, final String filename, final Acl.Role role) throws BackgroundException {
+        final Acl acl = file.attributes().getAcl();
+        if(acl == Acl.EMPTY) {
+            if(log.isWarnEnabled()) {
+                log.warn(String.format("Missing ACL for %s", file));
+            }
+            return;
+        }
+        if(!acl.get(new Acl.CanonicalUser()).contains(role)) {
+            if(log.isWarnEnabled()) {
+                log.warn(String.format("ACL %s for %s does not include %s", acl, file, role));
+            }
+            if(role == READPERMISSION) {
+                throw new AccessDeniedException(MessageFormat.format(LocaleFactory.localizedString("Download {0} failed", "Error"),
+                        filename)).withFile(file);
+            }
+            if(role == WRITEPERMISSION) {
+                throw new AccessDeniedException(MessageFormat.format(LocaleFactory.localizedString("Upload {0} failed", "Error"),
+                        filename)).withFile(file);
+            }
+            if(role == DELETEPERMISSION) {
+                throw new AccessDeniedException(MessageFormat.format(
+                        LocaleFactory.localizedString("Cannot delete {0}", "Error"), file.getName())).withFile(file);
+            }
+            if(role == CREATEDIRECTORIESPERMISSION) {
+                throw new AccessDeniedException(MessageFormat.format(LocaleFactory.localizedString("Cannot create folder {0}", "Error"),
+                        filename)).withFile(file);
+            }
+            throw new AccessDeniedException(MessageFormat.format(
+                    LocaleFactory.localizedString("Cannot create {0}", "Error"), file.getName())).withFile(file);
+        }
+    }
+
+    @Override
+    protected List<DavResource> list(final Path file) throws IOException {
+        return session.getClient().list(new DAVPathEncoder().encode(file), 0, Collections.unmodifiableSet(Stream.concat(
+                Stream.of(GUID_QN), ALL_ACL_QN.stream()
+        ).collect(Collectors.toSet())));
+    }
+
+    @Override
+    public PathAttributes toAttributes(final DavResource resource) {
+        final Map<String, String> customProps = resource.getCustomProps();
+        final Acl acl = toAcl(customProps);
+        final PathAttributes attributes = super.toAttributes(resource);
+        if(customProps.containsKey(CTERA_GUID)) {
+            attributes.setFileId(customProps.get(CTERA_GUID));
+        }
+        return attributes.withAcl(acl);
+    }
+}
@@ -0,0 +1,47 @@
+package ch.cyberduck.core.ctera;
+
+/*
+ * Copyright (c) 2002-2024 iterate GmbH. All rights reserved.
+ * https://cyberduck.io/
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+import ch.cyberduck.core.Path;
+import ch.cyberduck.core.dav.DAVCopyFeature;
+import ch.cyberduck.core.exception.BackgroundException;
+
+import static ch.cyberduck.core.ctera.CteraAttributesFinderFeature.*;
+
+public class CteraCopyFeature extends DAVCopyFeature {
+
+    private final CteraAttributesFinderFeature attributes;
+
+    public CteraCopyFeature(final CteraSession session, final CteraAttributesFinderFeature attributes) {
+        super(session);
+        this.attributes = attributes;
+    }
+
+    public CteraCopyFeature(final CteraSession session) {
+        super(session);
+        this.attributes = new CteraAttributesFinderFeature(session);
+    }
+
+    @Override
+    public void preflight(final Path source, final Path target) throws BackgroundException {
+        // defaults to Acl.EMPTY (disabling role checking) if target does not exist
+        assumeRole(target, WRITEPERMISSION);
+        // no createfilespermission required for now
+        if(source.isDirectory()) {
+            assumeRole(target.getParent(), target.getName(), CREATEDIRECTORIESPERMISSION);
+        }
+    }
+}
@@ -0,0 +1,35 @@
+package ch.cyberduck.core.ctera;
+
+/*
+ * Copyright (c) 2002-2024 iterate GmbH. All rights reserved.
+ * https://cyberduck.io/
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+import ch.cyberduck.core.Path;
+import ch.cyberduck.core.dav.DAVDeleteFeature;
+import ch.cyberduck.core.exception.BackgroundException;
+
+import static ch.cyberduck.core.ctera.CteraAttributesFinderFeature.DELETEPERMISSION;
+import static ch.cyberduck.core.ctera.CteraAttributesFinderFeature.assumeRole;
+
+public class CteraDeleteFeature extends DAVDeleteFeature {
+
+    public CteraDeleteFeature(final CteraSession session) {
+        super(session);
+    }
+
+    @Override
+    public void preflight(Path file) throws BackgroundException {
+        assumeRole(file, DELETEPERMISSION);
+    }
+}
@@ -23,16 +23,21 @@
 
 import java.text.MessageFormat;
 
+import static ch.cyberduck.core.ctera.CteraAttributesFinderFeature.CREATEDIRECTORIESPERMISSION;
+import static ch.cyberduck.core.ctera.CteraAttributesFinderFeature.assumeRole;
+import static ch.cyberduck.core.ctera.CteraTouchFeature.validate;
+
 public class CteraDirectoryFeature extends DAVDirectoryFeature {
 
     public CteraDirectoryFeature(final CteraSession session) {
-        super(session);
+        super(session, new CteraAttributesFinderFeature(session));
     }
 
     @Override
     public void preflight(final Path workdir, final String filename) throws BackgroundException {
-        if(!CteraTouchFeature.validate(filename)) {
+        if(!validate(filename)) {
             throw new InvalidFilenameException(MessageFormat.format(LocaleFactory.localizedString("Cannot create folder {0}", "Error"), filename));
         }
+        assumeRole(workdir, filename, CREATEDIRECTORIESPERMISSION);
     }
 }
@@ -0,0 +1,48 @@
+package ch.cyberduck.core.ctera;
+
+/*
+ * Copyright (c) 2002-2024 iterate GmbH. All rights reserved.
+ * https://cyberduck.io/
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+import ch.cyberduck.core.Path;
+import ch.cyberduck.core.dav.DAVListService;
+import ch.cyberduck.core.dav.DAVPathEncoder;
+
+import java.io.IOException;
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+import com.github.sardine.DavResource;
+
+import static ch.cyberduck.core.ctera.CteraAttributesFinderFeature.ALL_ACL_QN;
+import static ch.cyberduck.core.ctera.CteraAttributesFinderFeature.GUID_QN;
+
+public class CteraListService extends DAVListService {
+
+    private final CteraSession session;
+
+    public CteraListService(final CteraSession session) {
+        super(session, new CteraAttributesFinderFeature(session));
+        this.session = session;
+    }
+
+    @Override
+    protected List<DavResource> list(final Path directory) throws IOException {
+        return session.getClient().list(new DAVPathEncoder().encode(directory), 1, Collections.unmodifiableSet(Stream.concat(
+                Stream.of(GUID_QN), ALL_ACL_QN.stream()
+        ).collect(Collectors.toSet())));
+    }
+}
@@ -23,16 +23,33 @@
 
 import java.text.MessageFormat;
 
+import static ch.cyberduck.core.ctera.CteraAttributesFinderFeature.*;
+
 public class CteraMoveFeature extends DAVMoveFeature {
 
+    private final CteraAttributesFinderFeature attributes;
+
     public CteraMoveFeature(final CteraSession session) {
         super(session);
+        this.attributes = new CteraAttributesFinderFeature(session);
+    }
+
+    public CteraMoveFeature(final CteraSession session, final CteraAttributesFinderFeature attributes) {
+        super(session);
+        this.attributes = attributes;
     }
 
     @Override
     public void preflight(final Path source, final Path target) throws BackgroundException {
         if(!CteraTouchFeature.validate(target.getName())) {
             throw new InvalidFilenameException(MessageFormat.format(LocaleFactory.localizedString("Cannot rename {0}", "Error"), source.getName())).withFile(source);
         }
+        assumeRole(source, DELETEPERMISSION);
+        // defaults to Acl.EMPTY (disabling role checking) if target does not exist
+        assumeRole(target, WRITEPERMISSION);
+        // no createfilespermission required for now
+        if(source.isDirectory()) {
+            assumeRole(target.getParent(), target.getName(), CREATEDIRECTORIESPERMISSION);
+        }
     }
 }
@@ -0,0 +1,35 @@
+package ch.cyberduck.core.ctera;
+
+/*
+ * Copyright (c) 2002-2024 iterate GmbH. All rights reserved.
+ * https://cyberduck.io/
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+import ch.cyberduck.core.Path;
+import ch.cyberduck.core.dav.DAVReadFeature;
+import ch.cyberduck.core.exception.BackgroundException;
+
+import static ch.cyberduck.core.ctera.CteraAttributesFinderFeature.READPERMISSION;
+import static ch.cyberduck.core.ctera.CteraAttributesFinderFeature.assumeRole;
+
+public class CteraReadFeature extends DAVReadFeature {
+
+    public CteraReadFeature(final CteraSession session) {
+        super(session);
+    }
+
+    @Override
+    public void preflight(Path file) throws BackgroundException {
+        assumeRole(file, READPERMISSION);
+    }
+}