Use new ocm 1.2 fields from CS3APIs

cmd/reva/ocm-share-create.go

@@ -197,7 +197,7 @@ func getAccessMethods(webdav, webapp, datatx bool, rol string) ([]*ocm.AccessMet
 		if err != nil {
 			return nil, err
 		}
-		m = append(m, ocmshare.NewWebDavAccessMethod(perm))
+		m = append(m, ocmshare.NewWebDavAccessMethod(perm, []string{}))
 	}
 	if webapp {
 		v, err := getOCMViewMode(rol)

go.mod

@@ -13,7 +13,7 @@ require (
 	github.com/coreos/go-oidc/v3 v3.12.0
 	github.com/creasty/defaults v1.8.0
 	github.com/cs3org/cato v0.0.0-20200828125504-e418fc54dd5e
-	github.com/cs3org/go-cs3apis v0.0.0-20241105092511-3ad35d174fc1
+	github.com/cs3org/go-cs3apis v0.0.0-20250218144737-544dd3919658
 	github.com/dgraph-io/ristretto v0.2.0
 	github.com/dolthub/go-mysql-server v0.14.0
 	github.com/gdexlab/go-render v1.0.1

go.sum

@@ -891,8 +891,8 @@ github.com/creasty/defaults v1.8.0 h1:z27FJxCAa0JKt3utc0sCImAEb+spPucmKoOdLHvHYK
 github.com/creasty/defaults v1.8.0/go.mod h1:iGzKe6pbEHnpMPtfDXZEr0NVxWnPTjb1bbDy08fPzYM=
 github.com/cs3org/cato v0.0.0-20200828125504-e418fc54dd5e h1:tqSPWQeueWTKnJVMJffz4pz0o1WuQxJ28+5x5JgaHD8=
 github.com/cs3org/cato v0.0.0-20200828125504-e418fc54dd5e/go.mod h1:XJEZ3/EQuI3BXTp/6DUzFr850vlxq11I6satRtz0YQ4=
-github.com/cs3org/go-cs3apis v0.0.0-20241105092511-3ad35d174fc1 h1:RU6LT6mkD16xZs011+8foU7T3LrPvTTSWeTQ9OgfhkA=
-github.com/cs3org/go-cs3apis v0.0.0-20241105092511-3ad35d174fc1/go.mod h1:DedpcqXl193qF/08Y04IO0PpxyyMu8+GrkD6kWK2MEQ=
+github.com/cs3org/go-cs3apis v0.0.0-20250218144737-544dd3919658 h1:CmH7twDuNUrHQXChZMafWjsEp1V47KutJlOAt6FjzGA=
+github.com/cs3org/go-cs3apis v0.0.0-20250218144737-544dd3919658/go.mod h1:DedpcqXl193qF/08Y04IO0PpxyyMu8+GrkD6kWK2MEQ=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

internal/grpc/services/ocmshareprovider/ocmshareprovider.go

@@ -191,6 +191,7 @@ func (s *service) getWebdavProtocol(share *ocm.Share, m *ocm.AccessMethod_Webdav
 
 	return &ocmd.WebDAV{
 		Permissions:  perms,
+		Requirements: m.WebdavOptions.Requirements,
 		URI:          s.webdavURL(share),
 		SharedSecret: share.Token,
 	}

internal/http/services/experimental/sciencemesh/apps.go

@@ -121,7 +121,7 @@ func (h *appsHandler) webappTemplate(ctx context.Context, id *ocmpb.ShareId) (st
 		return "", errtypes.BadRequest("share does not contain webapp protocol")
 	}
 
-	return webapp.UriTemplate, nil
+	return webapp.Uri, nil
 }
 
 func getWebappProtocol(protocols []*ocmpb.Protocol) (*ocmpb.WebappProtocol, bool) {

internal/http/services/experimental/sciencemesh/share.go

@@ -103,7 +103,7 @@ func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
 
 	perm, viewMode := getPermissionsByRole(req.Role)
 
-	log.Debug().Msg("calling gatewayClient.CreateOCMShare from sciencemesh/share.go")
+	log.Debug().Msg("calling gatewayClient.CreateOCMShare")
 	shareRes, err := h.gatewayClient.CreateOCMShare(ctx, &ocm.CreateOCMShareRequest{
 		ResourceId: statRes.Info.Id,
 		Grantee: &providerpb.Grantee{
@@ -117,11 +117,11 @@ func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
 		},
 		RecipientMeshProvider: recipientProviderInfo.ProviderInfo,
 		AccessMethods: []*ocm.AccessMethod{
-			share.NewWebDavAccessMethod(perm),
+			share.NewWebDavAccessMethod(perm, []string{}),
 			share.NewWebappAccessMethod(viewMode),
 		},
 	})
-	log.Debug().Msg("called gatewayClient.CreateOCMShare from sciencemesh/share.go")
+	log.Debug().Any("response", shareRes).Msg("called gatewayClient.CreateOCMShare")
 
 	switch {
 	case err != nil:

internal/http/services/opencloudmesh/ocmd/shares.go

@@ -68,11 +68,11 @@ func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	log := appctx.GetLogger(ctx)
 	req, err := getCreateShareRequest(r)
+	log.Info().Any("req", req).Msg("OCM /shares request received")
 	if err != nil {
 		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, err.Error(), nil)
 		return
 	}
-	log.Info().Any("req", req).Msg("OCM /shares request received")
 
 	_, meshProvider, err := getIDAndMeshProvider(req.Sender)
 	log.Debug().Msgf("Determined Mesh Provider '%s' from req.Sender '%s'", meshProvider, req.Sender)
@@ -99,7 +99,7 @@ func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
 		Provider: &providerInfo,
 	})
 	if err != nil {
-		reqres.WriteError(w, r, reqres.APIErrorServerError, "error sending a grpc is provider allowed request", err)
+		reqres.WriteError(w, r, reqres.APIErrorServerError, "error sending a grpc isProviderAllowed request", err)
 		return
 	}
 	if providerAllowedResp.Status.Code != rpc.Code_CODE_OK {
@@ -109,7 +109,7 @@ func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
 
 	shareWith, _, err := getIDAndMeshProvider(req.ShareWith)
 	if err != nil {
-		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, err.Error(), nil)
+		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, "error with mesh provider", err)
 		return
 	}
 
@@ -127,19 +127,19 @@ func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
 
 	owner, err := getUserIDFromOCMUser(req.Owner)
 	if err != nil {
-		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, err.Error(), nil)
+		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, "error with remote owner", err)
 		return
 	}
 
 	sender, err := getUserIDFromOCMUser(req.Sender)
 	if err != nil {
-		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, err.Error(), nil)
+		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, "error with remote sender", err)
 		return
 	}
 
 	protocols, err := getAndResolveProtocols(req.Protocols, r)
 	if err != nil {
-		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, err.Error(), nil)
+		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, "error with protocols payload", err)
 		return
 	}
 
@@ -249,45 +249,46 @@ func getOCMShareType(t string) ocm.ShareType {
 func getAndResolveProtocols(p Protocols, r *http.Request) ([]*ocm.Protocol, error) {
 	protos := make([]*ocm.Protocol, 0, len(p))
 	for _, data := range p {
+		var uri string
 		ocmProto := data.ToOCMProtocol()
 		protocolName := GetProtocolName(data)
-		var uri string
-		var isLocalhost bool
-
 		switch protocolName {
 		case "webdav":
 			uri = ocmProto.GetWebdavOptions().Uri
-			isLocalhost = strings.Contains(uri, "localhost")
+			reqs := ocmProto.GetWebdavOptions().Requirements
+			if len(reqs) > 0 {
+				// we currently do not support any kind of requirement
+				return nil, errtypes.BadRequest(fmt.Sprintf("incoming OCM share with requirements %+v not supported at this endpoint", reqs))
+			}
 		case "webapp":
-			uri = ocmProto.GetWebappOptions().UriTemplate
-			isLocalhost = strings.Contains(uri, "localhost")
+			uri = ocmProto.GetWebappOptions().Uri
 		}
 
-		// Irrespective from the presence of a full `uri` in the payload (deprecated), resolve the remote root
+		// Irrespective from the presence of a full `uri` in the payload (deprecated), validate the
+		// remote is an OCM server and resolve the remote root
 		// yet skip this if the remote is localhost (for integration tests)
-		if isLocalhost {
+		if strings.Contains(uri, "localhost") {
 			protos = append(protos, ocmProto)
 			continue
 		}
 		remoteRoot, err := discoverOcmRoot(r, protocolName)
 		if err != nil {
 			return nil, err
 		}
-		uri, _ = url.JoinPath(remoteRoot, uri[strings.LastIndex(uri, "/")+1:])
 
+		uri, _ = url.JoinPath(remoteRoot, uri[strings.LastIndex(uri, "/")+1:])
 		switch protocolName {
 		case "webdav":
 			ocmProto.GetWebdavOptions().Uri = uri
 		case "webapp":
-			ocmProto.GetWebappOptions().UriTemplate = uri
+			ocmProto.GetWebappOptions().Uri = uri
 		}
 		protos = append(protos, ocmProto)
 	}
 
 	return protos, nil
 }
 
-
 func discoverOcmRoot(r *http.Request, proto string) (string, error) {
 	// implements the OCM discovery logic to fetch the root at the remote host that sent the share for the given proto, see
 	// https://cs3org.github.io/OCM-API/docs.html?branch=v1.1.0&repo=OCM-API&user=cs3org#/paths/~1ocm-provider/get

internal/http/services/opencloudmesh/ocmd/specs.go

@@ -98,7 +98,7 @@ type Protocols []Protocol
 // Protocol represents the way of access the resource
 // in the OCM share.
 type Protocol interface {
-	// ToOCMProtocol converts the protocol to a OCM `Protocol` struct
+	// ToOCMProtocol converts the protocol to a CS3API OCM `Protocol` struct
 	ToOCMProtocol() *ocm.Protocol
 }
 
@@ -131,7 +131,7 @@ func (w *WebDAV) ToOCMProtocol() *ocm.Protocol {
 		}
 	}
 
-	return ocmshare.NewWebDAVProtocol(w.URI, w.SharedSecret, perms)
+	return ocmshare.NewWebDAVProtocol(w.URI, w.SharedSecret, perms, w.Requirements)
 }
 
 // Webapp contains the parameters for the Webapp protocol.
@@ -226,7 +226,7 @@ func (p Protocols) MarshalJSON() ([]byte, error) {
 	for _, prot := range p {
 		d[GetProtocolName(prot)] = prot
 	}
-	// fill in the OCM v1.0 properties: for now we only create OCM 1.1 payloads,
+	// fill in the OCM v1.0 properties: we only create OCM 1.1+ payloads,
 	// irrespective from the capabilities of the remote server.
 	d["name"] = "multi"
 	d["options"] = map[string]any{}

internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/remote.go

@@ -111,7 +111,7 @@ func (h *Handler) createFederatedCloudShare(w http.ResponseWriter, r *http.Reque
 		},
 		RecipientMeshProvider: providerInfoResp.ProviderInfo,
 		AccessMethods: []*ocm.AccessMethod{
-			share.NewWebDavAccessMethod(role.CS3ResourcePermissions()),
+			share.NewWebDavAccessMethod(role.CS3ResourcePermissions(), []string{}),
 			share.NewWebappAccessMethod(getViewModeFromRole(role)),
 		},
 	})

internal/http/services/reqres/reqres.go

@@ -60,9 +60,7 @@ type APIError struct {
 
 // WriteError handles writing error responses.
 func WriteError(w http.ResponseWriter, r *http.Request, code APIErrorCode, message string, e error) {
-	if e != nil {
-		appctx.GetLogger(r.Context()).Error().Err(e).Msg(message)
-	}
+	appctx.GetLogger(r.Context()).Error().Err(e).Any("code", code).Str("message", message).Msg("sending back error response")
 
 	var encoded []byte
 	var err error

pkg/ocm/share/repository/nextcloud/nextcloud.go

@@ -181,7 +181,7 @@ func (sm *Manager) efssShareToOcm(resp *EfssShare) *ocm.Share {
 	// first generate the map of access methods, assuming WebDAV is always present
 	var am = make([]*ocm.AccessMethod, 0, 3)
 	am = append(am, share.NewWebDavAccessMethod(conversions.RoleFromOCSPermissions(
-		conversions.Permissions(resp.Protocols.WebDAV.Permissions)).CS3ResourcePermissions()))
+		conversions.Permissions(resp.Protocols.WebDAV.Permissions)).CS3ResourcePermissions(), []string{}))
 	if resp.Protocols.WebApp.ViewMode != "" {
 		am = append(am, share.NewWebappAccessMethod(utils.GetAppViewMode(resp.Protocols.WebApp.ViewMode)))
 	}
@@ -326,7 +326,7 @@ func efssReceivedShareToOcm(resp *ReceivedEfssShare) *ocm.ReceivedShare {
 	var proto = make([]*ocm.Protocol, 0, 3)
 	proto = append(proto, share.NewWebDAVProtocol(resp.Share.Protocols.WebDAV.URI, resp.Share.Token, &ocm.SharePermissions{
 		Permissions: conversions.RoleFromOCSPermissions(conversions.Permissions(resp.Share.Protocols.WebDAV.Permissions)).CS3ResourcePermissions(),
-	}))
+	}, []string{}))
 	if resp.Share.Protocols.WebApp.ViewMode != "" {
 		proto = append(proto, share.NewWebappProtocol(resp.Share.Protocols.WebApp.URI, utils.GetAppViewMode(resp.Share.Protocols.WebApp.ViewMode)))
 	}

pkg/ocm/share/repository/nextcloud/nextcloud_test.go

@@ -283,7 +283,7 @@ var _ = Describe("Nextcloud", func() {
 					OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
 				},
 				AccessMethods: []*ocm.AccessMethod{
-					ocmshare.NewWebDavAccessMethod(conversions.NewEditorRole().CS3ResourcePermissions()),
+					ocmshare.NewWebDavAccessMethod(conversions.NewEditorRole().CS3ResourcePermissions(), []string{}),
 					ocmshare.NewWebappAccessMethod(appprovider.ViewMode_VIEW_MODE_READ_WRITE),
 					ocmshare.NewTransferAccessMethod(),
 				},
@@ -422,7 +422,7 @@ var _ = Describe("Nextcloud", func() {
 				},
 				ShareType: ocm.ShareType_SHARE_TYPE_USER,
 				AccessMethods: []*ocm.AccessMethod{
-					ocmshare.NewWebDavAccessMethod(conversions.NewEditorRole().CS3ResourcePermissions()),
+					ocmshare.NewWebDavAccessMethod(conversions.NewEditorRole().CS3ResourcePermissions(), []string{}),
 					ocmshare.NewWebappAccessMethod(appprovider.ViewMode_VIEW_MODE_READ_WRITE),
 					ocmshare.NewTransferAccessMethod(),
 				},
@@ -475,7 +475,7 @@ var _ = Describe("Nextcloud", func() {
 				Protocols: []*ocm.Protocol{
 					ocmshare.NewWebDAVProtocol("webdav-uri", "some-token", &ocm.SharePermissions{
 						Permissions: conversions.NewEditorRole().CS3ResourcePermissions(),
-					}),
+					}, []string{}),
 					ocmshare.NewWebappProtocol("app-uri-template", appprovider.ViewMode_VIEW_MODE_READ_WRITE),
 					ocmshare.NewTransferProtocol("source-uri", "some-token", 1),
 				},
@@ -533,7 +533,7 @@ var _ = Describe("Nextcloud", func() {
 				Protocols: []*ocm.Protocol{
 					ocmshare.NewWebDAVProtocol("webdav-uri", "some-token", &ocm.SharePermissions{
 						Permissions: conversions.NewEditorRole().CS3ResourcePermissions(),
-					}),
+					}, []string{}),
 					ocmshare.NewWebappProtocol("app-uri-template", appprovider.ViewMode_VIEW_MODE_READ_WRITE),
 					ocmshare.NewTransferProtocol("source-uri", "some-token", 1),
 				},
@@ -622,7 +622,7 @@ var _ = Describe("Nextcloud", func() {
 				Protocols: []*ocm.Protocol{
 					ocmshare.NewWebDAVProtocol("webdav-uri", "some-token", &ocm.SharePermissions{
 						Permissions: conversions.NewEditorRole().CS3ResourcePermissions(),
-					}),
+					}, []string{}),
 					ocmshare.NewWebappProtocol("app-uri-template", appprovider.ViewMode_VIEW_MODE_READ_WRITE),
 					ocmshare.NewTransferProtocol("source-uri", "some-token", 1),
 				},

pkg/ocm/share/repository/sql/conversions.go

@@ -267,7 +267,9 @@ func convertToCS3OCMReceivedShare(s *dbReceivedShare, p []*ocm.Protocol) *ocm.Re
 func convertToCS3AccessMethod(m *dbAccessMethod) *ocm.AccessMethod {
 	switch m.Type {
 	case WebDAVAccessMethod:
-		return share.NewWebDavAccessMethod(conversions.RoleFromOCSPermissions(conversions.Permissions(*m.WebDAVPermissions)).CS3ResourcePermissions())
+		return share.NewWebDavAccessMethod(
+			conversions.RoleFromOCSPermissions(conversions.Permissions(*m.WebDAVPermissions)).CS3ResourcePermissions(),
+			[]string{}) // TODO persist requirements
 	case WebappAccessMethod:
 		return share.NewWebappAccessMethod(appprovider.ViewMode(*m.WebAppViewMode))
 	case TransferAccessMethod:
@@ -281,7 +283,7 @@ func convertToCS3Protocol(p *dbProtocol) *ocm.Protocol {
 	case WebDAVProtocol:
 		return share.NewWebDAVProtocol(*p.WebDAVURI, *p.WebDAVSharedSecret, &ocm.SharePermissions{
 			Permissions: conversions.RoleFromOCSPermissions(conversions.Permissions(*p.WebDavPermissions)).CS3ResourcePermissions(),
-		})
+		}, []string{}) // TODO persist requirements
 	case WebappProtocol:
 		return share.NewWebappProtocol(*p.WebappURI, appprovider.ViewMode(*p.WebappViewMode))
 	case TransferProtocol:

pkg/ocm/share/repository/sql/sql.go

@@ -572,7 +572,7 @@ func storeWebappProtocol(tx *sql.Tx, shareID int64, o *ocm.Protocol_WebappOption
 	}
 
 	query := "INSERT INTO ocm_protocol_webapp SET ocm_protocol_id=?, uri_template=?, view_mode=?"
-	params := []any{pID, o.WebappOptions.UriTemplate, o.WebappOptions.ViewMode}
+	params := []any{pID, o.WebappOptions.Uri, o.WebappOptions.ViewMode}
 
 	_, err = tx.Exec(query, params...)
 	return err