From ce7d0f8ab214f864cc0f0e2bfe53622c9a2393f4 Mon Sep 17 00:00:00 2001
From: Jesse Geens <jesse.geens@cern.ch>
Date: Tue, 29 Oct 2024 10:33:15 +0100
Subject: [PATCH] Fix broken permissions in PROPFIND on project folder over
 gRPC (#4901)

The permissions returned by PROPFIND on a folder in a project were erroneous because ACL permissions were being ignored. This stems from a bug in grpcMDResponseToFileInfo, where the SysACL attribute of the FileInfo struct was not being populated.

Co-authored-by: Jesse Geens <jgeens@cern.ch>
---
 changelog/unreleased/propfind-perms-grpc.md |  8 ++++++
 pkg/eosclient/eosgrpc/eosgrpc.go            | 32 ++++++++++++++++++++-
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 changelog/unreleased/propfind-perms-grpc.md

diff --git a/changelog/unreleased/propfind-perms-grpc.md b/changelog/unreleased/propfind-perms-grpc.md
new file mode 100644
index 0000000000..bf8436db8e
--- /dev/null
+++ b/changelog/unreleased/propfind-perms-grpc.md
@@ -0,0 +1,8 @@
+Bugfix: broken PROPFIND perms on gRPC
+
+When using the EOS gRPC stack, the permissions returned by PROPFIND
+on a folder in a project were erroneous because ACL permissions were
+being ignored. This stems from a bug in grpcMDResponseToFileInfo, 
+where the SysACL attribute of the FileInfo struct was not being populated.
+
+See: https://github.com/cs3org/reva/pull/4901
\ No newline at end of file
diff --git a/pkg/eosclient/eosgrpc/eosgrpc.go b/pkg/eosclient/eosgrpc/eosgrpc.go
index 0e36b56194..9a423dd255 100644
--- a/pkg/eosclient/eosgrpc/eosgrpc.go
+++ b/pkg/eosclient/eosgrpc/eosgrpc.go
@@ -1217,7 +1217,9 @@ func (c *Client) List(ctx context.Context, auth eosclient.Authorization, dpath s
 			if parent != nil && parent.SysACL != nil {
 				if fi.SysACL == nil {
 					log.Warn().Str("func", "List").Str("path", dpath).Str("SysACL is nil, taking parent", "").Msg("grpc response")
-					fi.SysACL.Entries = parent.SysACL.Entries
+					fi.SysACL = &acl.ACLs{
+						Entries: parent.SysACL.Entries,
+					}
 				} else {
 					fi.SysACL.Entries = append(fi.SysACL.Entries, parent.SysACL.Entries...)
 				}
@@ -1604,6 +1606,10 @@ func (c *Client) grpcMDResponseToFileInfo(ctx context.Context, st *erpc.MDRespon
 			fi.Attrs[strings.TrimPrefix(k, "user.")] = string(v)
 		}
 
+		if fi.Attrs["sys.acl"] != "" {
+			fi.SysACL = aclAttrToAclStruct(fi.Attrs["sys.acl"])
+		}
+
 		fi.TreeSize = uint64(st.Cmd.TreeSize)
 		fi.Size = fi.TreeSize
 		// TODO(lopresti) this info is missing in the EOS Protobuf, cf. EOS-5974
@@ -1624,6 +1630,10 @@ func (c *Client) grpcMDResponseToFileInfo(ctx context.Context, st *erpc.MDRespon
 			fi.Attrs[strings.TrimPrefix(k, "user.")] = string(v)
 		}
 
+		if fi.Attrs["sys.acl"] != "" {
+			fi.SysACL = aclAttrToAclStruct(fi.Attrs["sys.acl"])
+		}
+
 		fi.Size = st.Fmd.Size
 
 		if st.Fmd.Checksum != nil {
@@ -1638,3 +1648,23 @@ func (c *Client) grpcMDResponseToFileInfo(ctx context.Context, st *erpc.MDRespon
 	}
 	return fi, nil
 }
+
+func aclAttrToAclStruct(aclAttr string) *acl.ACLs {
+	entries := strings.Split(aclAttr, ",")
+
+	acl := &acl.ACLs{}
+
+	for _, entry := range entries {
+		parts := strings.Split(entry, ":")
+		if len(parts) != 3 {
+			continue
+		}
+		aclType := parts[0]
+		qualifier := parts[1]
+		permissions := parts[2]
+
+		acl.SetEntry(aclType, qualifier, permissions)
+	}
+
+	return acl
+}