Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Group admins should be able to remove the group from a document's share list #238

Open
giarc3 opened this issue May 13, 2021 · 1 comment
Open

Group admins should be able to remove the group from a document's share list #238

giarc3 opened this issue May 13, 2021 · 1 comment

Comments

@giarc3
Copy link
Member

giarc3 commented May 13, 2021
edited by BobWall23
Loading

Currently, users can remove themselves from a document's share list, but only the person who shared a document with a group can revoke that share. We should allow a group admin to remove the group from a document's share list. (Treat group admins as "themselves" for a group.)

Test showing the failure:

#[tokio::test]
async fn doc_revoke_from_group() -> Result<(), IronOxideErr> {
    // create two users
    let sdk = initialize_sdk().await?;
    let sdk2 = initialize_sdk().await?;
    let id = sdk.device().account_id();
    let id2 = sdk2.device().account_id();

    // user 2 creates a group. Both users are members and admins
    let group = sdk2
        .group_create(&GroupCreateOpts::new(
            None,
            None,
            true,
            true,
            None,
            vec![id.clone()],
            vec![id.clone()],
            false,
        ))
        .await?;

    // user 1 encrypts a document. Both users, as well as the group, are granted access
    let doc_result = sdk
        .document_encrypt(
            &[0u8; 64],
            &DocumentEncryptOpts::with_explicit_grants(
                None,
                None,
                true,
                vec![id2.into(), group.id().into()],
            ),
        )
        .await?;

    // user 2 tries to revoke the group's access to the document
    let revoke_result = sdk2
        .document_revoke_access(doc_result.id(), &vec![group.id().into()])
        .await?;

    assert_eq!(revoke_result.succeeded().len(), 1);

    Ok(())
}

This revoke_result.failed() contains:

[tests/document_ops.rs:837] revoke_result.failed() = [
    DocAccessEditErr {
        user_or_group: Group {
            id: GroupId(
                "8c9ab0f9afedd509645beb5951c2db70",
            ),
        },
        err: "No shares to \'8c9ab0f9afedd509645beb5951c2db70\' from \'abcABC012_.$#|@/:;=+\'-b6601d63-ca39-4532-89cf-fdc789312480\' for document \'04242636009f8caea684bf340bbae677\'",
    },
]
@BobWall23
Copy link
Member

The change will actually be made in ironcore-id - no changes should be required in this repo. Update this ticket with the ironcore-id ticket when that is generated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@BobWall23 @giarc3