onedrive: skip writing permissions with 'owner' role

The 'owner' role is an implicit role that can't be removed, so don't try to.
This commit is contained in:
nielash 2024-04-21 20:40:04 -04:00 committed by Nick Craig-Wood
parent 41d5d8b88a
commit 76cea0c704
2 changed files with 7 additions and 2 deletions

View File

@ -396,7 +396,7 @@ func (m *Metadata) sortPermissions() (add, update, remove []*api.PermissionsType
if n.ID != "" { if n.ID != "" {
// sanity check: ensure there's a matching "old" id with a non-matching role // sanity check: ensure there's a matching "old" id with a non-matching role
if !slices.ContainsFunc(old, func(o *api.PermissionsType) bool { if !slices.ContainsFunc(old, func(o *api.PermissionsType) bool {
return o.ID == n.ID && slices.Compare(o.Roles, n.Roles) != 0 && len(o.Roles) > 0 && len(n.Roles) > 0 return o.ID == n.ID && slices.Compare(o.Roles, n.Roles) != 0 && len(o.Roles) > 0 && len(n.Roles) > 0 && !slices.Contains(o.Roles, api.OwnerRole)
}) { }) {
fs.Debugf(m.remote, "skipping update for invalid roles: %v (perm ID: %v)", n.Roles, n.ID) fs.Debugf(m.remote, "skipping update for invalid roles: %v (perm ID: %v)", n.Roles, n.ID)
continue continue
@ -418,6 +418,10 @@ func (m *Metadata) sortPermissions() (add, update, remove []*api.PermissionsType
} }
} }
for _, o := range old { for _, o := range old {
if slices.Contains(o.Roles, api.OwnerRole) {
fs.Debugf(m.remote, "skipping remove permission -- can't remove 'owner' role")
continue
}
newHasOld := slices.ContainsFunc(new, func(n *api.PermissionsType) bool { newHasOld := slices.ContainsFunc(new, func(n *api.PermissionsType) bool {
if n == nil || n.ID == "" { if n == nil || n.ID == "" {
return false // can't remove perms without an ID return false // can't remove perms without an ID

View File

@ -109,7 +109,8 @@ To update an existing permission, include both the Permission ID and the new
`roles` to be assigned. `roles` is the only property that can be changed. `roles` to be assigned. `roles` is the only property that can be changed.
To remove permissions, pass in a blob containing only the permissions you wish To remove permissions, pass in a blob containing only the permissions you wish
to keep (which can be empty, to remove all.) to keep (which can be empty, to remove all.) Note that the `owner` role will be
ignored, as it cannot be removed.
Note that both reading and writing permissions requires extra API calls, so if Note that both reading and writing permissions requires extra API calls, so if
you don't need to read or write permissions it is recommended to omit you don't need to read or write permissions it is recommended to omit