From e221f0ba5025d17fc90d8ceb4e90dcfee297a9e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= <jfd@butonic.de>
Date: Mon, 19 Oct 2020 15:15:23 +0200
Subject: [PATCH] Check current node when iterating over path segments (#1255)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
---
 changelog/unreleased/ocis-fix-permission-checks.md | 5 +++++
 pkg/storage/fs/ocis/permissions.go                 | 6 +++---
 2 files changed, 8 insertions(+), 3 deletions(-)
 create mode 100644 changelog/unreleased/ocis-fix-permission-checks.md

diff --git a/changelog/unreleased/ocis-fix-permission-checks.md b/changelog/unreleased/ocis-fix-permission-checks.md
new file mode 100644
index 0000000000..c62fe99929
--- /dev/null
+++ b/changelog/unreleased/ocis-fix-permission-checks.md
@@ -0,0 +1,5 @@
+Bugfix: Check current node when iterating over path segments
+
+When checking permissions we were always checking the leaf instead of using the current node while iterating over path segments.
+
+https://github.com/cs3org/reva/pull/1255
diff --git a/pkg/storage/fs/ocis/permissions.go b/pkg/storage/fs/ocis/permissions.go
index 6dcfd9c4e3..70d7b96dc7 100644
--- a/pkg/storage/fs/ocis/permissions.go
+++ b/pkg/storage/fs/ocis/permissions.go
@@ -95,7 +95,7 @@ func (p *Permissions) HasPermission(ctx context.Context, n *Node, check func(*pr
 	for cn.ID != rn.ID {
 
 		var grantees []string
-		if grantees, err = n.ListGrantees(ctx); err != nil {
+		if grantees, err = cn.ListGrantees(ctx); err != nil {
 			appctx.GetLogger(ctx).Error().Err(err).Interface("node", cn).Msg("error listing grantees")
 			return false, err
 		}
@@ -106,11 +106,11 @@ func (p *Permissions) HasPermission(ctx context.Context, n *Node, check func(*pr
 			// we only need the find the user once per node
 			switch {
 			case !userFound && grantees[i] == userace:
-				g, err = n.ReadGrant(ctx, grantees[i])
+				g, err = cn.ReadGrant(ctx, grantees[i])
 			case strings.HasPrefix(grantees[i], grantPrefix+"g:"):
 				gr := strings.TrimPrefix(grantees[i], grantPrefix+"g:")
 				if groupsMap[gr] {
-					g, err = n.ReadGrant(ctx, grantees[i])
+					g, err = cn.ReadGrant(ctx, grantees[i])
 				} else {
 					// no need to check attribute
 					continue