[admin-settings] Spaces: Admin cannot disable space which he is not member of

[hurradieweltgehtunter]

Steps to reproduce

1. Login as admin, go to admin settings -> Spaces
2. Right click on space, where you are not a member

Expected behaviour

Actions to disable/enable a space are disabled

Actual behaviour

I cannot disable / enable a space

From my current understanding, this should be possible, because it's not a space content revealing action. (Content revealing actions like name, description,... are reserved to space managers)

[JammingBen]

That's because the Admin role does not have the permission to do so - only Space Admin's have. If that's not the way we want (@tbsbdr ?), we need to transfer the issue to the backend because Web relies on the permissions coming from oCIS.

From my current understanding, this should be possible, because it's not a space content revealing action.

In general: content revealing actions are only possible for Space Admin's if they are member of the space (e.g. editing space image and description). Non-content revealing actions are possible for any Space Admin (edit name/subtitle/quota, disable/enable, delete).

[hurradieweltgehtunter]

@micbar told me that an admin (not space admin) should be able to disable/enable a space even when he's not member of it, which sounds reasonable to me from a UI perspective. That's why I opened this issue. Did I got that wrong? If so, I'm sorry.

[hurradieweltgehtunter]

@micbar just confirmed that it's a bug

[micbar]

let us check. I was not aware that the Admin misses that permission.

[micbar]

@hurradieweltgehtunter Is that a default ocis instance?

[hurradieweltgehtunter]

@hurradieweltgehtunter Is that a default ocis instance?

https://ocis.ocis-wopi.latest.owncloud.works

[JammingBen]

let us check. I was not aware that the Admin misses that permission.

Drive.ReadWriteEnabled.all is missing for regular Admins, which is the permission Web checks for here (see https://github.com/owncloud/ocis/issues/5414#issuecomment-1443434288). Note that this permission also grants the other non-content-relealing actions in Web: edit name and description(subtitle).

There is also a permission called delete-all-spaces.all, which the Admin has, but not the Space Admin. Though it doesn't seem to do anything? In general, while things work (most of the time 😄 ), I still get heavily confused by the naming and meaning of the oCIS permissions.

[micbar]

seems they are redundant. Let me do a code check in the backend.

[JammingBen]

@micbar What's the status here, should we move the issue to the oCIS repo?

[amrita-shrestha]

@JammingBen I think we can close this issue because this issue has been resolved and we have passing API tests for this issue https://github.com/owncloud/ocis/blob/7094891f4de381102b05c6503751dc85d82c0782/tests/acceptance/features/apiSpaces/disableAndDeleteSpaces.feature#L90-L122

Similar issue https://github.com/owncloud/ocis/issues/5872

[SagarGi]

@JammingBen @ScharfViktor This issue is fixed so may be this can be closed. Test has been added for it and seems to be working fine more tests covered up by this PR as well related to admin managing the spaces created by others (where he is not the member of the space) https://github.com/owncloud/web/pull/9132