- OCUserPermissions: new object serving as an abstract interface to d…

…etermine a user's permissions to perform specific actions on the server

- OCUser: add new property .permissions to hold an OCUserPermissions instance
- OCConnection+GraphAPI: add new method to retrieve the permissions list for a user
- OCConnection+Users: on ocis servers, retrieve permissions list for the logged in user and assign it to the returned OCUser's .permissions property

ownCloudSDK.xcodeproj/project.pbxproj

@@ -137,6 +137,8 @@
 		DC22669A22817DC600FB29EE /* OCVault+Internal.h in Headers */ = {isa = PBXBuildFile; fileRef = DC22669822817DC600FB29EE /* OCVault+Internal.h */; };
 		DC22669B22817DC600FB29EE /* OCVault+Internal.m in Sources */ = {isa = PBXBuildFile; fileRef = DC22669922817DC600FB29EE /* OCVault+Internal.m */; };
 		DC2266A82282BC8100FB29EE /* OCBookmark+IPNotificationNames.h in Headers */ = {isa = PBXBuildFile; fileRef = DC2266A62282BC8100FB29EE /* OCBookmark+IPNotificationNames.h */; };
+		DC22CF782D52B0CC00F95D3C /* OCUserPermissions.m in Sources */ = {isa = PBXBuildFile; fileRef = DC22CF772D52B0CC00F95D3C /* OCUserPermissions.m */; };
+		DC22CF792D52B0CC00F95D3C /* OCUserPermissions.h in Headers */ = {isa = PBXBuildFile; fileRef = DC22CF762D52B0CC00F95D3C /* OCUserPermissions.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		DC241E6E229549E200AEE068 /* OCAuthenticationMethodOpenIDConnect.h in Headers */ = {isa = PBXBuildFile; fileRef = DC241E6C229549E200AEE068 /* OCAuthenticationMethodOpenIDConnect.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		DC241E6F229549E200AEE068 /* OCAuthenticationMethodOpenIDConnect.m in Sources */ = {isa = PBXBuildFile; fileRef = DC241E6D229549E200AEE068 /* OCAuthenticationMethodOpenIDConnect.m */; };
 		DC24F8E821E2B3EF00C9119C /* OCWaitConditionIssue.h in Headers */ = {isa = PBXBuildFile; fileRef = DC24F8E621E2B3EF00C9119C /* OCWaitConditionIssue.h */; };
@@ -1222,6 +1224,8 @@
 		DC22669822817DC600FB29EE /* OCVault+Internal.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "OCVault+Internal.h"; sourceTree = "<group>"; };
 		DC22669922817DC600FB29EE /* OCVault+Internal.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "OCVault+Internal.m"; sourceTree = "<group>"; };
 		DC2266A62282BC8100FB29EE /* OCBookmark+IPNotificationNames.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "OCBookmark+IPNotificationNames.h"; sourceTree = "<group>"; };
+		DC22CF762D52B0CC00F95D3C /* OCUserPermissions.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = OCUserPermissions.h; sourceTree = "<group>"; };
+		DC22CF772D52B0CC00F95D3C /* OCUserPermissions.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = OCUserPermissions.m; sourceTree = "<group>"; };
 		DC241E6C229549E200AEE068 /* OCAuthenticationMethodOpenIDConnect.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = OCAuthenticationMethodOpenIDConnect.h; sourceTree = "<group>"; };
 		DC241E6D229549E200AEE068 /* OCAuthenticationMethodOpenIDConnect.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = OCAuthenticationMethodOpenIDConnect.m; sourceTree = "<group>"; };
 		DC24F8E621E2B3EF00C9119C /* OCWaitConditionIssue.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = OCWaitConditionIssue.h; sourceTree = "<group>"; };
@@ -4579,6 +4583,8 @@
 			children = (
 				DCFE3B8727A16AE800939415 /* OCConnection+GraphAPI.m */,
 				DCFE3B8627A16AE800939415 /* OCConnection+GraphAPI.h */,
+				DC22CF772D52B0CC00F95D3C /* OCUserPermissions.m */,
+				DC22CF762D52B0CC00F95D3C /* OCUserPermissions.h */,
 			);
 			path = GraphAPI;
 			sourceTree = "<group>";
@@ -4643,6 +4649,7 @@
 				DCA91F2F21A0BDE400AEDFB4 /* OCSyncAction+FileProvider.h in Headers */,
 				DCD8439A25E1BEE5008D9BBA /* NSDictionary+OCExpand.h in Headers */,
 				DC0376DE271A33B900151E8C /* OCLocale.h in Headers */,
+				DC22CF792D52B0CC00F95D3C /* OCUserPermissions.h in Headers */,
 				DCFF1AB021655C8800ABE40A /* OCItem+OCFileURLMetadata.h in Headers */,
 				DC22669A22817DC600FB29EE /* OCVault+Internal.h in Headers */,
 				DC9219F52964CB6000F538EE /* GATagUnassignment.h in Headers */,
@@ -5755,6 +5762,7 @@
 				DCCC85772CF877FA00251683 /* GASignInActivity.m in Sources */,
 				DCEAF04F2806201300980B6D /* OCResourceText.m in Sources */,
 				DC0364FC20AAD75700F62732 /* OCCore+SyncEngine.m in Sources */,
+				DC22CF782D52B0CC00F95D3C /* OCUserPermissions.m in Sources */,
 				DC381FD622C9E77500284699 /* OCCore+DirectURL.m in Sources */,
 				DCA35D5A24CF6B2000DBE2B0 /* OCSyncRecord+Diagnostic.m in Sources */,
 				DC41C7F025EA62E40074F23B /* OCResourceRequestAvatar.m in Sources */,

ownCloudSDK/Connection/GraphAPI/OCConnection+GraphAPI.h

@@ -26,11 +26,13 @@ NS_ASSUME_NONNULL_BEGIN
 typedef void(^OCRetrieveDriveListCompletionHandler)(NSError * _Nullable error, NSArray<OCDrive *> * _Nullable drives);
 typedef void(^OCRetrieveLoggedInGraphUserCompletionHandler)(NSError * _Nullable error, OCUser * _Nullable user);
 typedef void(^OCRetrieveRoleDefinitionsCompletionHandler)(NSError * _Nullable error, NSArray<OCShareRole *> * _Nullable shareRoles);
+typedef void(^OCRetrieveUserPermissionsCompletionHandler)(NSError * _Nullable error, OCUserPermissions * _Nullable userPermissions);
 
 @interface OCConnection (GraphAPI)
 
 #pragma mark - User Info
 - (nullable NSProgress *)retrieveLoggedInGraphUserWithCompletionHandler:(OCRetrieveLoggedInGraphUserCompletionHandler)completionHandler;
+- (nullable NSProgress *)retrievePermissionsListForUser:(OCUser *)user withCompletionHandler:(OCRetrieveUserPermissionsCompletionHandler)completionHandler;
 
 #pragma mark - Drives
 @property(strong,nullable,nonatomic) NSArray<OCDrive *> *drives; //!< Current list of known drives

ownCloudSDK/Connection/GraphAPI/OCConnection+GraphAPI.m

@@ -60,6 +60,60 @@ - (nullable NSProgress *)retrieveLoggedInGraphUserWithCompletionHandler:(OCRetri
 	}]);
 }
 
+- (nullable NSProgress *)retrievePermissionsListForUser:(OCUser *)user withCompletionHandler:(OCRetrieveUserPermissionsCompletionHandler)completionHandler
+{
+	if (!self.useDriveAPI) {
+		// Only available with Graph API
+		completionHandler(OCError(OCErrorFeatureNotImplemented), nil);
+		return (nil);
+	}
+
+	if (user.identifier == nil)
+	{
+		completionHandler(OCError(OCErrorInvalidParameter), nil);
+		return(nil);
+	}
+
+	OCHTTPRequest *request;
+	NSProgress *progress = nil;
+
+	request = [OCHTTPRequest requestWithURL:[self URLForEndpoint:OCConnectionEndpointIDPermissionsList options:nil]];
+	request.method = OCHTTPMethodPOST;
+	request.requiredSignals = [NSSet setWithObject:OCConnectionSignalIDAuthenticationAvailable];
+	[request setBodyWithJSON:@{
+		@"account_uuid" : user.identifier
+	}];
+
+	progress = [self sendRequest:request ephermalCompletionHandler:^(OCHTTPRequest *request, OCHTTPResponse *response, NSError *error) {
+		if (error != nil)
+		{
+			completionHandler(error, nil);
+		}
+		else
+		{
+			NSError *jsonError = nil;
+			NSDictionary *permissionsInfoDict;
+			NSArray<OCUserPermissionIdentifier> *permissionsArray = nil;
+
+			if ((permissionsInfoDict = [response bodyConvertedDictionaryFromJSONWithError:&jsonError]) != nil)
+			{
+				permissionsArray = OCTypedCast(OCTypedCast(permissionsInfoDict, NSDictionary)[@"permissions"], NSArray);
+			}
+
+			if (permissionsArray != nil)
+			{
+				completionHandler(nil, [[OCUserPermissions alloc] initWith:permissionsArray]);
+			}
+			else
+			{
+				completionHandler((jsonError!=nil) ? jsonError : OCError(OCErrorResponseUnknownFormat), nil);
+			}
+		}
+	}];
+
+	return (progress);
+}
+
 #pragma mark - Drives
 - (NSArray<OCDrive *> *)drives
 {

ownCloudSDK/Connection/GraphAPI/OCUserPermissions.h

@@ -0,0 +1,36 @@
+//
+//  OCUserPermissions.h
+//  ownCloudSDK
+//
+//  Created by Felix Schwarz on 04.02.25.
+//  Copyright © 2025 ownCloud GmbH. All rights reserved.
+//
+
+/*
+ * Copyright (C) 2025, ownCloud GmbH.
+ *
+ * This code is covered by the GNU Public License Version 3.
+ *
+ * For distribution utilizing Apple mechanisms please see https://owncloud.org/contribute/iOS-license-exception/
+ * You should have received a copy of this license along with this program. If not, see <http://www.gnu.org/licenses/gpl-3.0.en.html>.
+ *
+ */
+
+#import <Foundation/Foundation.h>
+
+typedef NSString* OCUserPermissionIdentifier; //!< String representing a permission ("right") the user has to perform specific actions on the server
+
+NS_ASSUME_NONNULL_BEGIN
+
+@interface OCUserPermissions : NSObject
+
+// MARK: - Initializer
+- (instancetype)initWith:(NSArray<OCUserPermissionIdentifier> *)permissionIDs;
+
+// MARK: - Permissions
+@property(readonly,strong) NSArray<OCUserPermissionIdentifier> *identifiers;
+@property(readonly) BOOL canCreateSpaces;
+
+@end
+
+NS_ASSUME_NONNULL_END

ownCloudSDK/Connection/GraphAPI/OCUserPermissions.m

@@ -0,0 +1,36 @@
+//
+//  OCUserPermissions.m
+//  ownCloudSDK
+//
+//  Created by Felix Schwarz on 04.02.25.
+//  Copyright © 2025 ownCloud GmbH. All rights reserved.
+//
+
+/*
+ * Copyright (C) 2025, ownCloud GmbH.
+ *
+ * This code is covered by the GNU Public License Version 3.
+ *
+ * For distribution utilizing Apple mechanisms please see https://owncloud.org/contribute/iOS-license-exception/
+ * You should have received a copy of this license along with this program. If not, see <http://www.gnu.org/licenses/gpl-3.0.en.html>.
+ *
+ */
+
+#import "OCUserPermissions.h"
+
+@implementation OCUserPermissions
+
+- (instancetype)initWith:(NSArray<OCUserPermissionIdentifier> *)permissionIDs
+{
+	if ((self = [super init]) != nil)
+	{
+		_identifiers = permissionIDs;
+
+		// Extract permissions
+		_canCreateSpaces = [_identifiers containsObject:@"Drives.Create.all"];
+	}
+
+	return (self);
+}
+
+@end

ownCloudSDK/Connection/OCConnection+Users.m

@@ -35,7 +35,22 @@ - (NSProgress *)retrieveLoggedInUserWithRequestCustomization:(void(^)(OCHTTPRequ
 	if (self.useDriveAPI && (requestCustomizer == nil)) {
 		// Use Graph API (has no support for request customizer for now, but can be added later)
 		return ([self retrieveLoggedInGraphUserWithCompletionHandler:^(NSError * _Nullable error, OCUser * _Nullable user) {
-			completionHandler(error, user);
+			if (error != nil)
+			{
+				completionHandler(error, user);
+			}
+			else
+			{
+				// Retrieve and add the permissions for the current user
+				[self retrievePermissionsListForUser:user withCompletionHandler:^(NSError * _Nullable error, OCUserPermissions * _Nullable userPermissions) {
+					if (error == nil)
+					{
+						user.permissions = userPermissions;
+					}
+
+					completionHandler(nil, user);
+				}];
+			}
 		}]);
 	}
 

ownCloudSDK/Identity/OCUser.h

@@ -19,6 +19,7 @@
 #import <UIKit/UIKit.h>
 #import "OCFeatureAvailability.h"
 #import "OCGroup.h"
+#import "OCUserPermissions.h"
 
 @class GAUser;
 @class GAIdentity;
@@ -61,6 +62,8 @@ typedef NS_ENUM(NSInteger, OCUserType) {
 @property(readonly,nonatomic,nullable) GAIdentity *gaIdentity;
 @property(strong,nullable) NSArray<OCGroupID> *groupMemberships;
 
+@property(strong,nullable) OCUserPermissions *permissions; //!< Permissions the user has on the server (to perform action)
+
 + (nullable NSString *)localizedInitialsForName:(NSString *)name;
 
 + (instancetype)userWithGraphUser:(GAUser *)user;

ownCloudSDK/ownCloudSDK.h

@@ -245,6 +245,7 @@ FOUNDATION_EXPORT const unsigned char ownCloudSDKVersionString[];
 #import <ownCloudSDK/OCGroup.h>
 #import <ownCloudSDK/OCIdentity.h>
 #import <ownCloudSDK/OCIdentity+DataItem.h>
+#import <ownCloudSDK/OCUserPermissions.h>
 
 #import <ownCloudSDK/OCRecipientSearchController.h>
 #import <ownCloudSDK/OCShareQuery.h>