feat: add more roles

go.mod

@@ -64,7 +64,7 @@ require (
 	github.com/open-policy-agent/opa v1.15.2
 	github.com/opencloud-eu/icap-client v0.0.0-20250930132611-28a2afe62d89
 	github.com/opencloud-eu/libre-graph-api-go v1.0.8-0.20260310090739-853d972b282d
-	github.com/opencloud-eu/reva/v2 v2.46.3-0.20260610093751-a33d8108dd91
+	github.com/opencloud-eu/reva/v2 v2.46.3-0.20260611095012-6617969b3720
 	github.com/opensearch-project/opensearch-go/v4 v4.6.0
 	github.com/orcaman/concurrent-map v1.0.0
 	github.com/pkg/errors v0.9.1

go.sum

@@ -948,8 +948,8 @@ github.com/opencloud-eu/icap-client v0.0.0-20250930132611-28a2afe62d89 h1:W1ms+l
 github.com/opencloud-eu/icap-client v0.0.0-20250930132611-28a2afe62d89/go.mod h1:vigJkNss1N2QEceCuNw/ullDehncuJNFB6mEnzfq9UI=
 github.com/opencloud-eu/libre-graph-api-go v1.0.8-0.20260310090739-853d972b282d h1:JcqGDiyrcaQwVyV861TUyQgO7uEmsjkhfm7aQd84dOw=
 github.com/opencloud-eu/libre-graph-api-go v1.0.8-0.20260310090739-853d972b282d/go.mod h1:pzatilMEHZFT3qV7C/X3MqOa3NlRQuYhlRhZTL+hN6Q=
-github.com/opencloud-eu/reva/v2 v2.46.3-0.20260610093751-a33d8108dd91 h1:A/a0d9UNclpNBWGp2NUDWF+qO+U/u38EBH4CIk2dqIE=
-github.com/opencloud-eu/reva/v2 v2.46.3-0.20260610093751-a33d8108dd91/go.mod h1:RoFQt+u7edxwzHr1IZ2Y6VaDinMiRPQupAvMBy3WVmE=
+github.com/opencloud-eu/reva/v2 v2.46.3-0.20260611095012-6617969b3720 h1:UHJDrOoU9hoVFg0hgKmNIMp0hFEb/reiDYthVHlX5g8=
+github.com/opencloud-eu/reva/v2 v2.46.3-0.20260611095012-6617969b3720/go.mod h1:RoFQt+u7edxwzHr1IZ2Y6VaDinMiRPQupAvMBy3WVmE=
 github.com/opencloud-eu/secure v0.0.0-20260312082735-b6f5cb2244e4 h1:l2oB/RctH+t8r7QBj5p8thfEHCM/jF35aAY3WQ3hADI=
 github.com/opencloud-eu/secure v0.0.0-20260312082735-b6f5cb2244e4/go.mod h1:BmF5hyM6tXczk3MpQkFf1hpKSRqCyhqcbiQtiAF7+40=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=

services/graph/pkg/unifiedrole/conversion.go

@@ -4,8 +4,8 @@ import (
 	"strings"
 
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
-	"github.com/opencloud-eu/reva/v2/pkg/conversions"
 	libregraph "github.com/opencloud-eu/libre-graph-api-go"
+	"github.com/opencloud-eu/reva/v2/pkg/conversions"
 )
 
 // PermissionsToCS3ResourcePermissions converts the provided libregraph UnifiedRolePermissions to a cs3 ResourcePermissions
@@ -204,12 +204,16 @@ func cs3RoleToDisplayName(role *conversions.Role) string {
 	switch role.Name {
 	case conversions.RoleViewer:
 		return _viewerUnifiedRoleDisplayName
+	case conversions.RoleViewerWithVersions:
+		return _viewerWithVersionsUnifiedRoleDisplayName
 	case conversions.RoleViewerListGrants:
 		return _viewerListGrantsUnifiedRoleDisplayName
 	case conversions.RoleSpaceViewer:
 		return _spaceViewerUnifiedRoleDisplayName
 	case conversions.RoleEditor:
 		return _editorUnifiedRoleDisplayName
+	case conversions.RoleEditorWithVersions:
+		return _editorWithVersionsUnifiedRoleDisplayName
 	case conversions.RoleEditorListGrants:
 		return _editorListGrantsUnifiedRoleDisplayName
 	case conversions.RoleSpaceEditor:
@@ -218,6 +222,8 @@ func cs3RoleToDisplayName(role *conversions.Role) string {
 		return _spaceEditorWithoutVersionsUnifiedRoleDisplayName
 	case conversions.RoleFileEditor:
 		return _fileEditorUnifiedRoleDisplayName
+	case conversions.RoleFileEditorWithVersions:
+		return _fileEditorWithVersionsUnifiedRoleDisplayName
 	case conversions.RoleFileEditorListGrants:
 		return _fileEditorListGrantsUnifiedRoleDisplayName
 	case conversions.RoleEditorLite:

services/graph/pkg/unifiedrole/conversion_test.go

@@ -6,8 +6,8 @@ import (
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	. "github.com/onsi/gomega"
 	"github.com/onsi/gomega/types"
-	cs3Conversions "github.com/opencloud-eu/reva/v2/pkg/conversions"
 	libregraph "github.com/opencloud-eu/libre-graph-api-go"
+	cs3Conversions "github.com/opencloud-eu/reva/v2/pkg/conversions"
 
 	"github.com/opencloud-eu/opencloud/pkg/conversions"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/unifiedrole"
@@ -19,16 +19,19 @@ func TestPermissionsToCS3ResourcePermissions(t *testing.T) {
 		unifiedRoleDefinition *libregraph.UnifiedRoleDefinition
 		match                 bool
 	}{
-		cs3Conversions.RoleViewer:               {cs3Conversions.NewViewerRole(), unifiedrole.RoleViewer, true},
-		cs3Conversions.RoleViewerListGrants:     {cs3Conversions.NewViewerListGrantsRole(), unifiedrole.RoleViewerListGrants, true},
-		cs3Conversions.RoleEditor:               {cs3Conversions.NewEditorRole(), unifiedrole.RoleEditor, true},
-		cs3Conversions.RoleEditorListGrants:     {cs3Conversions.NewEditorListGrantsRole(), unifiedrole.RoleEditorListGrants, true},
-		cs3Conversions.RoleFileEditor:           {cs3Conversions.NewFileEditorRole(), unifiedrole.RoleFileEditor, true},
-		cs3Conversions.RoleFileEditorListGrants: {cs3Conversions.NewFileEditorListGrantsRole(), unifiedrole.RoleFileEditorListGrants, true},
-		cs3Conversions.RoleManager:              {cs3Conversions.NewManagerRole(), unifiedrole.RoleManager, true},
-		cs3Conversions.RoleSecureViewer:         {cs3Conversions.NewSecureViewerRole(), unifiedrole.RoleSecureViewer, true},
-		cs3Conversions.RoleDenied:               {cs3Conversions.NewDeniedRole(), unifiedrole.RoleDenied, true},
-		"no match":                              {cs3Conversions.NewFileEditorRole(), unifiedrole.RoleManager, false},
+		cs3Conversions.RoleViewer:                 {cs3Conversions.NewViewerRole(), unifiedrole.RoleViewer, true},
+		cs3Conversions.RoleViewerWithVersions:     {cs3Conversions.NewViewerWithVersionsRole(), unifiedrole.RoleViewerWithVersions, true},
+		cs3Conversions.RoleViewerListGrants:       {cs3Conversions.NewViewerListGrantsRole(), unifiedrole.RoleViewerListGrants, true},
+		cs3Conversions.RoleEditor:                 {cs3Conversions.NewEditorRole(), unifiedrole.RoleEditor, true},
+		cs3Conversions.RoleEditorWithVersions:     {cs3Conversions.NewEditorWithVersionsRole(), unifiedrole.RoleEditorWithVersions, true},
+		cs3Conversions.RoleEditorListGrants:       {cs3Conversions.NewEditorListGrantsRole(), unifiedrole.RoleEditorListGrants, true},
+		cs3Conversions.RoleFileEditor:             {cs3Conversions.NewFileEditorRole(), unifiedrole.RoleFileEditor, true},
+		cs3Conversions.RoleFileEditorWithVersions: {cs3Conversions.NewFileEditorWithVersionsRole(), unifiedrole.RoleFileEditorWithVersions, true},
+		cs3Conversions.RoleFileEditorListGrants:   {cs3Conversions.NewFileEditorListGrantsRole(), unifiedrole.RoleFileEditorListGrants, true},
+		cs3Conversions.RoleManager:                {cs3Conversions.NewManagerRole(), unifiedrole.RoleManager, true},
+		cs3Conversions.RoleSecureViewer:           {cs3Conversions.NewSecureViewerRole(), unifiedrole.RoleSecureViewer, true},
+		cs3Conversions.RoleDenied:                 {cs3Conversions.NewDeniedRole(), unifiedrole.RoleDenied, true},
+		"no match":                                {cs3Conversions.NewFileEditorRole(), unifiedrole.RoleManager, false},
 	}
 
 	for name, tc := range tests {
@@ -58,17 +61,21 @@ func TestCS3ResourcePermissionsToRole(t *testing.T) {
 		unifiedRoleDefinition  *libregraph.UnifiedRoleDefinition
 		constraints            string
 	}{
-		cs3Conversions.RoleViewer + "1":       {cs3Conversions.NewViewerRole().CS3ResourcePermissions(), unifiedrole.RoleViewer, unifiedrole.UnifiedRoleConditionFile},
-		cs3Conversions.RoleViewer + "2":       {cs3Conversions.NewViewerRole().CS3ResourcePermissions(), unifiedrole.RoleViewer, unifiedrole.UnifiedRoleConditionFolder},
-		cs3Conversions.RoleEditor:             {cs3Conversions.NewEditorRole().CS3ResourcePermissions(), unifiedrole.RoleEditor, unifiedrole.UnifiedRoleConditionFolder},
-		cs3Conversions.RoleFileEditor:         {cs3Conversions.NewFileEditorRole().CS3ResourcePermissions(), unifiedrole.RoleFileEditor, unifiedrole.UnifiedRoleConditionFile},
-		cs3Conversions.RoleManager:            {cs3Conversions.NewManagerRole().CS3ResourcePermissions(), unifiedrole.RoleManager, unifiedrole.UnifiedRoleConditionDrive},
-		cs3Conversions.RoleSpaceViewer:        {cs3Conversions.NewSpaceViewerRole().CS3ResourcePermissions(), unifiedrole.RoleSpaceViewer, unifiedrole.UnifiedRoleConditionDrive},
-		cs3Conversions.RoleSpaceEditor:        {cs3Conversions.NewSpaceEditorRole().CS3ResourcePermissions(), unifiedrole.RoleSpaceEditor, unifiedrole.UnifiedRoleConditionDrive},
-		cs3Conversions.RoleSecureViewer + "1": {cs3Conversions.NewSecureViewerRole().CS3ResourcePermissions(), unifiedrole.RoleSecureViewer, unifiedrole.UnifiedRoleConditionFile},
-		cs3Conversions.RoleSecureViewer + "2": {cs3Conversions.NewSecureViewerRole().CS3ResourcePermissions(), unifiedrole.RoleSecureViewer, unifiedrole.UnifiedRoleConditionFolder},
-		cs3Conversions.RoleDenied:             {cs3Conversions.NewDeniedRole().CS3ResourcePermissions(), unifiedrole.RoleDenied, unifiedrole.UnifiedRoleConditionFolder},
-		"custom 1":                            {&provider.ResourcePermissions{GetPath: true}, nil, unifiedrole.UnifiedRoleConditionFolder},
+		cs3Conversions.RoleViewer + "1":             {cs3Conversions.NewViewerRole().CS3ResourcePermissions(), unifiedrole.RoleViewer, unifiedrole.UnifiedRoleConditionFile},
+		cs3Conversions.RoleViewer + "2":             {cs3Conversions.NewViewerRole().CS3ResourcePermissions(), unifiedrole.RoleViewer, unifiedrole.UnifiedRoleConditionFolder},
+		cs3Conversions.RoleViewerWithVersions + "1": {cs3Conversions.NewViewerWithVersionsRole().CS3ResourcePermissions(), unifiedrole.RoleViewerWithVersions, unifiedrole.UnifiedRoleConditionFile},
+		cs3Conversions.RoleViewerWithVersions + "2": {cs3Conversions.NewViewerWithVersionsRole().CS3ResourcePermissions(), unifiedrole.RoleViewerWithVersions, unifiedrole.UnifiedRoleConditionFolder},
+		cs3Conversions.RoleEditor:                   {cs3Conversions.NewEditorRole().CS3ResourcePermissions(), unifiedrole.RoleEditor, unifiedrole.UnifiedRoleConditionFolder},
+		cs3Conversions.RoleEditorWithVersions:       {cs3Conversions.NewEditorWithVersionsRole().CS3ResourcePermissions(), unifiedrole.RoleEditorWithVersions, unifiedrole.UnifiedRoleConditionFolder},
+		cs3Conversions.RoleFileEditor:               {cs3Conversions.NewFileEditorRole().CS3ResourcePermissions(), unifiedrole.RoleFileEditor, unifiedrole.UnifiedRoleConditionFile},
+		cs3Conversions.RoleFileEditorWithVersions:   {cs3Conversions.NewFileEditorWithVersionsRole().CS3ResourcePermissions(), unifiedrole.RoleFileEditorWithVersions, unifiedrole.UnifiedRoleConditionFile},
+		cs3Conversions.RoleManager:                  {cs3Conversions.NewManagerRole().CS3ResourcePermissions(), unifiedrole.RoleManager, unifiedrole.UnifiedRoleConditionDrive},
+		cs3Conversions.RoleSpaceViewer:              {cs3Conversions.NewSpaceViewerRole().CS3ResourcePermissions(), unifiedrole.RoleSpaceViewer, unifiedrole.UnifiedRoleConditionDrive},
+		cs3Conversions.RoleSpaceEditor:              {cs3Conversions.NewSpaceEditorRole().CS3ResourcePermissions(), unifiedrole.RoleSpaceEditor, unifiedrole.UnifiedRoleConditionDrive},
+		cs3Conversions.RoleSecureViewer + "1":       {cs3Conversions.NewSecureViewerRole().CS3ResourcePermissions(), unifiedrole.RoleSecureViewer, unifiedrole.UnifiedRoleConditionFile},
+		cs3Conversions.RoleSecureViewer + "2":       {cs3Conversions.NewSecureViewerRole().CS3ResourcePermissions(), unifiedrole.RoleSecureViewer, unifiedrole.UnifiedRoleConditionFolder},
+		cs3Conversions.RoleDenied:                   {cs3Conversions.NewDeniedRole().CS3ResourcePermissions(), unifiedrole.RoleDenied, unifiedrole.UnifiedRoleConditionFolder},
+		"custom 1":                                  {&provider.ResourcePermissions{GetPath: true}, nil, unifiedrole.UnifiedRoleConditionFolder},
 	}
 
 	for name, tc := range tests {

services/graph/pkg/unifiedrole/export_test.go

@@ -2,13 +2,16 @@ package unifiedrole
 
 var (
 	RoleViewer                     = roleViewer
+	RoleViewerWithVersions         = roleViewerWithVersions
 	RoleViewerListGrants           = roleViewerListGrants
 	RoleSpaceViewer                = roleSpaceViewer
 	RoleEditor                     = roleEditor
+	RoleEditorWithVersions         = roleEditorWithVersions
 	RoleEditorListGrants           = roleEditorListGrants
 	RoleSpaceEditor                = roleSpaceEditor
 	RoleSpaceEditorWithoutVersions = roleSpaceEditorWithoutVersions
 	RoleFileEditor                 = roleFileEditor
+	RoleFileEditorWithVersions     = roleFileEditorWithVersions
 	RoleFileEditorListGrants       = roleFileEditorListGrants
 	RoleEditorLite                 = roleEditorLite
 	RoleManager                    = roleManager