Implement more fine-grained external storage permissions model

VisibilityTrait -> PermissionsTrait

PermissionsTrait stores two sets of data, $permissions and
$allowedPermissions (analogous to $visibility and $allowedVisibility of
VisibilityTrait). Each set is a map of user type ('admin' or 'personal')
to permissions (mounting permission, create permission).

The result is that a backend can now be restricted for creation, while
still allowing it to be mounted. This is useful for deprecating backends
or auth mechanisms, preventing new storages being created, while still
allowing existing storages to be mounted.

1 files changed, 6 insertions, 2 deletions

diff --git a/apps/files_external/personal.php b/apps/files_external/personal.php
index 8717d91d4f1..d47f983b357 100644
--- a/apps/files_external/personal.php
+++ b/apps/files_external/personal.php
@@ -34,8 +34,12 @@ $userStoragesService = $appContainer->query('OCA\Files_external\Service\UserStor
 OCP\Util::addScript('files_external', 'settings');
 OCP\Util::addStyle('files_external', 'settings');
 
-$backends = $backendService->getBackendsVisibleFor(BackendService::VISIBILITY_PERSONAL);
-$authMechanisms = $backendService->getAuthMechanismsVisibleFor(BackendService::VISIBILITY_PERSONAL);
+$backends = array_filter($backendService->getAvailableBackends(), function($backend) {
+	return $backend->isPermitted(BackendService::USER_PERSONAL, BackendService::PERMISSION_CREATE);
+});
+$authMechanisms = array_filter($backendService->getAuthMechanisms(), function($authMechanism) {
+	return $authMechanism->isPermitted(BackendService::USER_PERSONAL, BackendService::PERMISSION_CREATE);
+});
 foreach ($backends as $backend) {
 	if ($backend->getCustomJs()) {
 		\OCP\Util::addScript('files_external', $backend->getCustomJs());