bring back CRUDS permissions for federated shares #23918
Conversation
schiessle
force-pushed
the
cruds-for-federated-shares
branch
from
51a09d9 to
351d0bd
Compare
|
@icewind1991 I have a question regarding the last commit in this PR (51643f4) In order to make the remote server respect the share permissions I updated the https://github.com/owncloud/core/blob/master/apps/files_sharing/lib/external/scanner.php#L86 Do you have a idea why we call it on every request as long as the permission was < 31 and stop calling it as soon as the permission was set to 31? I couldn't find the reason. |
schiessle
force-pushed
the
cruds-for-federated-shares
branch
6 times, most recently
from
f0d9fae to
624195d
Compare
|
code is ready and works... please start to review it... I might add additional unit tests in the mean time. cc @DeepDiver1975 would be great if you could have a look at the webdav related changes. Thanks! |
| @@ -62,29 +62,37 @@ | |||
| $rootInfo = \OC\Files\Filesystem::getFileInfo($path); | |||
There was a problem hiding this comment.
Nothing for now... but we should really get rid of this ajax file and move it to a proper controller...
There was a problem hiding this comment.
yes, was also my thought... 😉
|
You probabaly need to rebase as that share permissions fix is already in master. |
schiessle
force-pushed
the
cruds-for-federated-shares
branch
2 times, most recently
from
a9757f7 to
254f64d
Compare
Was already up-to-date enough to contain the fix... but I rebased it once more to be on latest master. |
schiessle
force-pushed
the
cruds-for-federated-shares
branch
2 times, most recently
from
1358eef to
29c5af9
Compare
schiessle
force-pushed
the
cruds-for-federated-shares
branch
from
29c5af9 to
52644eb
Compare
|
permission updated according to #24017 |
|
https://github.com/owncloud/core/pull/23918/files#diff-2e1f33af47835fc7dab530c048c95f9aL157 <-- shouldn't that go as well? Currently federated shares are shared by default without sharing permissions and without delete permissions. I get that this was the old behaviour. But now it looks weird. |
| * @param string $user | ||
| * @return int | ||
| */ | ||
| public function getSharePermissions() { |
There was a problem hiding this comment.
user is actually a bit misleading here...
There was a problem hiding this comment.
The problem is that at the calling end the token is stored in the "user"-field. So it is always somehow misleading, either at the calling end or at the receiving end.
There was a problem hiding this comment.
... but maybe it is better to call it "token" at this place to make it less confusing for the method as such
Can you elaborate on it? What do you think looks wired. The point of the commit you refer to is that if a server receives a propfind from a user who mounted a federated share we need to return the permissions the file was shared with. This doesn't change the default permissions. |
|
@schiesbn when you initially share the file. Permissions send to the OCS Share API are 7. It is weird from a user point I think. Because if I share a folder locally it is shared by default with permissions 31. And federated defaults to 7. |
Of course we could change the default share permissions to match the local shares. |
|
@rullzer see my last commit... I removed the special handling for remote shares regarding the default permissions |
|
👍 |
|
need a second reviewer... @PVince81 @DeepDiver1975 @icewind1991 ? Thanks! |
| return $node->getSharePermissions(); | ||
| $propFind->handle(self::SHARE_PERMISSIONS_PROPERTYNAME, function() use ($node, $httpRequest) { | ||
| return $node->getSharePermissions( | ||
| $httpRequest->getRawServerValue('PHP_AUTH_USER') |
There was a problem hiding this comment.
I'm fairly sure this will only work for some server setups
There was a problem hiding this comment.
Can you elaborate on it? What could be used instead?
There was a problem hiding this comment.
@LukasReschke since you are working on some auth related stuff for 9.1... do you see any issues with it?
There was a problem hiding this comment.
I believe this should work considering the fact that OC::handleAuthHeaders does some mapping magic.
schiessle
force-pushed
the
cruds-for-federated-shares
branch
from
87f4e2a to
df58cdf
Compare
|
@icewind1991 please have another look, I hope you like my last update 😉 |
schiessle
force-pushed
the
cruds-for-federated-shares
branch
from
df58cdf to
fa221ce
Compare
lib/private/files/storage/dav.php
Outdated
There was a problem hiding this comment.
Since we always set the share permission to a default value in propfind I would expect this to always be true
There was a problem hiding this comment.
good point, see my last changes: e906796
…heck if the file has changed or not
schiessle
force-pushed
the
cruds-for-federated-shares
branch
from
fa221ce to
2a6a336
Compare
| $response = $this->propfind($path); | ||
| if (isset($response['{http://open-collaboration-services.org/ns}share-permissions'])) { | ||
| $permissions = $response['{http://open-collaboration-services.org/ns}share-permissions']; | ||
| } else { |
There was a problem hiding this comment.
Would it make sense to also check for the regular permissions field in the propfind result for older oc remotes
There was a problem hiding this comment.
For old federated shares we set the permissions always to 31 and just let the recipient end for example decide to accept a write request or not. That's exactly what I do now in the else block.
|
Do federated share correctly handle the owner losing permissions? (Fed. reshare an internal share and then the owner of the internal share removing permissions) |
Good question. I just tested it. |
|
@icewind1991 I think all comments are addressed... Would be great to get this merged to move forward. |
|
👍 |
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
bring back CRUDS permissions for federated shares
Open Issues: