Add hidden user folder #29886
Add hidden user folder #29886
Conversation
|
added a function get generate the folder name and added a dot prefix |
there might be more yeah, would be good to add maybe integration tests for this to confirm that all file operations are denied there or at least that the folder is protected in some way |
|
|
icewind1991
force-pushed
the
hidden-folder
branch
2 times, most recently
from
cc132a8
to
1a437b1
Compare
|
nextcloud/activity#698 for the activity path
This is intentional yes
I think this is ok, due to the "random" name it's very unlikely that a user hits this by accident, and being able to browse the hidden folder on purpose is fine since it's not a security feature. |
There was a problem hiding this comment.
From reading the code:
- What if the user creates a folder with the same name as the hidden folder but in a subfolder.
/
/.hidden_azeudhazud <-- real hidden folder
/sub_folder
/sub_folder/.hidden_azeudhazud <-- user creates this folder that should maybe not be hidden.
If I get this right, the created folder will be considered as hidden by FileSystem::isPathHidden.
Is this intended behaviour?
It makes sense if userA share his root folder with userB
/ <-- userB's root folder
/.hidden_azeudhazud <-- userB's hidden folder
/usera_shared_root_folder <-- what the name says
/usera_shared_root_folder/.hidden_azeudhazud <-- userA's hidden folder that should be hidden
1a437b1
to
bbc4e4b
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| $hiddenName = Filesystem::getHiddenFolderName(); | ||
| if ($share->getNode()->getName() === $hiddenName) { | ||
| $event->stopPropagation(); |
Check notice
Code scanning / Psalm
DeprecatedMethod
icewind1991
force-pushed
the
hidden-folder
branch
from
bbc4e4b
to
7927445
Compare
| $server->on('beforeUnbind', [$this, 'onBind'], 1000); | ||
| } | ||
|
|
||
| public function onBind($path): bool { |
Check notice
Code scanning / Psalm
MissingParamType
this can be used by apps to have apps that are within the users home folder but are hidden from the normal ui bits Signed-off-by: Robin Appelman <[email protected]>
Signed-off-by: Robin Appelman <[email protected]>
Signed-off-by: Robin Appelman <[email protected]>
Signed-off-by: Robin Appelman <[email protected]>
icewind1991
force-pushed
the
hidden-folder
branch
from
7927445
to
77bbbf7
Compare
skjnldsv
added
the
pending documentation
skjnldsv
added
2. developing
this can be used by apps to have apps that are within the users home folder but are hidden from the normal ui bits.
Currently, the "hidden" part is achieved in the dav plugin excluding it from listing and file search excluding results inside it.
I had originally hoped to have the "hidden" logic be more low level instead of having to implement it separately in each api by my attempts for that didn't work out as they would defeat the purpose of the folder in the first place (having it accessible trough normal endpoints by path and fileid)