Improve handling of prevent download permission #1440
Comments
juliusknorr
added
enhancement
|
This would also resolve nextcloud/files_pdfviewer#649 |
|
I am not sure this is the Viewer's job here. 😕 |
|
Where would you see the responsibility then? In the end Collabora registers a file action through viewer, so from my perspective this would need to be a capability of the viewer API to provide a check for that permission as it is the standard approach to handle displaying a file, especially for the cases where apps do not support a certain set of permissions like PDF or the built-in image/video handlers. |
|
And yes, it would just be a 403. |
|
Regarding errors handling, we can heavily improve in the viewer side. |
|
Maybe it would actually be cleaner to NOT handle the errors and let the apps do that themselves like you seems to have been doing in nextcloud/text#2776 ? |
|
My main concern was that we implement the same handling for most of the handlers then, photos/videos even within viewer so why not moving that shared logic one level up into the viewer |
|
So:
Looks good to you? |
|
Sorry, didn't think of throwing a proper error message through dav already 🙈 Sounds like the best approach. |
|
No worries! Do you also rely on Viewer internal file fetching? |
|
Not against WebDAV, but there are specific routes to initiate the rendering. For text we get the file content with some text session specific metadata through OCS, for Collabora the file is then requested by the Collabora server. |
|
Ok, so I guess since you still wait for Viewer to init and fetch the file with PROPFIND, you will benefir from this proper error handling :) |
|
@juliushaertl Is this planned for one of the nearest releases? |
|
The PROPFIND actually doesn't throw an error since the file is still listed. The dav plugin only checks on GET/COPY https://github.com/nextcloud/server/blob/ecf6b7667b8457592d6334e88d2bf54aa4834238/apps/dav/lib/DAV/ViewOnlyPlugin.php#L57-L58 Wondering if we could do another HEAD request to the file in the viewer then, however that would be one additional request per file viewing :/ |
|
@skjnldsv I'd still say that it should be the responsibility of the viewer to pick the right handler depending on the PROPFIND result. The most simple solution would be to have a webdav property that viewer can request during the propfind that is performed on the file already. The viewer handlers could then just pass a secure view option set to true where viewer could use those and skip the ones that don't support it (like files_pdfviewer). |
Sure, but Viewer should not be app-aware. There should not be any custom app code in it, (we already have specific checks for public view, or previews which I don't like.) If a solution is implemented for this in Viewer, this must be an universal one, and not only thought for richdocument 👍 |
All right, then we are on the same page I think :) |
|
Would be solved by #2395 as each handler can check the file properties through the enabled callback |
With nextcloud/server#32482 using the viewer only works for apps like Collabora as for other filetypes like images the download to the users browser would be blocked if the download permission is removed from a share.
The error message for that is quite generic that it failed to load the file. In oder to improve the user experience, it would make sense to implement support for this in the viewer app.
Suggested implementation
In addition to the existing list of mime types for a handler, Collabora could pass over a list of mime types for "secure view". With this list, the viewer could check on the share attribute to see if download is disabled and then either show a proper fitting error message or still load the file if the handler supports the current mime type.
Any objections @skjnldsv @Raudius @CarlSchwan ?
The text was updated successfully, but these errors were encountered: