SecureView. Download and Copy buttons are available for secure view file in the search result #9608
Comments
|
I don't think with the current implementation of the search service this is not preventable, as we don't get the share permissions |
|
then we need add permission because secure view feature becomes insecure: case:
Screen.Recording.2024-07-15.at.15.27.07.mov |
|
Can't we check for the missing DAV permission? |
|
we added 
|
|
How this feature is called secure at all if the file can be opened with something else than collabora ? 🫨 I think we have a security issue here |
Normal downloads are prohibited. We made it possible to open the File in the webOffice. Currently it "works as designed" except the full text search. @butonic we didn't consider that "onlyoffice" is active on the same instance. Can we limit that? |
micbar
added
Priority:p2-high
|
Making this P1 because this should trigger a new rolling release. |
I don't think we need any code changes in web as soon the permission will be exposed via search API, everything should work out of the box. |
|
Transfer to ocis |
ocis | 6.1.0+0b8559f91
web 9.1.0
started using https://github.com/owncloud/web/blob/master/docker-compose.yml
Steps:
adminupload.pngfile -> (strange -no preview in the file list)adminadd tagsecureto.pngfileadminshares.pngtoeinsteinwith secure view roleeinsteintries to find.pngfile by name and goes to search resultActual:
einsteincannot see/add tags in the file in Shares with me page but can see tagsecurein the filter in the search resultDownloadCopyandPrevieware available for.pngfileeinsteincan see file previewThe text was updated successfully, but these errors were encountered: