-
Notifications
You must be signed in to change notification settings - Fork 182
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SecureView. Download and Copy buttons are available for secure view file in the search result #9608
Comments
I don't think with the current implementation of the search service this is not preventable, as we don't get the share permissions |
then we need add permission because secure view feature becomes insecure: case:
Screen.Recording.2024-07-15.at.15.27.07.mov |
Can't we check for the missing DAV permission? |
we added |
How this feature is called secure at all if the file can be opened with something else than collabora ? 🫨 I think we have a security issue here |
Normal downloads are prohibited. We made it possible to open the File in the webOffice. Currently it "works as designed" except the full text search. @butonic we didn't consider that "onlyoffice" is active on the same instance. Can we limit that? |
Making this P1 because this should trigger a new rolling release. |
I don't think we need any code changes in web as soon the permission will be exposed via search API, everything should work out of the box. |
Transfer to ocis |
ocis | 6.1.0+0b8559f91
web 9.1.0
started using https://github.com/owncloud/web/blob/master/docker-compose.yml
Steps:
admin
upload.png
file -> (strange -no preview in the file list)admin
add tagsecure
to.png
fileadmin
shares.png
toeinstein
with secure view roleeinstein
tries to find.png
file by name and goes to search resultActual:
einstein
cannot see/add tags in the file in Shares with me page but can see tagsecure
in the filter in the search resultDownload
Copy
andPreview
are available for.png
filehere is wrong. einstein cannot see previeweinstein
can see file previewThe text was updated successfully, but these errors were encountered: