WIP: Admin setting iframe #4373
Conversation
Signed-off-by: codewithvk <vivek.javiya@collabora.com>
Signed-off-by: codewithvk <vivek.javiya@collabora.com>
Signed-off-by: codewithvk <vivek.javiya@collabora.com>
codewithvk
force-pushed
the
private/codewithvk/cool_setting_iframe
branch
from
62c98ce to
104c780
Compare
| $wopi = $this->tokenManager->generateWopiToken($fileId, null, $adminUserId); | ||
|
|
||
| $coolBaseUrl = $this->appConfig->getCollaboraUrlPublic(); | ||
| $adminSettingsWopiSrc = $coolBaseUrl . '/browser/admin-settings.html?'; |
There was a problem hiding this comment.
Ideally this would be an URL that can be obtained from the discovery endpoint of Collabora, could be a separate app element for settings
| $owneruid = null; | ||
| $hideDownload = false; | ||
| $rootFolder = $this->rootFolder; | ||
|
|
||
| if ($fileId == "-1") |
There was a problem hiding this comment.
| if ($fileId == "-1") | |
| if ($fileId === "-1") |
Best always use strict comparison in PHP
| @@ -66,6 +66,34 @@ public function generateFileToken($fileId, $owner, $editor, $version, $updatable | |||
| return $wopi; | |||
| } | |||
|
|
|||
| public function generateUserSettingsToken($fileId, $owner, $editor, $version, $updatable, $serverHost, ?string $guestDisplayname = null, $hideDownload = false, $direct = false, $templateId = 0, $share = null) { | |||
There was a problem hiding this comment.
We probably can simplify the signature of this method a lot. Most of it is passed in as dummy/default values
| @@ -384,6 +384,25 @@ public function editOnlineTarget(int $fileId, ?string $target = null): RedirectR | |||
| #[PublicPage] | |||
| public function token(int $fileId, ?string $shareToken = null, ?string $path = null, ?string $guestName = null): DataResponse { | |||
| try { | |||
| if ($fileId === -1 && $path !== null && str_starts_with($path, 'admin-settings/')) { | |||
| $parts = explode('/', $path); | |||
| $adminUserId = $parts[1] ?? $this->userId; // fallback if needed | |||
There was a problem hiding this comment.
This seems dangerous, we should always use $this->userId and not let the user id be passed as request data.
Additionally we need to check if the user id is an admin (Can be done through https://github.com/nextcloud/server/blob/dff881544920f426b984f91b7bc8dece1f351342/lib/public/IGroupManager.php#L115
| @@ -384,6 +384,25 @@ public function editOnlineTarget(int $fileId, ?string $target = null): RedirectR | |||
| #[PublicPage] | |||
| public function token(int $fileId, ?string $shareToken = null, ?string $path = null, ?string $guestName = null): DataResponse { | |||
| try { | |||
| if ($fileId === -1 && $path !== null && str_starts_with($path, 'admin-settings/')) { | |||
There was a problem hiding this comment.
Maybe we can even extract this part, so we don't need to extend the token endpoint. This logic could be moved to the SettingsController and generate a token directly there.
There was a problem hiding this comment.
Would be safer as then we can be sure this can only be called by admins
Signed-off-by: codewithvk <vivek.javiya@collabora.com>
…directories Signed-off-by: codewithvk <vivek.javiya@collabora.com>
…y of user and system settings. Note: We will delete this commit/code after the entire prototype is ready. Reviewers can ignore this commit during the review process. Signed-off-by: codewithvk <vivek.javiya@collabora.com>
TODO: We should try to centralize the path everywhere so that a change in one place updates it everywhere! Signed-off-by: codewithvk <vivek.javiya@collabora.com>
… it to system-settings dir Signed-off-by: codewithvk <vivek.javiya@collabora.com>
…equest Signed-off-by: codewithvk <vivek.javiya@collabora.com>
- Implement dynamic routing for settings files, enabling URLs structured as /settings/{type}/{category}/{filename}.
- Support various setting types (e.g. userconfigs, sharedconfigs) and categories (e.g. autotext, wordbook) so that multiple files can be stored for each category.
- Ensure proper URL parsing and directory handling for uploading and retrieving files via the WOPI interface.
Signed-off-by: codewithvk <vivek.javiya@collabora.com>
codewithvk
force-pushed
the
private/codewithvk/cool_setting_iframe
branch
from
905e1e2 to
cc91ef8
Compare
Signed-off-by: codewithvk <vivek.javiya@collabora.com>
|
Related serverside PR : nextcloud/server#50145 |
Summary
TODO
Checklist