Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add allowed_view_extensions config node #6564

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

Koc
Copy link

@Koc Koc commented Oct 26, 2024

📝 Summary

It isn't possible to view md files if they were shared without allow downloading. Related to nextcloud/server#48903

🔍 Repoducer

Share file without download possibility

image

Try to view file as share recipient

image

To fix that we can introduce a new allowed_view_extensions config node.

  'allowed_view_extensions' => [
    'md',
    // ...
  ]

🚧 TODO

  • ...

🏁 Checklist

  • Code is properly formatted (npm run lint / npm run stylelint / composer run cs:check)
  • Sign-off message is added to all commits
  • Tests (unit, integration and/or end-to-end) passing and the changes are covered with tests
  • Documentation (README or documentation) has been updated or is not required

Signed-off-by: Kostiantyn Miakshyn <molodchick@gmail.com>
@Koc Koc requested review from juliusknorr and max-nextcloud and removed request for mejo- and max-nextcloud October 26, 2024 14:08
@Koc Koc force-pushed the feature/add-allowed-view-extensions-config branch from ba678d2 to bf2f624 Compare October 26, 2024 14:09
@Koc Koc requested a review from mejo- October 26, 2024 14:23
@max-nextcloud
Copy link
Collaborator

@Koc Thanks a lot for addressing this. The current state is really confusing.

I'm not sure your proposed solution is really what we want. Before diving into the code I think we should clarify that with @nextcloud/designers .

We're always hesitant to add config options. However this config would not be exposed in the UI I assume. But the problematic scenario would remain for files which are not part of the allowed_view_extensions config.

I know the permission setting to prevent downloads is messy. I personally think that this should not exist for the filetypes you list as one can never prevent a screenshot or a copy and paste download. But I'll wait to hear what the designers say.

Copy link
Member

@jancborchardt jancborchardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally I think it should just work and not necessitate another setting or parameter.

What exactly "just work" means for the "Prevent download" vs being able to view though, it is up to @AndyScherzinger @juliusknorr @sorbaugh to define as it is a technical and security question related to both Files and Office.

Copy link
Contributor

Hello there,
Thank you so much for taking the time and effort to create a pull request to our Nextcloud project.

We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process.

Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6

Thank you for contributing to Nextcloud and we hope to hear from you soon!

(If you believe you should not receive this message, you can add yourself to the blocklist.)

@Koc
Copy link
Author

Koc commented Nov 11, 2024

@jancborchardt any suggestions how to make it "just works". In this case I guess we should hardcode list of extensions somewhere

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants