Add ability to share items with people outside the platform #10663
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rijkvanzanten
commented
Dec 23, 2021
3 tasks
AustinPhillipTaylor
pushed a commit
to AustinPhillipTaylor/directus
that referenced
this pull request
May 11, 2022
…#10663) * Add directus_shares * Don't check for usage limit on refresh * Add all endpoints to the shares controller * Move route `/auth/shared` to `/shared/auth` * Add password protection * Add `share` action in permissions * Add `shares/:pk/info` * Start on shared-view * Add basic styling for full shared view * Fixed migrations * Add inline style for shared view * Allow title override * Finish /info endpoint for shares * Add basic UUID validation to share/info endpont * Add UUID validation to other routes * Add not found state * Cleanup /extract/finish share login endpoint * Cleanup auth * Added `share_start` and `share_end` * Add share sidebar details. * Allow share permissions configuration * Hide the `new_share` button for unauthorized users * Fix uses_left displayed value * Show expired / upcoming shares * Improved expired/upcoming styling * Fixed share login query * Fix check-ip and get-permissions middlewares behaviour when role is null * Simplify cache key * Fix typescript linting issues * Handle app auth flow for shared page * Fixed /users/me response * Show when user is authenticated * Try showing item drawer in shared page * Improved shared card styling * Add shares permissions and change share card styling * Pull in schema/permissions on share * Create getPermissionForShare file * Change getPermissionsForShare signature * Render form + item on share after auth * Finalize public front end * Handle fake o2m field in applyQuery * [WIP] * New translations en-US.yaml (Bulgarian) (directus#10585) * smaller label height (directus#10587) * Update to the latest Material Icons (directus#10573) The icons are based on https://fonts.google.com/icons * New translations en-US.yaml (Arabic) (directus#10593) * New translations en-US.yaml (Arabic) (directus#10594) * New translations en-US.yaml (Portuguese, Brazilian) (directus#10604) * New translations en-US.yaml (French) (directus#10605) * New translations en-US.yaml (Italian) (directus#10613) * fix M2A list not updating (directus#10617) * Fix filters * Add admin filter on m2o role selection * Add admin filter on m2o role selection * Add o2m permissions traversing * Finish relational tree permissions generation * Handle implicit a2o relation * Update implicit relation regex * Fix regex * Fix implicitRelation unnesting for new regex * Fix implicitRelation length check * Rename m2a to a2o internally * Add auto-gen permissions for a2o * [WIP] Improve share UX * Add ctx menu options * Add share dialog * Add email notifications * Tweak endpoint * Tweak file interface disabled state * Add nicer invalid state to password input * Dont return info for expired/upcoming shares * Tweak disabled state for relational interfaces * Fix share button for non admin roles * Show/hide edit/delete based on permissions to shares * Fix imports of mutationtype * Resolve (my own) suggestions * Fix migration for ms sql * Resolve last suggestion Co-authored-by: Oreilles <oreilles.github@nitoref.io> Co-authored-by: Oreilles <33065839+oreilles@users.noreply.github.com> Co-authored-by: Ben Haynes <ben@rngr.org> Co-authored-by: Thien Nguyen <72242664+tatthien@users.noreply.github.com> Co-authored-by: Azri Kahar <42867097+azrikahar@users.noreply.github.com>
9 tasks
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds a new Sharing mechanism, that allows the user to share items from collections with people outside of Directus. Shares are controlled through a new sidebar detail on the item detail page:
Each share can be configured with some options to restrict its usage, this includes an optional password, a datetime-range in which it's valid, and a maximum number of uses the item can be viewed:
Shares can be.. shared by copying/sending the unique link it generates directly, or by having Directus itself send an email to any recipient:
Each share generates a unique URL that can be used to view the shared item, without having to have a user to login with. The user who receives the link can simply open it, and assuming all configured conditions have been met, view the item:
(in this particular case, only configured to allow to see the author's name)
Is this safe?
Every time you create a Share, you have the option to associate a role to the share. This allows you to have the share inherit the permissions of that given role. This allows you to finely control what exact fields (including relational fields) are available on the shared item. We obviously don't want to expose anything that wasn't explicitly shared, so in addition to inheriting the role's permissions, the API will automatically generate and inject a permissions set to ensure that only the shared item, and items that are relationally linked to the shared item can be viewed. This is done by following all relational fields, and automatically injecting permissions that ensure that only items that have an explicit relationship to the shared item can be viewed (if your role allows read access to those collections in the first place).
In addition, you can control what role is allowed to share what particular item within the system. This allows you to configure things like "Only reports that are marked as 'Done' can be shared":