Make notes path configurable #207
Conversation
There was a problem hiding this comment.
Thanks for this nice PR! This will fix #57 😃
I had a deep look at your code, and it's very good! However, I found some problems -- I commented them at the respective code line. As a general hint, here are some notes on building secure apps, which should be considered: https://docs.nextcloud.com/server/13/developer_manual/general/security.html
In #57, @jancborchardt suggested to use "a bottom left settings area" like in the files app, contacts app or calendar app. I think this would be better than hiding this setting on the personal settings page. But it should be easy to move your template to the other position.
Looking forward for an update of your PR 👍
js/package.json
Outdated
| "dependencies": {}, | ||
| "dependencies": { | ||
| "bower": "^1.8.4", | ||
| "grunt": "^1.0.3" |
There was a problem hiding this comment.
I don't think that those dependencies are required. For me, it works without them.
templates/settings/personal.php
Outdated
| @@ -0,0 +1,5 @@ | |||
| <form id="notesSettings" class="section"> | |||
| <h2>Notes</h2> | |||
| <p class="settings-hint">Set the default path to store your notes.</p> | |||
There was a problem hiding this comment.
These strings must be internationalized. Please use:
<?php p($l->t('Set the default path to store your notes.')); ?>
templates/settings/personal.php
Outdated
| <form id="notesSettings" class="section"> | ||
| <h2>Notes</h2> | ||
| <p class="settings-hint">Set the default path to store your notes.</p> | ||
| <input type="text" name="notesPath" value="<?=$_['notesPath']?>" placeholder="Notes" id="notesPath" style="width:100%"/> |
There was a problem hiding this comment.
The value must be sanitized. Currently, you could do a XSS attack! Please use p(...) for this.
templates/settings/personal.php
Outdated
| <form id="notesSettings" class="section"> | ||
| <h2>Notes</h2> | ||
| <p class="settings-hint">Set the default path to store your notes.</p> | ||
| <input type="text" name="notesPath" value="<?=$_['notesPath']?>" placeholder="Notes" id="notesPath" style="width:100%"/> |
There was a problem hiding this comment.
It would be nice, if also pressing return would save the setting. Currently, only putting the focus to somewhere else does work.
service/notesservice.php
Outdated
| @@ -295,7 +300,8 @@ private function getFileById ($folder, $id) { | |||
| * @return Folder | |||
| */ | |||
| private function getFolderForUser ($userId) { | |||
| $path = '/' . $userId . '/files/Notes'; | |||
| $notesPath = $this->config->getUserValue($userId, 'notes', 'notesPath'); | |||
There was a problem hiding this comment.
Here, we need to have a fallback to the default value Notes if there is no such setting, yet.
controller/settingscontroller.php
Outdated
| public function setNotesPath($notesPath) { | ||
| $uid = $this->userSession->getUser()->getUID(); | ||
|
|
||
| $path = '/' . $uid . '/files' . $notesPath; |
There was a problem hiding this comment.
I think this should be '/files/'
controller/settingscontroller.php
Outdated
| public function setNotesPath($notesPath) { | ||
| $uid = $this->userSession->getUser()->getUID(); | ||
|
|
||
| $path = '/' . $uid . '/files' . $notesPath; |
There was a problem hiding this comment.
I think we should sanitize $notesPath before using it here. However, I wasn't able to attack this. Does the Files API checks for directory traversals?
There was a problem hiding this comment.
I can't find anything about this in the dev docs. The closest info I've found is this: https://github.com/nextcloud/server/blob/stable13/lib/public/Files/Folder.php#L104
Since the path was not "manually" sanitized before my changes, I did not sanitize them, too and I assume that this is done internally. But you're right, this should be verified - but I think I'm not the right person to do so :)
There was a problem hiding this comment.
I analyzed this and found out that the nextcloud-server sanitizes the path. Hence, it's not a security problem, but maybe a usability problem.
|
Yup, like @korelstar said, this should be in a bottom left settings area. You can find the design documentation on that at https://docs.nextcloud.com/server/14/developer_manual/design/settings.html :) |
jancborchardt
added
enhancement
|
@jancborchardt I've introduced the app settings in the bottom left. Further I did some work on making the settings management more abstract in order to support possibly other app settings next to "notesPath". |
|
Thanks! That looks good to me:
The personal settings page is obsolete now and should be removed. I will do a code review again, then (if @jancborchardt has no change requests). |
|
@korelstar I've removed the obsolete settings page. |
|
Thanks, @danielmorlock ! One last thing: After changing the setting, nothing (visible) happens. It would be helpful, if the notes app would reload in order to make the new path effective. Can you add this functionality, please? After that I will merge this PR (if @jancborchardt doesn't intervene until then). |
There was a problem hiding this comment.
Sorry for bothering you, @danielmorlock . I made the changes by myself. I think it's fine, now.
… and possibly more app settings.
|
Is it also possible to make the setting apply without a reload? :) |
|
Indeed, that would be nicer. That would require some more work. I think you should open a new issue for that. |
|
In looking at the Android app, I'm unable to locate the Advanced options within settings. Currently running 0.27.1 Thanks. |
|
Hi @HarleyStone, this option is only available via the web interface. @korelstar is there a REST-API for this setting? |
Ahhh. I see now. Thanks. |
No. Do you think we need this? I would say, that a setting in the server app is sufficient, isn't it? |
|
Not sure. Noone asked until now and it is something you will usually do max. 1 time, so.... No. If there was an API, i might have implemented a setting, but it's not worth the effort i think. |
I introduced a user setting where a user can set a custom path for its notes. See "Settings" -> "Additional Settings".
Feedback is welcome!