Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent editing disabled space via a public link #3771

Closed
ScharfViktor opened this issue May 10, 2022 · 7 comments
Closed

Prevent editing disabled space via a public link #3771

ScharfViktor opened this issue May 10, 2022 · 7 comments
Assignees
@kobergj
Labels
Priority:p2-high Escalation, on top of current planning, release blocker Type:Bug

Comments

@ScharfViktor
Copy link
Contributor

ScharfViktor commented May 10, 2022
edited

ownCloud Web UI 5.5.0-rc.5
ocis local: v2.0.0-alpha2

Steps:

  • admin creates project space
  • upload file inside to the space
  • share via public link with edit permissions
  • disable space
  • public opens space and can edit

Expected: All members (excluding users with manager role) should not be able to see space

Actual: users who have public link can still see and edit space
@micbar micbar added the Priority:p2-high Escalation, on top of current planning, release blocker label May 10, 2022
@kobergj kobergj self-assigned this May 11, 2022
@kobergj
Copy link
Collaborator

kobergj commented May 11, 2022

Update: It looks like disabled spaces are only blocked by the UI. It is possible to upload to a disabled space using the API directly.

@ScharfViktor ScharfViktor transferred this issue from owncloud/ocis May 11, 2022
@kobergj
Copy link
Collaborator

kobergj commented May 11, 2022

Update II: Decided to change the functionality a bit:

Disabled spaces cannot be accessed by anyone. They need to be reenabled before there can be an upload or download again.

Managers will only be able to list, reenable or delete a space when it is disabled. For all other actions he needs to reenable the space again

cc @micbar

@kobergj
Copy link
Collaborator

kobergj commented May 11, 2022

@ScharfViktor not a web issue. Primarily are server bug. ocis was the correct place for the ticket.

@micbar
Copy link
Contributor

micbar commented May 11, 2022

@kobergj Should i transfer it back?

@kobergj
Copy link
Collaborator

kobergj commented May 11, 2022
edited

Yes makes no sense to have this ticket here. If there is web work to do I will open a new ticket. Thx!

@kobergj kobergj mentioned this issue May 11, 2022
Merged
@ScharfViktor
Copy link
Contributor Author

I transfered issue back to ocis.

@micbar micbar transferred this issue from owncloud/web May 11, 2022
@kobergj kobergj mentioned this issue May 16, 2022
Merged
9 tasks
@kobergj
Copy link
Collaborator

kobergj commented May 16, 2022

Fix landed in ocis. Closing this...

@kobergj kobergj closed this as completed May 16, 2022
This issue is being transferred. Timeline may not be complete until it finishes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kobergj kobergj

Labels
Priority:p2-high Escalation, on top of current planning, release blocker Type:Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@micbar @kobergj @ScharfViktor