-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Delete/update link issues if PublicLink.Write
permission is absent
#6036
Comments
@kulmann I think this is not per se a bug. For issue (1): For issue (2): |
Argh, sorry, didn't see your pings :-( For issue (1): agreed, that makes sense. Let's keep that like it is. For issue (2): product expectation is actually that you can work with I added an |
After investigating a little deeper I think there is some confusion about the permissions involved. Let me clear that up a little:
The permissions used to create/update/delete public links are You can never add more permissions to a link than you have on a file. To understand this correctly: The desired behaviour is that any user can create/update/delete any internal public link regardless of permissions? That means I could delete the internal links of other users by mistake (or will)? |
Decision: Do not check for Do not check for Allow deleting own links, even if |
The change is in cs3org/reva#3819 One open point:
And one more question as I am not sure if this is a problem:
|
From my POV, we can move on with these open points. |
Describe the bug
@JammingBen and myself discovered two issues today when trying to work with links with a user that doesn't have the
PublicLink.Write
permission:When fixing (1) please make sure that deletion should still be possible for the internal link.
Steps to reproduce
Steps to reproduce the behavior:
PublicLink.Write
permissioninternal
PublicLink.Write
permissionFor issue (1):
4. Try to delete the non-internal link
For issue (2):
4. Try to rename the internal link
5. Try to set an expiration date for the internal link
Expected behavior
For issue (1):
Deleting the non-internal link should not be possible.
For issue (2):
Renaming or setting an expiration date for the internal link should be possible.
Actual behavior
For issue (1):
Deleting the non-internal link is possible.
For issue (2):
Renaming or setting an expiration date for the internal link is not possible.
Setup
https://0001.schule.owncloud.works
Additional context
There is a bug in web for a user who doesn't have the
PublicLink.Write
permission: Links are always created with the default role, which isViewer
and then fails for the user without thePublicLink.Write
permission. For the user without that permission the link should be created with theInternal
role instead. See owncloud/web#8788 for the issue and owncloud/web#8796 for the web fix.The text was updated successfully, but these errors were encountered: