Skip to content

fix(collaboration): [OCISDEV-781] return 200 OK for WOPI Lock in read-only and view-only modes#12257

Merged
kobergj merged 1 commit intoowncloud:masterfrom
kobergj:feat/OCISDEV-781-wopi-lock-read-only
Apr 24, 2026
Merged

fix(collaboration): [OCISDEV-781] return 200 OK for WOPI Lock in read-only and view-only modes#12257
kobergj merged 1 commit intoowncloud:masterfrom
kobergj:feat/OCISDEV-781-wopi-lock-read-only

Conversation

@kobergj
Copy link
Copy Markdown
Contributor

@kobergj kobergj commented Apr 23, 2026

Summary

  • OnlyOffice sends a WOPI Lock request on document open regardless of whether the user has write access
  • The Lock handler was calling SetLock with a read-only CS3 token, which returned a permission error propagated as HTTP 500 to OnlyOffice, causing an error dialog on load
  • Return 200 OK immediately for READ_ONLY and VIEW_ONLY view modes without acquiring a CS3 lock

Root cause

In oCIS 8.0.0 a role permission fix correctly removed InitiateFileUpload from Viewer roles. As a result, viewer users now correctly receive ViewMode=READ_ONLY instead of READ_WRITE. OnlyOffice always sends a Lock request on open even when UserCanWrite=false. The WOPI Lock handler did not check the view mode before calling SetLock, causing a CS3 permission error → HTTP 500 → OnlyOffice error dialog. Before 8.0.0 this was hidden because viewers were incorrectly treated as editors.

Test plan

  • Open a .docx/.xlsx/.pdf file via a read-only share in OnlyOffice — no error dialog should appear and the file opens in view mode
  • Open a file via a public link with viewer role — same, no error dialog
  • Open a file as a space member with "Can View" role — same
  • Open a file with write access — Lock still works normally, editing unaffected
  • Unit tests pass: make -C services/collaboration test

Closes OCISDEV-781

🤖 Generated with Claude Code

@kobergj kobergj force-pushed the feat/OCISDEV-781-wopi-lock-read-only branch 2 times, most recently from 476aacb to a550b39 Compare April 23, 2026 11:56
@mzner mzner self-requested a review April 23, 2026 13:23
@kobergj kobergj marked this pull request as draft April 23, 2026 14:16
@kobergj kobergj force-pushed the feat/OCISDEV-781-wopi-lock-read-only branch from a550b39 to 58cb9c5 Compare April 23, 2026 18:10
@kobergj kobergj marked this pull request as ready for review April 23, 2026 18:11
@kobergj kobergj force-pushed the feat/OCISDEV-781-wopi-lock-read-only branch from 58cb9c5 to bd9635c Compare April 24, 2026 11:15
@kobergj @claude
fix(collaboration): [OCISDEV-781] return 200 OK for WOPI Lock in read…
8e8041a 
…-only modes

OnlyOffice sends a WOPI Lock request on document open regardless of whether
the user has write access. The Lock handler was calling SetLock with a
read-only CS3 token, which returned a permission error propagated as HTTP 500
to OnlyOffice, causing an error dialog on load.

Return 200 OK immediately for READ_ONLY and VIEW_ONLY view modes without
acquiring a CS3 lock.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Julian Koberg <julian.koberg@kiteworks.com>
@kobergj kobergj force-pushed the feat/OCISDEV-781-wopi-lock-read-only branch from bd9635c to 8e8041a Compare April 24, 2026 11:15
@kobergj kobergj enabled auto-merge April 24, 2026 11:15
@kobergj kobergj merged commit af0ea4f into owncloud:master Apr 24, 2026
54 checks passed
@kobergj kobergj deleted the feat/OCISDEV-781-wopi-lock-read-only branch April 24, 2026 11:59
@kobergj kobergj mentioned this pull request Apr 24, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@2403905 2403905 2403905 approved these changes

@mzner mzner mzner approved these changes

Assignees

@kobergj kobergj

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kobergj @2403905 @mzner