Collabora Online integration for Plone.
Collabora Online provides collaborative open source document editing, controlled by you.
Collective.collabora brings this capability into Plone. It can be used as-is, and works out of the box in about any Plone version.
Additionally, collective.collabora provides a building block for integration of real-time document collaboration into Plone-based applications like Quaive and iA.Delib.
- Real-time collaborative document editing of office-type documents: Word documents, spreadsheets, etc.
- Reading Office files and PDFs in your browser in a Plone page, with comments, even if you do not have edit rights.
- Wide compatibility of this add-on across Plone and Python versions.
Development alpha, not suitable for production use yet.
Things that need to implemented/improved/tested:
- Translations
- Plone4 backport
- Overall testing and UI polishing
- Johannes Raggam (thet): initial proof of concept (integration, WOPI implementation).
- Guido A.J. Stevens (gyst): production quality code (cleanup, tests, CI, documentation, backporting, release).
- Issue Tracker: https://github.com/collective/collective.collabora/issues
- Source Code: https://github.com/collective/collective.collabora
If you are having issues, please let us know via the issue tracker.
This package is part of Quaive and supported by the Quaive partners Cosent, Syslab.com and iMio.
Development of this package was sponsored by iMio and Syslab.com.
The project is licensed under the GPLv2.
Install collective.collabora by adding it to your buildout:
[buildout]
...
eggs =
collective.collabora
and then running bin/buildout.
You can then install collective.collabora though the add-on control panel.
For this to work, you need to have a Collabora Online service up and running.
See:
See Development below for instructions on running a development setup.
There is a single registry record you need to configure:
collective.collabora.server_url. This should be a publicly accessible URL
that accesses (is reverse proxied to) your Collabora server.
See:
- https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html
- https://sdk.collaboraonline.com/docs/installation/Configuration.html#network-settings
By default, collective.collabora.server_url is configured to
http://host.docker.internal:9980, which is suitable for development but
needs to be changed for production deployment.
There are three main components in play:
- The browser.
- Plone server, providing two views: the user-facing
@@cool_editview, and the Collabora callback API@@cool_wopi. - Collabora Online server.
Collabora needs to be accessible from the browser. Plone needs to be not only accessible from the browser, but also from Collabora.
The following diagram illustrates the information flow.
- Open the Plone view
@@cool_edit. This is integrated in the Plone UI as an action calledOpen. - The
cool_editview renders with an iframe. - The iframe loads the Collabora Online UI. The URL for that iframe contains
the callback URL
cool_wopithat Collabora will use to communicate with Plone in steps (4) and (7). - Collabora retrieves the file to be edited directly from Plone, outside of the
browser, by accessing the WOPI URL
@@cool_wopi. It uses a JWT access token encoded in the iframe URL to connect to Plone as the user that has openedcool_edit.
The file is now rendered in the iframe in the browser. If the user has View
permissions, but not Modify portal content, the flow ends here. The user can
read the document and any comments other collaborators made on the document in
Collabora.
- If the user opening the document has
Modify portal contentpermission on the file, a real-time editing session is opened. - Any changes the user makes to the document, will be autosaved.
- The save is performed by Collabora issuing a POST request to the Plone view
@@cool_wopi. That view checks permissions, and performs the save. In case of a write/locking conflict, that's communicated back to Collabora which will open a UI for the user to resolve this. - Some actions, like
Save and exit, can be performed on thecool_editview outside of the iframe. The Plone document communicates such actions to the Collabora iframe via the postMessage API, see: https://sdk.collaboraonline.com/docs/postmessage_api.html
To change the Collabora Online configuration, extract /etc/coolwsd/coolwsd.xml from the docker container.
Make changes, then use e.g. a bind mound to map your changed configuration back into the docker container. YMMV.
The Collabora Online security architecture isolates all user document sessions from each other.
The only place where Collabora Online interacts with user data is what it gets
from @@cool_wopi (including the document name). The
personal data flow within Collabora
can be further anonymized, see anonymize_user_data in the Collabora
coolwsd.xml configuration file.
The collective.collabora @@cool_edit view passes a authentication token to
the Collabora Online server. The Collabora Online server uses that
authentication token, to retrieve information from Plone via the
collective.collabora @@cool_wopi view.
Collabora Online interacts with Plone exclusively though the @@cool_wopi
view, logged in as the user who opened the @@cool_edit view. Both those
Plone views are protected with the zope2.View permission through normal ZCML
configuration. Additionally, performing a document save on @@cool_wopi is
protected with the ModifyPortalContent permission in python.
Protection against potential session hijacking can be configured by enabling WOPI Proof in your production deployment of Collabora Online.
You will typically deploy a Collabora Online server behind a reverse proxy, and otherwise firewall it from the open internet. Whatever your network topology, Collabora Online needs to be able to connect to Plone on the public URL of your Plone site. Adding an extra configuration to enable Collabora to talk directly to Plone on an internal URL, bypassing your frontend stack, is planned.
For a production deployment, you need to take the following security configurations into account:
If you want to use the same Collabora server to integrate with multiple sites, you will need to configure host allow/deny policies.
For full SDK integration documentation docs, see:
This package provides a default configuration that is suitable for development:
- The provided
docker-compose.yamlruns the CODE server onhttp://host.docker.internal:9980, if you rundocker compose upin the package root directory. - The
collective.collabora:defaultprofile configures the registry recordcollective.collabora.server_urlto point at that CODE server at that URL.
Use host.docker.internal instead of localhost.
For this package to work you cannot access your Plone site on localhost.
Plone provides its own URL to Collabora, and Collabora performs callbacks on
that URL. Obviously if Collabora tries to access localhost, it will reach itself
and not Plone. Protections against this misconfiguration are built into the
code.
Instead, add an alias in your /etc/hosts:
172.17.0.1 host.docker.internal
which binds to the docker bridge IP. This will enable COOL to connect to Plone.
This package uses tox to drive buildout and test runners.
See the provided Makefile for some usage pointers.
To build and test all environments:
make all
To run a single development server:
make start60
To run all tests for only that environment:
tox -e py312-Plone60
To run a single test in a single environment and spawn a debugger:
tox -e py312-Plone60 -- -t your_test_substring -D -x
To run all linters in parallel:
tox -p -f lint
Github CI testing is configured in:
.github/workflows/plone-package.yml
For the tox CLI documentation, see:
