[stable30] Show error when trying to open a shared PDF without download permissions #1098
Conversation
![backportbot[bot]](https://avatars.githubusercontent.com/in/60201?s=60&v=4){kind=small}
Antreesy
force-pushed
the
backport/1077/stable30
branch
from
0f581e5 to
152cfc2
Compare
|
/compile / |
|
Tested for registered users, but public share links do not provide |
"canDownload" inverted the value of the "hideDownload" setting. However, that was not accurate, as if the download is hidden the file can still be downloaded. Moreover, it is possible to actually disallow downloads, which is a different setting (using share attributes) than hiding it. Therefore, to better differentiate between a hidden download and a disabled download the previous "canDownload" was renamed (and adjusted as needed) to "hideDownload". Signed-off-by: Daniel Calviño Sánchez <[email protected]>
In order to show a PDF file it needs to be downloaded. Therefore, if a shared PDF file does not have download permissions it is not possible to show it, so now an error is shown instead. The error is a custom one rather than a standard error from the viewer (although with the same appearance) to better explain the reason. Note that the error is shown only when the PDF file is loaded through the viewer, which should be always the case. There is a fallback to inject the UI in public shares in case the viewer is not available, but handling the error also in that case was not trivial and that fallback should never be used anyway, so it was not taken into account. Signed-off-by: Daniel Calviño Sánchez <[email protected]>
@nextcloud/files was already an implicit dependency, but now it is made explicit to use the functions it provides in the PDF viewer code. Signed-off-by: Daniel Calviño Sánchez <[email protected]>
The viewer loads the default and registered DAV properties in the FileInfo object provided to the PDF viewer. The "share-attributes" property is needed to know if downloads are allowed, but it is not one of the properties included by default. The Files app registers it during its initialization, so it is automatically available when the PDF viewer is opened in the Files app. However, when the PDF viewer is opened in public share page nothing registers it, so it needs to be explicitly registered by the PDF viewer itself before the viewer is loaded. Signed-off-by: Daniel Calviño Sánchez <[email protected]>
danxuliu
force-pushed
the
backport/1077/stable30
branch
from
de64804 to
359f68c
Compare
|
/compile / |
The viewer gets the list of DAV properties to load using The DAV properties must be registered before the viewer is loaded, though, as the list of properties will be fixed once the viewer is initialized, they will not depend on the registered properties at the time of making the request to get the file info. Thus they need to be registered in an init script loaded when the
There is no way to disallow downloads for public shares in the UI; it needs to be done using an OCS API request. Due to that even if the error message was not shown in public pages with disallowed downloads it should not have been a problem :-) In Nextcloud 31 the UI did not change, but the API now disallows downloads when they are hidden, so in that case it was more relevant. How to test
Result with the extra commitsThe error Result without the extra commitsNothing is shown in the PDF viewer |
Signed-off-by: nextcloud-command <[email protected]>
|
CI failure is unrelated and fixed in #1104 |
Backport of #1077
Added extra commits due to differences between Nextcloud 31 and 30; for details please refer to #1098 (comment)