Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow injecting the user temporarily for direct editing #44295

Merged
merged 2 commits into from
Mar 21, 2024
Merged

Allow injecting the user temporarily for direct editing #44295

merged 2 commits into from
Mar 21, 2024

Conversation

juliushaertl
Copy link
Member

@juliushaertl juliushaertl commented Mar 19, 2024
edited
Loading

  • Drop usage of incognito mode
  • Allow to inject the current user into the session without writing it to the php session itself for direct editing

Groupfolders

Fix ONLYOFFICE/onlyoffice-nextcloud#900 with ONLYOFFICE/onlyoffice-nextcloud#967

  • Setup a groupfolder that has read only ACL set on a child folder (without share permission)
  • Try to open a file with a mobile app
  • The mobile app uses a webview without user session
  • Now the onlyoffice codebase uses getUserFolder()->getById() which is fine as they handle authentication internally, however the getById will fail as groupfolders is not aware of the current user the mountpoint is setup with and assumes that the file is a share (requiring share acls)

@juliushaertl
fix: Do not use incognito mode for direct editing
20dd80d 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
@juliushaertl juliushaertl mentioned this pull request Mar 19, 2024
Merged
@juliushaertl juliushaertl requested review from ChristophWurst, blizzz, mejo-, a team, ArtificialOwl, artonge and Fenn-CS and removed request for a team March 19, 2024 10:36
@juliushaertl juliushaertl added bug 3. to review Waiting for reviews labels Mar 19, 2024
@juliushaertl juliushaertl changed the title fix: Do not use incognito mode for direct editing Allow injecting the user temporarily for direct editing Mar 19, 2024
@juliushaertl juliushaertl mentioned this pull request Mar 19, 2024
Merged
Fenn-CS
Fenn-CS approved these changes Mar 19, 2024
View reviewed changes
lib/private/User/Session.php Outdated Show resolved Hide resolved
@juliushaertl juliushaertl self-assigned this Mar 19, 2024
@juliushaertl juliushaertl force-pushed the fix/direct-edit-incognito branch 2 times, most recently from 4131f98 to 07691d3 Compare March 19, 2024 12:41
@juliushaertl
fix: Implement option to temporarily set the user session
e330efe 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
@blizzz blizzz merged commit 42180a2 into master Mar 21, 2024
170 checks passed
@blizzz blizzz deleted the fix/direct-edit-incognito branch March 21, 2024 12:54
@Altahrim Altahrim mentioned this pull request Mar 21, 2024
Merged
@nickvergessen nickvergessen mentioned this pull request Mar 22, 2024
Merged
4 tasks
nickvergessen
nickvergessen reviewed Mar 22, 2024
View reviewed changes
lib/private/legacy/OC_User.php
@@ -338,7 +339,7 @@ public static function isAdminUser($uid) {
* @return string|false uid or false
*/
public static function getUser() {
$uid = \OC::$server->getSession() ? \OC::$server->getSession()->get('user_id') : null;
$uid = Server::get(IUserSession::class)->getUser()?->getUID();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This breaks logging with debug when ldap is enabled:
#44400

@joshtrichards joshtrichards mentioned this pull request Mar 26, 2024
Closed
@juliushaertl
Copy link
Member Author

/backport to stable29

@juliushaertl
Copy link
Member Author

/backport to stable28

@juliushaertl
Copy link
Member Author

/backport to stable27

@backportbot backportbot bot mentioned this pull request Jul 22, 2024
Closed
3 tasks
This was referenced Jul 22, 2024
Merged
Merged
@juliushaertl juliushaertl mentioned this pull request Jul 29, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickvergessen nickvergessen nickvergessen left review comments

@blizzz blizzz blizzz approved these changes

@Fenn-CS Fenn-CS Fenn-CS approved these changes

@ChristophWurst ChristophWurst Awaiting requested review from ChristophWurst

@mejo- mejo- Awaiting requested review from mejo-

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl ArtificialOwl was automatically assigned from nextcloud/server-backend

@artonge artonge Awaiting requested review from artonge artonge was automatically assigned from nextcloud/server-backend

Assignees

@juliushaertl juliushaertl

Labels
3. to review Waiting for reviews bug
Projects
📝 Office team
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Error with opening documents in Nextcloud Mobile App with Groupfolders Advanced Permissions
4 participants
@juliushaertl @nickvergessen @blizzz @Fenn-CS