Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: [NC24.0.4] Remove the "Allow Download" permission on the shared folder and the PDF file will no longer be readable. #645

Closed
1 of 4 tasks
ynott opened this issue Aug 13, 2022 · 9 comments

Comments

@ynott
Copy link

ynott commented Aug 13, 2022

Steps to reproduce

  1. Put PDF files in the test_share folder.
  2. Share the test_share folder to the test_user folder and remove the "Allow download" permission.
  3. Log in as the test_user user, open the test_share folder and open the PDF files

Expected behaviour

PDF files can be viewed but should be displayed as forbidden for download.

Actual behaviour

Errors are displayed when viewing PDF files.

image

Server configuration

Installation method

Manual installation

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.0

Web server

Nginx

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Updated from a minor version:
24.0.3 to 24.0.4

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

$ sudo -u nginx php /var/www/html/nextcloud/occ config:list system
{
    "system": {
        "logtimezone": "Asia\/Tokyo",
        "default_language": "ja",
        "default_locale": "ja_JP",
        "default_phone_region": "JP",
        "defaultapp": "files",
        "tempdirectory": "\/home\/nextcloud\/data\/temp",
        "log_type": "file",
        "logfile": "\/var\/log\/nextcloud\/nextcloud.log",
        "logdateformat": "Y-m-d H:i:s",
        "loglevel": 0,
        "log_rotate_size": 0,
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "has_internet_connection": true,
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "filelocking.enabled": "true",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379,
            "timeout": 0,
            "password": "***REMOVED SENSITIVE VALUE***"
        },
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "nc24.nextcloud.biz"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "24.0.4.1",
        "overwrite.cli.url": "https:\/\/nc24.nextcloud.biz",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "maintenance": false,
        "updater.release.channel": "stable",
        "theme": "",
        "app_install_overwrite": [
            "workflow_script"
        ],
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_smtpauth": 1,
        "mail_smtpauthtype": "PLAIN",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpsecure": "tls",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "updater.secret": "***REMOVED SENSITIVE VALUE***"
    }
}


### List of activated Apps

```shell
sudo -u nginx php /var/www/html/nextcloud/occ app:list
Enabled:
  - accessibility: 1.10.0
  - activity: 2.16.0
  - admin_audit: 1.14.0
  - bruteforcesettings: 2.4.0
  - calendar: 3.4.2
  - checksum: 1.1.4
  - circles: 24.0.1
  - cloud_federation_api: 1.7.0
  - comments: 1.14.0
  - contactsinteraction: 1.5.0
  - dashboard: 7.4.0
  - dav: 1.22.0
  - federatedfilesharing: 1.14.0
  - federation: 1.14.0
  - files: 1.19.0
  - files_accesscontrol: 1.14.0
  - files_automatedtagging: 1.14.0
  - files_external: 1.16.1
  - files_lock: 24.0.1
  - files_pdfviewer: 2.5.0
  - files_retention: 1.13.2
  - files_rightclick: 1.3.0
  - files_sharing: 1.16.2
  - files_trashbin: 1.14.0
  - files_versions: 1.17.0
  - files_videoplayer: 1.13.0
  - firstrunwizard: 2.13.0
  - groupfolders: 12.0.1
  - guests: 2.2.0
  - impersonate: 1.11.0
  - logreader: 2.9.0
  - lookup_server_connector: 1.12.0
  - nextcloud_announcements: 1.13.0
  - notifications: 2.12.0
  - oauth2: 1.12.0
  - password_policy: 1.14.0
  - photos: 1.6.0
  - privacy: 1.8.0
  - provisioning_api: 1.14.0
  - recommendations: 1.3.0
  - richdocuments: 6.2.0
  - richdocumentscode: 22.5.502
  - sendent: 1.2.13
  - serverinfo: 1.14.0
  - settings: 1.6.0
  - sharebymail: 1.14.0
  - spreed: 14.0.4
  - survey_client: 1.12.0
  - systemtags: 1.14.0
  - text: 3.5.1
  - theming: 1.15.0
  - theming_customcss: 1.11.0
  - twofactor_backupcodes: 1.13.0
  - updatenotification: 1.14.0
  - user_migration: 1.1.0
  - user_saml: 5.0.2
  - user_status: 1.4.0
  - viewer: 1.8.0
  - weather_status: 1.4.0
  - workflow_script: 1.9.0
  - workflowengine: 2.6.0
Disabled:
  - encryption
  - files_fulltextsearch: 24.0.1
  - fulltextsearch: 24.0.0
  - fulltextsearch_elasticsearch: 24.0.1
  - support: 1.7.0
  - user_ldap


### Nextcloud Signing status

```shell
No errors have been found.

Additional info

No response

Client configuration

Browser:

Vivaldi :5.4.2753.33 (Stable channel) (64-bit)

Operating system:

Windows 10

Logs

Nextcloud Logs

No error log found.

Browser log

image

Failed to load resource: the server responded with a status of 403 ()
Error
    at BaseExceptionClosure (https://nc24.example.com/apps/files_pdfviewer/js/pdfjs/build/pdf.js?v=2.5.0:536:29)
    at Array.<anonymous> (https://nc24.example.com/apps/files_pdfviewer/js/pdfjs/build/pdf.js?v=2.5.0:539:2)
    at __w_pdfjs_require__ (https://nc24.example.com/apps/files_pdfviewer/js/pdfjs/build/pdf.js?v=2.5.0:15538:41)
    at https://nc24.example.com/apps/files_pdfviewer/js/pdfjs/build/pdf.js?v=2.5.0:15753:13
    at https://nc24.example.com/apps/files_pdfviewer/js/pdfjs/build/pdf.js?v=2.5.0:15800:3
    at https://nc24.example.com/apps/files_pdfviewer/js/pdfjs/build/pdf.js?v=2.5.0:15803:12
    at webpackUniversalModuleDefinition (https://nc24.example.com/apps/files_pdfviewer/js/pdfjs/build/pdf.js?v=2.5.0:31:50)
    at https://nc24.example.com/apps/files_pdfviewer/js/pdfjs/build/pdf.js?v=2.5.0:32:3
@PVince81
Copy link
Member

when download is disabled, we should remove the PDF viewer option because there is currently no way to display a PDF without actually downloading it

cc @CarlSchwan

@Raudius
Copy link

Raudius commented Aug 23, 2022

there is currently no way to display a PDF without actually downloading it

If Nextcloud Office is installed it should be possible to open with Collabora

@PVince81
Copy link
Member

@Raudius yes, there was a discussion about that but not sure about effort required to make it work

@ynott
Copy link
Author

ynott commented Aug 23, 2022

Hmmm.
Is it possible to remove the printout and download menus by controlling the following areas?

https://github.com/nextcloud/files_pdfviewer/blob/master/templates/viewer.php#L283-L288

Whether this is a good idea or not.

I forced the download and printout elements to be removed in the browser's development tools, which resulted in the following menu

image

@PVince81
Copy link
Member

PVince81 commented Aug 24, 2022

in the case of the viewer it would be a good idea to remove the actions from the UI when the download permission is not given

yes

@timm2k
Copy link

timm2k commented Sep 6, 2022

Just for the record and for search engines:

Message: Unexpected server response (403) while retrieving PDF

@timm2k
Copy link

timm2k commented Nov 28, 2022

Are there any updates on this?

@timm2k
Copy link

timm2k commented Jan 4, 2023

bump

@PVince81
Copy link
Member

PVince81 commented Jan 4, 2023

follow up in #649

@PVince81 PVince81 closed this as completed Jan 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants