View-only dav plugin using IShare attributes

[mrow4a]

• Implement extra share permissions with IShare from Approach 3 here - Support for additional arbitrary advanced share permissions #33458
• Implement view-only plugin using extra share permissions to restrict view-only permission for read-only files.
• Allow apps to register extra share permissions in frontend
• Clean the code
• Add unit tests
• Try JSON type in DB @DeepDiver1975
• Make sure PR works with custom groups

Would be also good to merge UX for Forbidden exception with view-only #33992

@PVince81 @DeepDiver1975 @pmaier1

[mrow4a]

In PR for view-only plugin & extra share permission, I initially took an approach (#33458) of extending oc_share table with new string column (json) extra_share_permissions. However, I think of going with the approach of external tables. These are pros&cons:

Extended oc_share table:

• currently adds new function setExtraPermissions/getExtraPermissions only to Share20\Share class - https://github.com/owncloud/core/pull/33994/files#diff-a19a495d2d4616d9b451f849126013a4. IShare is not touched as it would require all apps to adjust.
• easy to implement, no additional queries needed (single query retrieves the information). Expensive as each share need to reserve string space in DB
• requires to add additional API functions to IShare?, or keep with appraoch of if instanceof Share20\Share https://github.com/owncloud/core/pull/33994/files#diff-faddd9984dfaf09a2b85d8dc4867207aR887

New extra_share_permissions table:

• ExtraShareManager used to retrieve extra share permissions for shares
  -IShare or Share/IManager not extended, new classes used (Share/ExtraPermissions/IManager)
• new table, reserves space in DB only for shares which have extra share permissions (by full-share-id/share-id).
• might need some additional queries to DB to retrieve extra share permissions.

@DeepDiver1975 @PVince81 do you have any input?

[codecov]

Codecov Report

Merging #33994 into master will decrease coverage by 16.23%.
The diff coverage is 52.17%.

@@              Coverage Diff              @@
##             master   #33994       +/-   ##
=============================================
- Coverage     64.77%   48.54%   -16.24%     
=============================================
  Files          1198      109     -1089     
  Lines         69418    10523    -58895     
  Branches       1276     1279        +3     
=============================================
- Hits          44964     5108    -39856     
+ Misses        24085     5044    -19041     
- Partials        369      371        +2

Flag	Coverage Δ	Complexity Δ
#javascript	53.08% <52.17%> (-0.01%)	0 <0> (ø)
#phpunit	38.63% <ø> (-27.49%)	0 <ø> (-18340)

Impacted Files	Coverage Δ	Complexity Δ
core/js/shareitemmodel.js	76.89% <42.85%> (-0.89%)	0 <0> (ø)
core/js/sharedialogshareelistview.js	75.63% <56.25%> (-3.22%)	0 <0> (ø)
lib/private/Files/Storage/DAV.php	59.45% <0%> (-21.64%)	0% <0%> (ø)
apps/updatenotification/templates/admin.php
lib/private/Encryption/Keys/Storage.php
lib/private/App/CodeChecker/NodeVisitor.php
lib/private/RedisFactory.php
apps/dav/lib/Avatars/AvatarNode.php
...s/dav/appinfo/Migrations/Version20170202213905.php
apps/dav/lib/Upload/ChunkLocationProvider.php
... and 1073 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2bc23df...007cc39. Read the comment docs.

[codecov]

Codecov Report

Merging #33994 into master will increase coverage by 0.03%.
The diff coverage is 71.82%.

@@             Coverage Diff              @@
##             master   #33994      +/-   ##
============================================
+ Coverage     65.34%   65.38%   +0.03%     
- Complexity    18508    18592      +84     
============================================
  Files          1209     1213       +4     
  Lines         70108    70408     +300     
  Branches       1280     1295      +15     
============================================
+ Hits          45815    46036     +221     
- Misses        23921    23998      +77     
- Partials        372      374       +2

Flag	Coverage Δ	Complexity Δ
#javascript	52.85% <41.23%> (-0.2%)	0 <0> (ø)
#phpunit	66.83% <84.95%> (+0.07%)	18592 <69> (+84)	⬆️

Impacted Files	Coverage Δ	Complexity Δ
apps/files_sharing/lib/AppInfo/Application.php	50.48% <0%> (-0.5%)	17 <0> (ø)
apps/files/download.php	0% <0%> (ø)	0 <0> (ø)	⬇️
lib/private/Files/Meta/MetaFileVersionNode.php	89.83% <0%> (-6.54%)	29 <2> (+2)
lib/private/legacy/files.php	0% <0%> (ø)	68 <0> (+3)	⬆️
lib/private/Files/Meta/MetaVersionCollection.php	87.5% <0%> (ø)	16 <0> (ø)	⬇️
core/Migrations/Version20181220085457.php	0% <0%> (ø)	2 <2> (?)
lib/private/Share20/DefaultShareProvider.php	98.42% <100%> (+0.09%)	121 <7> (+7)	⬆️
apps/files_sharing/lib/MountProvider.php	95.83% <100%> (+0.44%)	25 <0> (+3)	⬆️
apps/dav/lib/Connector/Sabre/ServerFactory.php	95.89% <100%> (+0.11%)	10 <0> (ø)	⬇️
apps/files_sharing/lib/Hooks.php	100% <100%> (ø)	34 <12> (+19)	⬆️
... and 14 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c6bdf34...33795df. Read the comment docs.

[PVince81]

please add the actual doc text, what are these attributes about ?

[LinneyS]

How and where is the description property used?

[DeepDiver1975]

will submit fixes for the comments asap

[DeepDiver1975]

unused

[DeepDiver1975]

unnecessary FQN

[DeepDiver1975]

private method which is only used once? - unnecessary

[DeepDiver1975]

strict comparison please

[DeepDiver1975]

single quotes please

[DeepDiver1975]

IUSerSession $userSession = null

[PVince81]

I've squashed everything into two distinct commits:

1. first commit adds support for extra share permissions
2. second commit uses said support for the view-only "download" permission

[PVince81]

I'm a bit concerned that the JSON field might not work in all databases with upsert from this upcoming PR #34769.

we will see after merging and rebasing the other one...

[PVince81]

stable10: #34951

[PVince81]

seems no issues with upsert and JSON: #34952

[LinneyS]

Hi @mrow4a
I started developing extended permissions for the ONLYOFFICE editor.
But I need the following features: like incompatiblePermissions I would like to have required permissions.
For example, a new option is available only if there are rights to edit and is hidden if there are no rights to edit.

[LinneyS]

Add after

core/core/js/shareitemmodel.js

Line 76 in 7da3c0f

* @property {OC.Share.Types.ShareAttribute[]} incompatibleAttributes

* @property {number[]} requiredPermissions

Add before

core/core/js/shareitemmodel.js

Line 889 in 7da3c0f

if (compatible) {

for(var ii in attr.requiredPermissions) {
    if (!this._hasPermission(permissions, attr.requiredPermissions[ii])) {
        compatible = false;
    }
}

This will help me solve my tasks.

[LinneyS]

I replace the required attribute with incompatibleAttributes with the enabled: false field.
And it worked

[DeepDiver1975]

THX @LinneyS - mind opening a pull request? We can much easier discuss this then. THX a lot!

[mrow4a]

@LinneyS what is such permission about? We need to be sure that it follows the logic for "permissions in owncloud". That means, that checked permission box adds some higher level of permission, and unchecked lowers the permission level.

[phil-davis]

backport-request label removed. The backport was done already, see #33994 (comment)