From b942fd9e6f3fba0c727801fa1fcbfb0b5f67ee26 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Fri, 20 Oct 2023 08:58:45 +0200 Subject: [PATCH] add new config to enforce public link password --- changelog/unreleased/readable-share-enforce-password.md | 6 ++++++ services/frontend/pkg/config/config.go | 1 + services/frontend/pkg/revaconfig/config.go | 2 +- 3 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 changelog/unreleased/readable-share-enforce-password.md diff --git a/changelog/unreleased/readable-share-enforce-password.md b/changelog/unreleased/readable-share-enforce-password.md new file mode 100644 index 00000000000..3ca7a6ce350 --- /dev/null +++ b/changelog/unreleased/readable-share-enforce-password.md @@ -0,0 +1,6 @@ +Enhancement: Add config to enforce passwords on readable links + +We added the config `OCIS_SHARING_PUBLIC_READABLE_SHARE_MUST_HAVE_PASSWORD` to enforce passwords on "Viewer" public shares. + +https://github.com/owncloud/ocis/pull/7547 +https://github.com/owncloud/ocis/issues/7539 diff --git a/services/frontend/pkg/config/config.go b/services/frontend/pkg/config/config.go index 86728f74409..89a209a81fc 100644 --- a/services/frontend/pkg/config/config.go +++ b/services/frontend/pkg/config/config.go @@ -138,6 +138,7 @@ type OCS struct { CacheWarmupDriver string `yaml:"cache_warmup_driver,omitempty"` // not supported by the oCIS product, therefore not part of docs CacheWarmupDrivers CacheWarmupDrivers `yaml:"cache_warmup_drivers,omitempty"` // not supported by the oCIS product, therefore not part of docs EnableDenials bool `yaml:"enable_denials" env:"FRONTEND_OCS_ENABLE_DENIALS" desc:"EXPERIMENTAL: enable the feature to deny access on folders."` + ReadablePublicShareMustHavePassword bool `yaml:"public_sharing_readableshare_must_have_password" env:"OCIS_SHARING_PUBLIC_READABLE_SHARE_MUST_HAVE_PASSWORD;FRONTEND_OCS_PUBLIC_READABLE_SHARE_MUST_HAVE_PASSWORD" desc:"Set this to true if you want to enforce passwords on Viewer shares."` WriteablePublicShareMustHavePassword bool `yaml:"public_sharing_writeableshare_must_have_password" env:"OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD;FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD" desc:"Set this to true if you want to enforce passwords on Uploader, Editor or Contributor shares."` } diff --git a/services/frontend/pkg/revaconfig/config.go b/services/frontend/pkg/revaconfig/config.go index b5d3d3982c6..56c0dc98407 100644 --- a/services/frontend/pkg/revaconfig/config.go +++ b/services/frontend/pkg/revaconfig/config.go @@ -249,7 +249,7 @@ func FrontendConfigFromStruct(cfg *config.Config, logger log.Logger) (map[string "password": map[string]interface{}{ "enforced": false, "enforced_for": map[string]interface{}{ - "read_only": false, + "read_only": cfg.OCS.ReadablePublicShareMustHavePassword, "read_write": cfg.OCS.WriteablePublicShareMustHavePassword, "read_write_delete": cfg.OCS.WriteablePublicShareMustHavePassword, "upload_only": cfg.OCS.WriteablePublicShareMustHavePassword,