Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add allowed_view_extensions config node #48903

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

Koc
Copy link
Contributor

@Koc Koc commented Oct 26, 2024

Summary

It isn't possible to view jpg files if they were shared without allow downloading. Related to nextcloud/text#6564

🔍 Reproducer

Share file without download possibility

image

Try to view file as share recipient
image

To fix that we can introduce a new allowed_view_extensions config node.

  'allowed_view_extensions' => [
    'jpg',
    'jpeg',
    'png',
    // ...
  ]

TODO

  • ...

Checklist

@Koc Koc force-pushed the feature/add-allowed-view-extensions-config branch 2 times, most recently from 12dc126 to 532190a Compare October 26, 2024 13:49
@Koc Koc force-pushed the feature/add-allowed-view-extensions-config branch from 532190a to 806e116 Compare October 26, 2024 14:21
@Koc Koc force-pushed the feature/add-allowed-view-extensions-config branch from 806e116 to b543b40 Compare October 26, 2024 14:54
@max-nextcloud
Copy link
Contributor

I added a comment in the text PR - crossposting here. @Koc Thanks a lot for addressing this. The current state is really confusing.

I'm not sure your proposed solution is really what we want. Before diving into the code I think we should clarify that with @nextcloud/designers .

We're always hesitant to add config options. However this config would not be exposed in the UI I assume. But the problematic scenario would remain for files which are not part of the allowed_view_extensions config.

I know the permission setting to prevent downloads is messy. I personally think that this should not exist for the filetypes you list as one can never prevent a screenshot or a copy and paste download. But I'll wait to hear what the designers say.

Copy link
Contributor

@susnux susnux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this needs some discussion, as this allows to prevent the use case this settings was meant for.
And also I think this implementation is a bit dangerous as it will allow the download using the WebDAV endpoint, so the whole point of "prevent download" is circumvented.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants