Merge pull request #9532 from owncloud/polish-secure-view

fix: polish secure view

services/collaboration/pkg/helpers/discovery.go

@@ -77,7 +77,7 @@ func parseWopiDiscovery(body io.Reader) (map[string]map[string]string, error) {
 			for _, app := range netzone.SelectElements("app") {
 				for _, action := range app.SelectElements("action") {
 					access := action.SelectAttrValue("name", "")
-					if access == "view" || access == "edit" {
+					if access == "view" || access == "edit" || access == "view_comment" {
 						ext := action.SelectAttrValue("ext", "")
 						urlString := action.SelectAttrValue("urlsrc", "")
 

services/collaboration/pkg/service/grpc/v0/service.go

@@ -89,8 +89,14 @@ func (s *Service) OpenInApp(
 	// get the file extension to use the right wopi app url
 	fileExt := path.Ext(req.GetResourceInfo().GetPath())
 
+	var viewCommentAppURL string
 	var viewAppURL string
 	var editAppURL string
+	if viewCommentAppURLs, ok := s.appURLs["view_comment"]; ok {
+		if url := viewCommentAppURLs[fileExt]; ok {
+			viewCommentAppURL = url
+		}
+	}
 	if viewAppURLs, ok := s.appURLs["view"]; ok {
 		if url := viewAppURLs[fileExt]; ok {
 			viewAppURL = url
@@ -101,7 +107,7 @@ func (s *Service) OpenInApp(
 			editAppURL = url
 		}
 	}
-	if editAppURL == "" && viewAppURL == "" {
+	if editAppURL == "" && viewAppURL == "" && viewCommentAppURL == "" {
 		err := fmt.Errorf("OpenInApp: neither edit nor view app url found")
 		s.logger.Error().
 			Err(err).
@@ -122,7 +128,15 @@ func (s *Service) OpenInApp(
 		// the URL of the end-user application in view mode when different (defaults to edit mod URL)
 		viewAppURL = editAppURL
 	}
-
+	// TODO: check if collabora will support an "edit" url in the future
+	if viewAppURL == "" && editAppURL == "" && viewCommentAppURL != "" {
+		// there are rare cases where neither view nor edit is supported but view_comment is
+		viewAppURL = viewCommentAppURL
+		// that can be the case for editable and viewable files
+		if req.GetViewMode() == appproviderv1beta1.ViewMode_VIEW_MODE_READ_WRITE {
+			editAppURL = viewCommentAppURL
+		}
+	}
 	wopiSrcURL, err := url.Parse(s.config.Wopi.WopiSrc)
 	if err != nil {
 		return nil, err

services/graph/pkg/unifiedrole/unifiedrole.go

@@ -210,10 +210,6 @@ func NewSecureViewerUnifiedRole() *libregraph.UnifiedRoleDefinition {
 				AllowedResourceActions: convert(r),
 				Condition:              proto.String(UnifiedRoleConditionFolder),
 			},
-			{
-				AllowedResourceActions: convert(r),
-				Condition:              proto.String(UnifiedRoleConditionDrive),
-			},
 		},
 		LibreGraphWeight: proto.Int32(0),
 	}

services/graph/pkg/unifiedrole/unifiedrole_test.go

@@ -33,7 +33,6 @@ var _ = Describe("unifiedroles", func() {
 		Entry(rConversions.RoleSpaceEditor, rConversions.NewSpaceEditorRole(), unifiedrole.NewSpaceEditorUnifiedRole(), unifiedrole.UnifiedRoleConditionDrive),
 		Entry(rConversions.RoleSecureViewer, rConversions.NewSecureViewerRole(), unifiedrole.NewSecureViewerUnifiedRole(), unifiedrole.UnifiedRoleConditionFile),
 		Entry(rConversions.RoleSecureViewer, rConversions.NewSecureViewerRole(), unifiedrole.NewSecureViewerUnifiedRole(), unifiedrole.UnifiedRoleConditionFolder),
-		Entry(rConversions.RoleSecureViewer, rConversions.NewSecureViewerRole(), unifiedrole.NewSecureViewerUnifiedRole(), unifiedrole.UnifiedRoleConditionDrive),
 	)
 
 	DescribeTable("UnifiedRolePermissionsToCS3ResourcePermissions",
@@ -205,7 +204,6 @@ var _ = Describe("unifiedroles", func() {
 				rolesToAction(unifiedrole.GetBuiltinRoleDefinitionList()...),
 				unifiedrole.UnifiedRoleConditionDrive,
 				[]*libregraph.UnifiedRoleDefinition{
-					unifiedrole.NewSecureViewerUnifiedRole(),
 					unifiedrole.NewSpaceViewerUnifiedRole(),
 					unifiedrole.NewSpaceEditorUnifiedRole(),
 					unifiedrole.NewManagerUnifiedRole(),