diff --git a/changelog/unreleased/fix-secure-view.md b/changelog/unreleased/fix-secure-view.md new file mode 100644 index 0000000000..6d3abb26d7 --- /dev/null +++ b/changelog/unreleased/fix-secure-view.md @@ -0,0 +1,5 @@ +Bugfix: Polish secure view + +We fixed a bug where viewing pdf files in secure view mode was not possible. Secure view access on space roots was dropped because of unwanted side effects. + +https://github.com/owncloud/ocis/pull/9532 diff --git a/services/collaboration/pkg/helpers/discovery.go b/services/collaboration/pkg/helpers/discovery.go index 4165609bad..3f61aa2767 100644 --- a/services/collaboration/pkg/helpers/discovery.go +++ b/services/collaboration/pkg/helpers/discovery.go @@ -77,7 +77,7 @@ func parseWopiDiscovery(body io.Reader) (map[string]map[string]string, error) { for _, app := range netzone.SelectElements("app") { for _, action := range app.SelectElements("action") { access := action.SelectAttrValue("name", "") - if access == "view" || access == "edit" { + if access == "view" || access == "edit" || access == "view_comment" { ext := action.SelectAttrValue("ext", "") urlString := action.SelectAttrValue("urlsrc", "") diff --git a/services/collaboration/pkg/service/grpc/v0/service.go b/services/collaboration/pkg/service/grpc/v0/service.go index 994a211493..8c203b10c7 100644 --- a/services/collaboration/pkg/service/grpc/v0/service.go +++ b/services/collaboration/pkg/service/grpc/v0/service.go @@ -89,8 +89,14 @@ func (s *Service) OpenInApp( // get the file extension to use the right wopi app url fileExt := path.Ext(req.GetResourceInfo().GetPath()) + var viewCommentAppURL string var viewAppURL string var editAppURL string + if viewCommentAppURLs, ok := s.appURLs["view_comment"]; ok { + if url := viewCommentAppURLs[fileExt]; ok { + viewCommentAppURL = url + } + } if viewAppURLs, ok := s.appURLs["view"]; ok { if url := viewAppURLs[fileExt]; ok { viewAppURL = url @@ -101,7 +107,7 @@ func (s *Service) OpenInApp( editAppURL = url } } - if editAppURL == "" && viewAppURL == "" { + if editAppURL == "" && viewAppURL == "" && viewCommentAppURL == "" { err := fmt.Errorf("OpenInApp: neither edit nor view app url found") s.logger.Error(). Err(err). @@ -122,7 +128,15 @@ func (s *Service) OpenInApp( // the URL of the end-user application in view mode when different (defaults to edit mod URL) viewAppURL = editAppURL } - + // TODO: check if collabora will support an "edit" url in the future + if viewAppURL == "" && editAppURL == "" && viewCommentAppURL != "" { + // there are rare cases where neither view nor edit is supported but view_comment is + viewAppURL = viewCommentAppURL + // that can be the case for editable and viewable files + if req.GetViewMode() == appproviderv1beta1.ViewMode_VIEW_MODE_READ_WRITE { + editAppURL = viewCommentAppURL + } + } wopiSrcURL, err := url.Parse(s.config.Wopi.WopiSrc) if err != nil { return nil, err diff --git a/services/graph/pkg/unifiedrole/unifiedrole.go b/services/graph/pkg/unifiedrole/unifiedrole.go index 75037fe541..23ad7c26f7 100644 --- a/services/graph/pkg/unifiedrole/unifiedrole.go +++ b/services/graph/pkg/unifiedrole/unifiedrole.go @@ -210,10 +210,6 @@ func NewSecureViewerUnifiedRole() *libregraph.UnifiedRoleDefinition { AllowedResourceActions: convert(r), Condition: proto.String(UnifiedRoleConditionFolder), }, - { - AllowedResourceActions: convert(r), - Condition: proto.String(UnifiedRoleConditionDrive), - }, }, LibreGraphWeight: proto.Int32(0), }