Comments (4)
dvh
commented on August 16, 2024
We can add a global permission field but this will not give any guarantees. If, for example, the global permission for a share is read-only but the protocol options provide write access and the receiving service doesn't respect the global permission field, the receiver could still write to the resource.
from ocm-api.
labkode
commented on August 16, 2024
@dvh If the receiving party does not respect the global permission of the specification I would rather say that such service is not OpenCloudMesh compliant.
from ocm-api.
dvh
commented on August 16, 2024
True, but it can also be a mistake in the request. Imagine I send a global permission read-only and the protocol specific permission mechanism doesn't match this global permission, then the request should fail because of a validation error (global permission conflicts with protocol specific permission settings). However, to enable this kind of validation, the receiving party will always have to validate all possible protocol specific permission scenarios against the 'global permission' standard of OCM. I think this will introduce a lot of complexity and error risks while lowering the ease of maintenance.
from ocm-api.
schiessle
commented on August 16, 2024
At Nextcloud we already send permissions along with a federated share. We provide the complete permission set we also have for internal shares:
- Files: edit permissions, reshare permissions
- Folder: create, change, delete, reshare permissions.
In our case all permissions are also enforced by the owner. Create, change, delete operations are just blocked by the owner if the permissions are not granted. Resharing is also blocked if it is not allowed since Nextcloud 10 version because of the flat re-sharing I presented during the workshop. (Of course we can't stop someone from downloading it and sending it by mail or uploading a copy with a different name and share this one).
Since permission can be changed at any time by the owner we have a additional API call for it which looks like this /shares/{id}/permissions. Maybe it makes sense to define something like this as well? Of course we could also use for almost everything the "notification" call but I don't think this reflex a good API. Actually this is a general problem I have with the "notification" end-point. It looks like a general collection for everything you might do. But I think it becomes quite confusing if you then need to read the payload to decide what to do with the notification. But that's a separate issue.
from ocm-api.
Related Issues (20)
- Does OCM-API have any roadmap or plans for future development? HOT 4
- Deployment: preview of changes in API in a web HOT 1
- Are notifications allowed to have side-effects? HOT 3
- Activate GitHub Pages feature on this repo HOT 4
- [chore] Staging area for open PRs HOT 1
- NewShare field 'permission' is required but not defined HOT 1
- Document meshProvider field in NewShare HOT 3
- Endpoint discovery through https://example.com/ocm-provider/ HOT 4
- Group-owned shares and invites to/from groups HOT 3
- RFE: make invitation workflow symmetric HOT 1
- Cannot specify options per protocol in create share endpoint
- "protocol" or "protocols", which should implementers use? HOT 6
- Describe how "sharedSecret" may be used in WebDAV protocol HOT 3
- Do we want to support more than one protocol at a time? HOT 7
- Apply for funding to help develop Open Cloud Mesh within this community HOT 9
- Backwards compatibility HOT 5
- Document current translation that happens for webdav HOT 13
- support sub-shares? HOT 1
- Framing in terms of OAuth HOT 4
- Trade in shared secret for an OAuth-grade refresh/access token? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ocm-api.