Resolving references from public share #45978
Assignees
Labels
Milestone
Comments
github-project-automation
bot
moved this to 🧭 Planning evaluation (don't pick)
in 📝 Office team
mejo-
moved this from 🧭 Planning evaluation (don't pick)
to 📄 To do (~10 entries)
in 📝 Office team
mejo-
added a commit
that referenced
this issue
Jul 9, 2024
Calling the public API endpoints will check for matching registered reference providers that implement `IPublicReferenceProvider` and call their respective functions. If no matching provider is found, the default `LinkReferenceProvider` will be used to provide open graph data. The frontend reference widget components will call these endpoints from unauthorized sessions, e.g. in public shares. The origin URL is passed to `resolveReferencePublic()` as additional information for the reference provider to determine the access scope. Since the main usecase will be public shares, the origin URL will contain the share token (e.g. Talk, Collectives or Text documents), so the respective reference providers can determine whether the share has access to the linked resource. `getCacheKeyPublic` also gets the origin URL so it can scope the cached entry, e.g. to the share token. Contributes to #45978 Signed-off-by: Jonas <jonas@freesources.org>
3 tasks
mejo-
added a commit
to nextcloud-libraries/nextcloud-vue
that referenced
this issue
Jul 9, 2024
* Depends on nextcloud/server#46378 * Contributes to nextcloud/server#45978 Signed-off-by: Jonas <jonas@freesources.org>
3 tasks
|
I opened PRs against server and nextcloud-vue that implement a first version of this:
Feedback welcome (@juliushaertl, @julien-nc, @max-nextcloud) |
mejo-
added a commit
that referenced
this issue
Jul 10, 2024
Calling the public API endpoints will check for matching registered reference providers that implement `IPublicReferenceProvider` and call their respective functions. If no matching provider is found, the default `LinkReferenceProvider` will be used to provide open graph data. The frontend reference widget components will call these endpoints from unauthorized sessions, e.g. in public shares. If present, the sharing token of the origin URL is passed to `resolveReferencePublic()` as additional information for the reference provider to determine the access scope. This allows the respective reference providers to determine whether the origin share has access to the linked resource. `getCacheKeyPublic` also gets the sharing token so it can scope the cached entry to it. Contributes to #45978 Signed-off-by: Jonas <jonas@freesources.org>
mejo-
added a commit
that referenced
this issue
Jul 10, 2024
Calling the public API endpoints will check for matching registered reference providers that implement `IPublicReferenceProvider` and call their respective functions. If no matching provider is found, the default `LinkReferenceProvider` will be used to provide open graph data. The frontend reference widget components will call these endpoints from unauthorized sessions, e.g. in public shares. If present, the sharing token of the origin URL is passed to `resolveReferencePublic()` as additional information for the reference provider to determine the access scope. This allows the respective reference providers to determine whether the origin share has access to the linked resource. `getCacheKeyPublic` also gets the sharing token so it can scope the cached entry to it. Contributes to #45978 Signed-off-by: Jonas <jonas@freesources.org>
mejo-
added a commit
to nextcloud-libraries/nextcloud-vue
that referenced
this issue
Jul 10, 2024
* Depends on nextcloud/server#46378 * Contributes to nextcloud/server#45978 Signed-off-by: Jonas <jonas@freesources.org>
mejo-
added a commit
that referenced
this issue
Jul 15, 2024
Calling the public API endpoints will check for matching registered reference providers that implement `IPublicReferenceProvider` and call their respective functions. If no matching provider is found, the default `LinkReferenceProvider` will be used to provide open graph data. The frontend reference widget components will call these endpoints from unauthorized sessions, e.g. in public shares. If present, the sharing token of the origin URL is passed to `resolveReferencePublic()` as additional information for the reference provider to determine the access scope. This allows the respective reference providers to determine whether the origin share has access to the linked resource. `getCacheKeyPublic` also gets the sharing token so it can scope the cached entry to it. Contributes to #45978 Signed-off-by: Jonas <jonas@freesources.org>
mejo-
added a commit
that referenced
this issue
Jul 17, 2024
Calling the public API endpoints will check for matching registered reference providers that implement `IPublicReferenceProvider` and call their respective functions. If no matching provider is found, the default `LinkReferenceProvider` will be used to provide open graph data. The frontend reference widget components will call these endpoints from unauthorized sessions, e.g. in public shares. If present, the sharing token of the origin URL is passed to `resolveReferencePublic()` as additional information for the reference provider to determine the access scope. This allows the respective reference providers to determine whether the origin share has access to the linked resource. `getCacheKeyPublic` also gets the sharing token so it can scope the cached entry to it. Contributes to #45978 Signed-off-by: Jonas <jonas@freesources.org>
mejo-
added a commit
to nextcloud-libraries/nextcloud-vue
that referenced
this issue
Jul 17, 2024
* Depends on nextcloud/server#46378 * Contributes to nextcloud/server#45978 Signed-off-by: Jonas <jonas@freesources.org>
mejo-
added a commit
to nextcloud-libraries/nextcloud-vue
that referenced
this issue
Jul 22, 2024
* Depends on nextcloud/server#46378 * Contributes to nextcloud/server#45978 Signed-off-by: Jonas <jonas@freesources.org>
mejo-
added a commit
to nextcloud-libraries/nextcloud-vue
that referenced
this issue
Jul 22, 2024
* Depends on nextcloud/server#46378 * Contributes to nextcloud/server#45978 Signed-off-by: Jonas <jonas@freesources.org>
backportbot bot
pushed a commit
to nextcloud-libraries/nextcloud-vue
that referenced
this issue
Jul 22, 2024
* Depends on nextcloud/server#46378 * Contributes to nextcloud/server#45978 Signed-off-by: Jonas <jonas@freesources.org>
|
This is fixed with #46378 and nextcloud-libraries/nextcloud-vue#5800 being merged. |
github-project-automation
bot
moved this from 🏗️ In progress
to ☑️ Done
in 📝 Office team
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Currently references don't get resolved in public shares. The reference resolve endpoint allows only authenticated requests. This results in a broken user experience when browsing public shares, e.g. when text documents or collectives pages contain link previews.
Describe the solution you'd like
The idea is to add new
PublicPageendpoints to theReferenceApiControllerthat lookup ReferenceProviders which explicitly support public lookups. It's necessary to separate public from authenticated lookups as many providers look up data that is only accessible to authenticated users.I'm not exactly sure yet how the implementation details could look like. One idea:
IReferenceProviderPublicwith functionsmatchReferencePublic()andresolveReferencePublic()ReferenceApiControllerdefine new endpoints likeGET /references/resolvePublicthat call$this-referenceManager->resolveReference()with$public = true.ReferenceManageronly regard providers that implementIReferenceProviderPublicfor public lookups (with$public = true).LinkReferenceProvidershould just do the same for public and authenticated lookups as it only does opengraph anyway.resolveReferencePublic()functions for a public share of a collective.In the frontend,
NcReferenceListwould call either the public or the authenticated reference API endpoints depending on whether it's an authenticated user session or not.Open questions
In order to lookup a page in a collective share,
resolveReferencePublic()would need to get the share token of the current collective. Not sure yet how best to pass it there.resolveReferencePublic()could getsourceUrlas second parameter.The text was updated successfully, but these errors were encountered: