fix remove/update share permissions when the file is locked #4534
Conversation
| return s.checkShareLock(ctx, getShareRes.Share) | ||
| } | ||
|
|
||
| func (s *svc) checkShareLock(ctx context.Context, share *collaboration.Share) (*rpc.Status, error) { |
There was a problem hiding this comment.
I think this is tooo restrictive. AFAIU we can
A) allow adding new users to a file
B) increase the permissions of a share, e.g. add edit permission for a viewer.
The current check disallows any sharing changes when a file is locked.
People often open a file in onlyoffice and then need to ADD new participants.
There was a problem hiding this comment.
True, we would have to send the lock in the creat/update share opaque... 🤔
| Status: status, | ||
| }, nil | ||
| } | ||
|
|
There was a problem hiding this comment.
I know I am a bit late to the party. But isn't this racy? The file lock can be created after this check, before updating the share. Classical TOCTOU problem, isn't it?
There was a problem hiding this comment.
Yes, it could happen besides that the s.updateGrant failure can lead to an inconsistent state.
There was a problem hiding this comment.
Right, we would have to send the lock in the opaque of the sharing requests to make this (more) atomic.
| } | ||
|
|
||
| if sRes.GetInfo().GetLock() != nil { | ||
| msg := "can not chane grants, the shared resource is locked" |
This is a workaround that should prevent removing or changing the share permissions when the file is locked.
These limitations have to be removed after the wopi server will be able to unlock the file properly.
These limitations are not spread on the files inside the shared folder.
Related issue owncloud/ocis#8273