Obtain a public link file visible by non members in a private space #170
Comments
|
I add that the link is "working" : a non member of the private space who obtains the link can download the file |
|
This is linked to Issue #6 right? I noticed with an integration of OnlyOffice if the link is shared as "edit" option to Gusts, it will break the history (as not "User/Account" is defined for the Gust edit) → is there an issue for this (I looked, but maybe it got fixed already?) |
|
As I understand for private Space we don't allow to see a Folder by URL if user has no permission to see the Private Space, it is restricted like this:
but if we open similar URL of a File then such request is not restricted and any user can download the File, because the URL has format like this |
|
@luke- Fixed in core PR humhub/humhub#6191. After fix a Public file url from a Private Space looks like this:
|
|
thanks @yurabakhtin |
|
Tested with Humhub 1.14.0-beta.2 and Files module 0.15.1, but without @yurabakhtin patch (humhub/humhub#6191). So perhaps humhub/humhub#6191 is useless now with this Humhub version? @luke- I thought it was because of humhub/humhub#6159 which should be merged into Humhub 1.14.0-beta.1 if we read the https://github.com/humhub/humhub/blob/develop/CHANGELOG-DEV.md, but it is not in the release https://github.com/humhub/humhub/releases I've checked the code, and humhub/humhub#6159 is not merged (e.g. protected/humhub/modules/space/modules/manage/jobs/ChangeContentVisibilityJob.php is not present). So I don't understand why I get "Insufficient permissions!" on a public file in a private space even without humhub/humhub#6191 |
|
Normally, a Space with Private visibility should not have any Public content. With PR #6159 we ensure this when a Space is changed to "Private" afterwards. To convert all Public content to Private visibility. For me it looks like the CFile module has a bug here when it offers the possibility of "Public" folders. This checkbox should not be available. |
When someone download a file in a private space, he can share a public link. So the file is no more private.
To do that :
I go in the file menu, I check a folder
I click on the "Selected items" menu and I choose "Make Public"
The folder becomes public
In the folder files are public
I can display the URL (also swtich the status Private / Public and if it's private I can make it public again...)
and copy it and share it to other people who are not in the private space
More discussion is here : https://community.humhub.com/content/perma?id=264761
The text was updated successfully, but these errors were encountered: