New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Obtain a public link file visible by non members in a private space #170
Comments
I add that the link is "working" : a non member of the private space who obtains the link can download the file |
This is linked to Issue #6 right? I noticed with an integration of OnlyOffice if the link is shared as "edit" option to Gusts, it will break the history (as not "User/Account" is defined for the Gust edit) → is there an issue for this (I looked, but maybe it got fixed already?) |
As I understand for private Space we don't allow to see a Folder by URL if user has no permission to see the Private Space, it is restricted like this: but if we open similar URL of a File then such request is not restricted and any user can download the File, because the URL has format like this |
@luke- Fixed in core PR humhub/humhub#6191. After fix a Public file url from a Private Space looks like this: |
thanks @yurabakhtin |
Tested with Humhub 1.14.0-beta.2 and Files module 0.15.1, but without @yurabakhtin patch (humhub/humhub#6191). So perhaps humhub/humhub#6191 is useless now with this Humhub version? @luke- I thought it was because of humhub/humhub#6159 which should be merged into Humhub 1.14.0-beta.1 if we read the https://github.com/humhub/humhub/blob/develop/CHANGELOG-DEV.md, but it is not in the release https://github.com/humhub/humhub/releases I've checked the code, and humhub/humhub#6159 is not merged (e.g. protected/humhub/modules/space/modules/manage/jobs/ChangeContentVisibilityJob.php is not present). So I don't understand why I get "Insufficient permissions!" on a public file in a private space even without humhub/humhub#6191 |
Normally, a Space with Private visibility should not have any Public content. With PR #6159 we ensure this when a Space is changed to "Private" afterwards. To convert all Public content to Private visibility. For me it looks like the CFile module has a bug here when it offers the possibility of "Public" folders. This checkbox should not be available. |
When someone download a file in a private space, he can share a public link. So the file is no more private.
To do that :
I go in the file menu, I check a folder
I click on the "Selected items" menu and I choose "Make Public"
The folder becomes public
In the folder files are public
I can display the URL (also swtich the status Private / Public and if it's private I can make it public again...)
and copy it and share it to other people who are not in the private space
More discussion is here : https://community.humhub.com/content/perma?id=264761
The text was updated successfully, but these errors were encountered: