[ocis][Secure View] Open files in Collabora which have no download permission

[micbar]

Description

Open files in Collabora which have no download permission

User Stories

• As a user, i want to share highly confidential data which can only be viewed on the server to keep the information undisclosed.

Value

Make ocis usable for highly confidential data

Acceptance Criteria

• Collabora can download a file via WOPI which has no InitiateFileDownload permission granted to the requesting user.

Research outcome

• The gateway should provide a second reva token to a trusted App provider that can only download the single file.

See #8855

Definition of ready

• Everybody needs to understand the value written in the user story
• Acceptance criteria have to be defined
• All dependencies of the user story need to be identified
• Feature should be seen from an end user perspective
• Story has to be estimated
• Story points need to be less than 20

Definition of done

• Functional requirements
  • Functionality described in the user story works
  • Acceptance criteria are fulfilled
• Quality
  • Code review happened
  • CI is green (that includes new and existing automated tests)
  • Critical code received unit tests by the developer
• Non-functional requirements
  • No sonar cloud issues
• Configuration changes
  • The next branch of the ocis charts is compatible

[2403905]

@micbar Are we going to add a Secure View mode for the public links?

[micbar]

The feature will not be available on public links. Anonymous access is completely contradicting the purpose of secure view.

[butonic]

prerequisites:

• Support t and x in ACEs cs3org/reva#4685
• Mint view only token for open in app cs3org/reva#4686

pr to use the view only token in our collaboration service

• try using viewOnlyToken to download file if available #9192