fix: Ensure edit permissions are checked before template file token generation#4698
Conversation
printminion-co
force-pushed
the
fix/respect_edit_groups_for_templates
branch
2 times, most recently
from
ab063d1 to
46e2fa8
Compare
juliusknorr
left a comment
juliusknorr
left a comment
There was a problem hiding this comment.
Thanks for your PR, I left a comment for the integration test failures, the cypress failures should be fixed after a rebase
printminion-co
force-pushed
the
fix/respect_edit_groups_for_templates
branch
from
46e2fa8 to
69900b1
Compare
rebased |
printminion-co
force-pushed
the
fix/respect_edit_groups_for_templates
branch
2 times, most recently
from
999b7cf to
572d57a
Compare
|
Hello there, We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process. Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6 Thank you for contributing to Nextcloud and we hope to hear from you soon! (If you believe you should not receive this message, you can add yourself to the blocklist.) |
printminion-co
force-pushed
the
fix/respect_edit_groups_for_templates
branch
from
572d57a to
89ff3a7
Compare
|
@printminion-co The comment in #4698 (comment) is still pending as far as I see. Do you need any further help to resolve on the test failure? |
@juliusknorr I answered in original comment thread |
printminion-co
force-pushed
the
fix/respect_edit_groups_for_templates
branch
from
89ff3a7 to
9222570
Compare
|
I'll check again locally as discussed in the call |
…eneration otherwise file created from template will be editable for user with readonly permissions Signed-off-by: Misha M.-Kupriyanov <kupriyanov@strato.de>
Co-authored-by: Julius Knorr <jus@bitgrid.net> Signed-off-by: Mikhailo Matiyenko-Kupriyanov <145785698+printminion-co@users.noreply.github.com>
printminion-co
force-pushed
the
fix/respect_edit_groups_for_templates
branch
from
0aa4ba6 to
7878dd3
Compare
|
/backport to stable31 |
|
/backport to stable30 |
|
/backport to stable29 |
2 participants
Summary
This PR ensures that edit permissions are properly checked before generating template file tokens. Without this check, files created from templates can be edited by users with read-only permissions.
Problem
Currently, users without edit permissions can edit documents created via the "new template document" feature. This behavior violates the intended permission restrictions.
Proposed Fix
The fix ensures that edit permissions are validated before token generation, preventing unauthorized edits. This approach is similar to the fix implemented in commit 3b3c31f.
Observed Behavior (Before Fix)
Users without edit permissions can edit documents created from templates.
nc-richdocuments-readony-template-bug-2025-04-25_11.52.58.webm
Checklist