Respect public link password enforcement capability

[micbar]

Description

There is a capability which is used in oc10 and ocis to indicate that public links need a password to be sucessfully created/changed.

ownCloud Web seems to currently not respect that capability.

ocis

{
    "api_enabled": true,
    "resharing": true,
    "group_sharing": true,
    "sharing_roles": true,
    "deny_access": false,
    "auto_accept_share": true,
    "share_with_group_members_only": true,
    "share_with_membership_groups_only": true,
    "search_min_length": 3,
    "default_permissions": 22,
    "user_enumeration": {
        "enabled": true,
        "group_members_only": true
    },
    "federation": {
        "outgoing": false,
        "incoming": false
    },
    "public": {
        "enabled": true,
        "send_mail": true,
        "social_share": true,
        "upload": true,
        "multiple": true,
        "supports_upload_only": true,
        "password": {
            "enforced_for": {
                "read_only": false,
                "read_write": true,
                "upload_only": true
            },
            "enforced": false
        },
        "expire_date": {
            "enabled": false
        },
        "can_edit": true,
        "alias": true
    },
    "user": {
        "send_mail": true,
        "profile_picture": false,
        "settings": [
            {
                "enabled": true,
                "version": "1.0.0"
            }
        ],
        "expire_date": {
            "enabled": true
        }
    }
}

The capability tells the clients, on which public link type the password needs to be enforced:

"password": {
            "enforced_for": {
                "read_only": false,
                "read_write": true,
                "upload_only": true
            },
            "enforced": false
        },

[micbar]

@tbsbdr @kulmann FYI

[JammingBen]

Web should already respect the capability when creating public links via the share panel or the quick action. But the check is missing when creating links via the context action "Copy quicklink".

Also, there are some conflicts with the internal role, because that one does not support password protection. -> okay that should be fine actually, internal links just can't be created if passwords are enforced (for now at least).

[micbar]

@JammingBen

ownCloud Web 7.0.0-rc.20

1. set OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD: "true"
2. try to create link with "Editor" permission
3. "updating the share failed"

Response

<?xml version="1.0" encoding="UTF-8"?>
<ocs><meta><status>error</status><statuscode>996</statuscode><message>Error sending update request to public link provider: the public share needs to have a password</message></meta></ocs>

[kulmann]

Turns out, there are bugs backend side and frontend side:

• backend: the password enforced for capability read_write_delete, which represents the Editor role, is missing
• frontend: the isPasswordEnforcedFor check returns early with the first capability that was true. It doesn't check that it's in the context that is represented by the capability.

[micbar]

• Reva PR add read_write_delete key cs3org/reva#3731
• oCIS PR [full-ci] add read_write_delete key to public link pw enforcement capabilites ocis#5848
• Web PR fix: don't run into early return in password enforcement check #8623

[JammingBen]

Creating links via the context menu still ignores the read_only capability 👀

[JammingBen]

This works as expected by now, hence closing here.