Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable actions on certain paths #9218

Closed
tbsbdr opened this issue Jun 13, 2023 · 6 comments · Fixed by #9805
Closed

Disable actions on certain paths #9218

tbsbdr opened this issue Jun 13, 2023 · 6 comments · Fixed by #9805
Assignees
@JammingBen
Labels
Early-Adopter:CERN Platform:Web
Milestone
CERN Web Merge

Comments

@tbsbdr
Copy link
Contributor

tbsbdr commented Jun 13, 2023
edited
Loading

Description

User Stories

  • As an organisation who stores all data within a monolithic path like /cernbox/eos/users/... I want to restrict certain actions above the folders users and projects so that users can not perform malicious actions on these folders.

Value

Acceptance Criteria

  • prohibit copy on certain path

Definition of ready

[ ] everybody needs to understand the value written in the user story
[ ] acceptance criteria has to be defined
[ ] all dependencies of the user story need to be identified
[ ] feature should be seen from an end user perspective
[ ] user story has to be estimated
[ ] story points need to be less then 20

Definition of done

  • Functional requirements
    [ ] functionality described in the user story works
    [ ] acceptance criteria are fulfilled
  • Quality
    [ ] code review happened
    [ ] CI is green
    [ ] critical code received unit tests by the developer
    [ ] automated tests passed (if automated tests are not available, this test needs to be created and passed
  • Non-functional requirements
    [ ] no sonar cloud issues

relates to:
1563e15
@kulmann
Copy link
Member

kulmann commented Jun 14, 2023

@diocas @elizavetaRa @labkode

I currently see three buckets:

  • actions with write operations like delete or rename: should be prevented by removing write access in webdav permissions
  • folder or archive download: there's a capability in the files.archivers capability to set an upper bound for archive sizes. the web ui will show a disabled Download action with a tooltip (text similar to "max archive size exceeded")
  • other read operations like Copy cannot be prevented at the moment.

To make this actionable, please add a complete list of actions file actions including a statement (per action) if it should be available or unavailable.

@diocas
Copy link
Contributor

diocas commented Jun 20, 2023

I think you covered the actions needed.

@kulmann
Copy link
Member

kulmann commented Jun 20, 2023

I think you covered the actions needed.

So

* other read operations like Copy cannot be prevented at the moment.

is fine by you? 🤔

@diocas
Copy link
Contributor

diocas commented Jun 20, 2023

Ah no, we wanted to prevent that. I though you said you didn't cover it yet (meaning, would have to be added).

@tbsbdr
Copy link
Contributor Author

tbsbdr commented Jun 28, 2023

Question to @elizavetaRa @diocas

  • it is sufficient to prohibit copy in web only, correct?

@elizavetaRa
Copy link
Member

yes

@tbsbdr tbsbdr mentioned this issue Jul 10, 2023
Closed
37 tasks
@tbsbdr tbsbdr added this to the CERN Web Merge milestone Jul 10, 2023
@JammingBen JammingBen self-assigned this Oct 13, 2023
@JammingBen JammingBen mentioned this issue Oct 13, 2023
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JammingBen JammingBen

Labels
Early-Adopter:CERN Platform:Web
Projects
None yet
Milestone
CERN Web Merge
Development

Successfully merging a pull request may close this issue.

[cern] feat: restrict copy action above space root owncloud/web
5 participants
@diocas @kulmann @elizavetaRa @tbsbdr @JammingBen