110 Commits

Author SHA1 Message Date
Pranav Kant
3bfa02e438 No need to tear down FS; we do it when logging the user out 2016-11-20 20:29:25 +05:30
Pranav Kant
d0afe97f13 Handle non-existing edit_groups 2016-11-20 20:09:37 +05:30
Pranav Kant
7599628bf3 Handle case when no group mentioned in testing group exists 2016-11-20 19:59:51 +05:30
Andras Timar
a4b42bc776 UserCanWrite is a boolean property 2016-11-11 00:09:13 +01:00
Jan Holesovsky
9eea23864b Warn when the server and Collabora online protocols do not match. 2016-11-01 16:33:09 +01:00
Andras Timar
dcd3f5f7c6 addAllowedFrameDomain 'blob:' for printing dialog in Chrome 2016-11-01 15:00:53 +01:00
Pranav Kant
a12ff8d0d2 security: Support WOPI's PostMessageOrigin
Adds a new property PostMessageOrigin to WOPI's CheckFileInfo.
The inner frame then only sends message to target with origin
mentioned in this property.

Also implement editor initialization WOPI specs. Inner frame
sends a App_LoadingStatus message to us when ready, and we send
Host_PostmessageReady when we are ready.
2016-10-27 17:57:46 +05:30
Pranav Kant
f4a40b1067 Log in as owner, not editor during checkFileInfo WOPI call
This seems to not work in some cases when files are shared.
2016-10-27 12:35:05 +02:00
Pranav Kant
2bca5aa2cb Handle cache for test server options 2016-10-24 15:45:17 +05:30
Pranav Kant
7e64777f4a Store canwrite property in DB
Move whether the file is editable or not logic when generating a
token and store it in the DB with the access token instead of
checking it dynamically in WOPI calls.
2016-10-19 21:12:29 +05:30
Pranav Kant
c158859040 Setup FS during artificial login; new internal method logoutUser 2016-10-19 21:12:29 +05:30
Pranav Kant
d0589c3e48 Second param not needed here 2016-10-19 21:12:29 +05:30
Pranav Kant
93416e52a4 Kill edit for specific groups code 2016-10-19 21:12:29 +05:30
Pranav Kant
408fe08d5e Set UserCanWrite WOPI property if file is updatable 2016-10-19 21:12:29 +05:30
Pranav Kant
74dd2a6d8a Login as editor, not owner
This token belongs to editor, not owner, so its wrong to login as
owner.
2016-10-19 21:12:29 +05:30
Pranav Kant
20d2ce582a Don't ignore non-updatable files
Don't discriminate with these files; let them have the right to
join the session or generate access token like other sessions
2016-10-19 21:12:29 +05:30
Pranav Kant
1ad1f667ee Simplify edit group checking algorithm
Rather than making a server call, which seems to be not working
always anyways, use a foolproof method for this.
2016-10-13 20:50:48 +05:30
Pranav Kant
e593c34fdd New test server option for specific groups 2016-10-13 19:58:43 +05:30
Pranav Kant
145854400e New 'Use OOXML by default' option in admin settings 2016-10-13 14:41:49 +05:30
Pranav Kant
c24c5a0439 Only allow users to edit documents if part of edit groups
If edit group setting is not set in Collabora Online settings,
then allow all users.
2016-10-11 13:21:35 +05:30
Pranav Kant
1174105402 Setup edit groups functionality 2016-10-11 13:03:19 +05:30
Miklos Vajna
d6b65b7983 bccu#2033 Respect WOPI action names
Don't assume that the action name is 'edit' all the time. Instead, if
it's view, then initialize leaflet with permission=readonly.
2016-10-04 15:53:36 +02:00
Lukas Reschke
0806876fd0 Merge pull request #109 from timar/master
remove unused 'Save new documents to' setting, fixes #76
2016-09-17 16:42:11 +02:00
Pranav Kant
70016ad4de Fix incorrect constructor signature
Fallback from c166c7b18907bb5e25144723810bf567b1910a30
2016-09-14 11:48:25 +05:30
Andras Timar
6fc595eb93 remove unused 'Save new documents to' setting, fixes #76 2016-09-12 19:42:46 +02:00
Pranav Kant
e3d3f6bec3 Remove unused fields 2016-08-30 13:28:28 +05:30
Pranav Kant
05b4d568f6 Add UserId, UserFriendlyName to WOPI CheckFileInfo 2016-08-29 19:08:57 +05:30
Pranav Kant
c166c7b189 Respect default settings
Support for default settings when there is none provided by user
was already in lib/appconfig.php

But we were using the CoreConfig object always which queries the
database; lets use the appConfig object so that if the value is
missing in the database, we still have the default value to take
care of the app.
2016-08-29 14:47:31 +05:30
Jan Holesovsky
dd832f3501 Improve the error message. 2016-07-28 14:35:54 +02:00
Pranav Kant
be84ac71f8 Explicit is better than implicit
For consistency, lets close the opened user login session here
also.
2016-07-18 17:09:27 +05:30
Pranav Kant
45d76a1c68 Add support for opening and editing files from external storage 2016-07-18 16:17:44 +05:30
Pranav Kant
82906c7cd7 No need to make the user login here, and fix incorrect userid
Setting up FS is enough to get the correct file version. No need
to make the user login here.

File version would be in owner's FS, not editor, so
s/editorid/ownerid/
2016-07-18 11:11:52 +05:30
Pranav Kant
e0da6fa8d1 Create a dummy memory session before signing in as user
Since this WOPI Put method is executed when loolwsd hits owncloud
server, it has no session or probably invalid session data. Even
though WOPI Put file operation initiated by loolwsd succeds, i.e
file is successfully put into owncloud storage and versioned, it
returns an HTTP 500 Internal server error as response to loolwsd
which causes problem on loolwsd side messing up its state.

Following trace can be observed in webserver's error logs after
HTTP 500 is returned:

PHP Fatal error:  Uncaught exception 'Exception' with message 'Session has been closed - no further changes to the session are allowed'
in /var/www/html/owncloud9/lib/private/session/internal.php:135
Stack trace:
 #0 /var/www/html/owncloud9/lib/private/session/internal.php(60): OC\\Session\\Internal->validateSession()
 #1 /var/www/html/owncloud9/lib/private/session/cryptosessiondata.php(150): OC\\Session\\Internal->set('encrypted_sessi...', 'e747091469b9905...')
 #2 /var/www/html/owncloud9/lib/private/session/cryptosessiondata.php(64): OC\\Session\\CryptoSessionData->close()
 #3 [internal function]: OC\\Session\\CryptoSessionData->__destruct()
 #4 {main}\n  thrown in /var/www/html/owncloud9/lib/private/session/internal.php on line 135

Creating a dummy memory session, setting it as current session,
and then setting the desired user session seems to address this
problem and does not emit HTTP 500 anymore.
2016-07-18 11:11:49 +05:30
Pranav Kant
3235b886ad Add a revision history sidebar 2016-06-28 14:24:26 +05:30
Ashod Nakashian
0517f76c32 Shared documents now show correct editor's name in the change hisotry 2016-06-18 20:43:00 -04:00
Ashod Nakashian
fc81c07f70 Saving through WOPI registers the change as the owner 2016-06-18 20:06:02 -04:00
Ashod Nakashian
0c508a09e0 Support for file versioning in WOPI 2016-06-17 10:27:35 -04:00
Pranav Kant
bb01949a9a Use new owncloud9 addMenuEntry plugin
... to add new odf files from main 'Files' app
2016-06-15 22:38:08 +05:30
Pranav Kant
b138109820 Don't load all documents when only one is clicked on from 'Files' 2016-06-09 20:17:36 +05:30
Andras Timar
8534ee60ba CA chain cert name change 2016-06-07 12:29:28 +02:00
Andras Timar
39b860ffa2 do not query UI language for each doc, it's same for all 2016-06-03 15:00:28 +02:00
Andras Timar
e22151a2b5 Pass the lang paramater to loleaflet from ownCloud user settings, which controls UI language 2016-05-29 00:16:27 +02:00
Andras Timar
cb271b50e5 Merge pull request #47 from timar/master
frame-src is deprecated on Firefox, but Safari wants it
2016-04-18 15:19:47 +02:00
Jan Holesovsky
69a2880800 Send the hint too. 2016-04-18 15:18:20 +02:00
Andras Timar
8f61bbe08f frame-src is deprecated on Firefox, but Safari wants it 2016-04-18 15:16:15 +02:00
Henry Castro
efcf28abc2 Add ulrsrc attribute when create new documents 2016-04-16 17:41:43 -04:00
Jan Holesovsky
ea47464459 More improvements in the error handling. 2016-04-15 16:55:15 +02:00
Jan Holesovsky
2508e550fc Content Security Policy: frame-src is deprecated, use child-src instead. 2016-04-13 19:07:37 +02:00
Jan Holesovsky
155f9578fc MemCache is not mandatory any more; but used if available. 2016-04-13 19:07:37 +02:00
Jan Holesovsky
80cc8bf197 Improved error messages around discovery.xml. 2016-04-12 15:18:28 +02:00