allow admin to disable sharing for specific groups of users #8599
Conversation
|
nice 👍 |
| if (oc_appconfig.core.sharingDisabledForUser) { | ||
| var allShared = $('#fileList').find('[data-share-owner]'); | ||
| var shareNotification = '<a class="action action-share-notification permanent" data-action="Share-Notification" href="#" original-title="">' + | ||
| ' <img class="svg" src="/oc/core/img/actions/share.svg"></img>'; |
There was a problem hiding this comment.
wrong path? /oc/core/img/actions/share.svg
|
@schiesbn please respect the 80 chars line length - makes reviews much easier - thanks a lot! |
|
Why introduce yet another mechanic for »add the option to enable apps only for specific groups«? We should simply use the stuff from @icewind1991 in pull #8264, right? |
|
(So, 👎 from me) |
|
This is something slightly different. We want to enable the sharing app but exclude certain groups from actively sharing stuff. We can't disable sharing completely for them because they should still be able to receive shares. This feature request comes from @MTRichards I'm sure he can elaborate on it if needed. |
|
Goal here is just as said, there are situations where you want complete flexibility over the ability for a user to share, not a binary on or off for everyone. In some cases, you want to distribute content to a group of users without allowing them to also share on the system. You also want to be sure you can track their use of the system - so you know if they did receive the content, for example. So you are not just turning of sharing, rather you are turning off sharing for specific groups. If a user is a member of a group that can't share and a group that can share, they can of course share. |
|
@DeepDiver1975 I think all your comments are addressed. The open questions can be addressed separately... Maybe you want to have a final look? Thanks! |
|
Sure - asap this morning |
|
Ok, then we should have a clarification sentence below the setting saying »These groups will still be able to receive shares, but not initiate them.« (or something similar). |
|
@jancborchardt good point, I added it. |
|
rebased, ready for review again 😄 |
|
@MorrisJobke maybe you can also give it a try? Thanks! |
| // shared with him otherwise we just update the existing share action. | ||
| if (oc_appconfig.core.sharingDisabledForUser) { | ||
| var $fileList = $(this); | ||
| var allShared = $fileList.find('[data-share-owner]'); |
There was a problem hiding this comment.
allShared is declared twice - here and in line 43
There was a problem hiding this comment.
it's an if-else-statement. You can't execute both paths so it is always declared exactly once.
There was a problem hiding this comment.
Well jshint is still crying ...
Von Samsung Mobile gesendet
-------- Ursprüngliche Nachricht --------
Von: Björn Schießle notifications@github.com
Datum:20.05.2014 00:02 (GMT+01:00)
An: owncloud/core core@noreply.github.com
Cc: Thomas Müller thomas.mueller@tmit.eu
Betreff: Re: [core] allow admin to disable sharing for specific groups of
users (#8599)
In apps/files_sharing/js/share.js:
@@ -25,13 +25,28 @@ $(document).ready(function() {
};$('#fileList').on('fileActionsReady',function(){
var $fileList = $(this);var allShared = $fileList.find('[data-share-owner] [data-Action="Share"]');allShared.addClass('permanent');allShared.find('span').text(function(){var $owner = $(this).closest('tr').attr('data-share-owner');return ' ' + t('files_sharing', 'Shared by {owner}', {owner: $owner});});// if no share action exists because the admin disabled sharing for this user// we create a share notification action to inform the user about files// shared with him otherwise we just update the existing share action.if (oc_appconfig.core.sharingDisabledForUser) {var $fileList = $(this);var allShared = $fileList.find('[data-share-owner]');
—
Reply to this email directly or view it on GitHub.
There was a problem hiding this comment.
Thing is, in Javascript all variables declared inside a sub-block always exist in the full-scope of the function. So declaring it twice as you did will be interpreted as duplicate. (yeah I know, it's weird). See http://code.tutsplus.com/tutorials/javascript-hoisting-explained--net-15092
Best practice is to always declare all variables at the top of functions, because this is what JS does internally.
|
Not working for me - I have one user and one group (both named admin) I enable "Exclude groups from sharing" and I select no group. Util::isSharingDisabledForUser() is still returning false because of $remainingGroups = array_diff($usersGroups, $excludedGroups);is still returning my group. Proper unit tests could have easily detect this. |
And that's correct. No group was excluded from sharing -> sharing isn't disabled for your user "admin" -> Util::isSharingDisabledForUser() returns false |
|
In this case please excuse my comment. Maybe we need work on the description because I understood it quite the other way around. Unit tests seem still valid ... |
|
@DeepDiver1975 feel free to provide a better description but I think "Exclude groups from sharing" and "These groups will still be able to receive shares, but not to initiate them." describes it quite well |
|
@DeepDiver1975 I added a explicit unit test for the method in OC\Util, although it was already tested indirectly by https://github.com/owncloud/core/pull/8599/files#diff-f66a31c05b175f42b73375da18b8eeaaR177 |
|
Awesome - Thanks! |
|
Please rebase. (I guess it's probably related to the recent removal of "brief" in all comments...) |
|
rebased, ready for final review |
|
🚀 Test Passed. 🚀 |
|
@DeepDiver1975 the JSHint JavaScript warning is now gone too... Maybe you want to give a +1? 😉 |
| return shareNotification + '<span> ' + shareBy + '</span></span>'; | ||
| }); | ||
| } else { | ||
| allShared = $('#fileList').find('[data-share-owner] [data-Action="Share"]'); |
There was a problem hiding this comment.
Next time please use $fileList, no more globals!
Your code should still work but I'll fix this for the sharing overview code.
|
Please have a look at my comments above. Here is a test plan: when no excluded groups exist
with group "egroup1" being the excluded group and "group1" a regular group
UI testing in settings page
|
|
@PVince81 all your comments are addressed |
|
The inspection completed: 23 new issues, 13 updated code elements |
|
🚀 Test Passed. 🚀 |
| if (element.data('userGroups')) { | ||
| checked = element.data('userGroups'); | ||
| } | ||
| var checkHandeler = function(group) { |
There was a problem hiding this comment.
You forgot Chandeler 😉 (just leave it)
|
Great, going to test this. |
|
I noticed that if I share a file as "user1" with "user2", then remove user1's permission to share, the shared file is still visible. Is it possible to prevent mounting the shares when they come from an "unauthorized" user ? (with, I suspect, possible performance hits) This is better than auto-deleting them because of this use case: it could happen that the admin added the user to the wrong group "egroup" by mistake, then puts him back to the correct authorized one "group1", without wanting the user to lose all his shares. |
|
|
Small UX issue: when receiving a share from user2 as unauthorized user (user1 in egroup), the user sees "Shared by user2" which is correct. Clicking on it doesn't open the dropdown, it is correct, but what happens might confuse the user: it will trigger the default action. In my case it opened the text editor. |
|
@schiesbn I agree to merge this after clearing out the point I raised here: #8599 (comment) |
Probably this would be possible but I wonder if this is really needed? If a user shared a file at a point in time the admin allowed him to share files then it was a legitimate share. So why should we remove/hide it? I see this more as a forward-facing feature. |
|
Yes, possibly. I just wanted to make sure that we are aware of this. I think this can be merged already 👍 |
allow admin to disable sharing for specific groups of users
add admin setting to disable sharing for a some groups of users
@jancborchardt probably you also want to have a look at it from the user experience point of view.