feat(share): add public share-review API under OCP\Share\ShareReview#61543
feat(share): add public share-review API under OCP\Share\ShareReview#61543AndyScherzinger wants to merge 5 commits into
Conversation
|
/backport to stable34 |
CarlSchwan
left a comment
There was a problem hiding this comment.
Need to run build/autoloaderchecker.sh
c4ea0a9 to
af59b39
Compare
f306220 to
d45d8e1
Compare
|
@provokateurin @CarlSchwan worked on addressing your review comments. |
d45d8e1 to
e46b015
Compare
provokateurin
left a comment
There was a problem hiding this comment.
Thanks for adding the explanation to the event docs.
Introduces OCP\Share\Events\ShareReviewAccessCheckEvent as the canonical authorization gate event for ShareReview sources. The event carries the source name and share ID for listener context, implements deny-wins semantics, and stops propagation immediately on denial. Assisted-by: ClaudeCode:claude-sonnet-4-6 Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
…re\ShareReview Assisted-by: Claude Code:claude-fable-5 Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
…ssCheckEvent Assisted-by: Claude Code:claude-fable-5 Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
Assisted-by: ClaudeCode:claude-fable-5 Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
Assisted-by: ClaudeCode:claude-fable-5 Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
e46b015 to
fa57f02
Compare
| public readonly string $time = '1970-01-01 01:00:00', | ||
| public readonly string $action = '', | ||
| public readonly ?int $timestamp = null, |
There was a problem hiding this comment.
There should not be two fields for the creation time.
Also their names are not descriptive enough, they should be called creationTime/creationTimestamp and one has a default value and the other doesn't.
If you keep it like this, you can expect that they will be used incorrectly, because they're confusing 🙈
| public readonly int $type, | ||
| public readonly string $recipient, | ||
| public readonly int $permissions = 1, | ||
| public readonly string $time = '1970-01-01 01:00:00', |
There was a problem hiding this comment.
This should be a proper ISO8601 string.
| * @param string $object Name or title of the shared object, such as a | ||
| * file path or report name. | ||
| * @param string $initiator User ID of the initiator. | ||
| * @param int $type {@see \OCP\Share\IShare} type of the share. |
There was a problem hiding this comment.
| * @param int $type {@see \OCP\Share\IShare} type of the share. | |
| * @param IShare::TYPE_* $type {@see \OCP\Share\IShare} type of the share. |
| * @param string $initiator User ID of the initiator. | ||
| * @param int $type {@see \OCP\Share\IShare} type of the share. | ||
| * @param string $recipient User ID of the owner or the token of a link. | ||
| * @param int $permissions Permissions level of the share. |
There was a problem hiding this comment.
| * @param int $permissions Permissions level of the share. | |
| * @param int-mask-of<Constants::PERMISSION_*> $permissions Permissions level of the share. |
| public readonly string $time = '1970-01-01 01:00:00', | ||
| public readonly string $action = '', | ||
| public readonly ?int $timestamp = null, | ||
| public readonly bool $password = false, |
There was a problem hiding this comment.
| public readonly bool $password = false, | |
| public readonly bool $hasPassword = false, |
| * @param int $type {@see \OCP\Share\IShare} type of the share. | ||
| * @param string $recipient User ID of the owner or the token of a link. | ||
| * @param int $permissions Permissions level of the share. | ||
| * @param string $time Creation time of the share. |
There was a problem hiding this comment.
| * @param string $time Creation time of the share. | |
| * @param string $creationTime Creation time of the share as ISO8601 string. |
| * @param int|null $timestamp Optional creation Unix timestamp, used for sorting. | ||
| * @param bool $password Whether the share is password protected. Never | ||
| * the password itself. | ||
| * @param string|null $expiration Optional expiration date displayed for the share. |
There was a problem hiding this comment.
| * @param string|null $expiration Optional expiration date displayed for the share. | |
| * @param string|null $expirationDate Optional expiration date displayed for the share as ISO8601 string. |
Summary
Introduces
OCP\Share\Events\ShareReviewAccessCheckEventas the canonical authorization gate event for ShareReview sources. The event carries the source name and share ID for listener context, implements deny-wins semantics, and stops propagation immediately on denial.This is a discussed and agreed on measure to safeguard auditing-triggered share deletions throughout various apps using a "check back event mechanism", so apps can implement their support for this (any app that has shares basically, of any kind)
Docs at nextcloud/documentation#15223
Assisted-by: Claude Code:claude-sonnet-4-6
and
Assisted-by: Claude Code:claude-fable-5
TODO
Checklist
3. to review, feature component)stable32)AI (if applicable)