feat(share): add public share-review API under OCP\Share\ShareReview#61543
feat(share): add public share-review API under OCP\Share\ShareReview#61543AndyScherzinger wants to merge 3 commits into
Conversation
|
/backport to stable34 |
CarlSchwan
left a comment
There was a problem hiding this comment.
Need to run build/autoloaderchecker.sh
c4ea0a9 to
af59b39
Compare
| * Authorization gate event dispatched by a ShareReview source before deleting | ||
| * an app-managed share on behalf of a ShareReview operator. |
There was a problem hiding this comment.
I honestly don't understand what this event is supposed to do, who calls it when and who should listen and modify it. Can you please extend this documentation?
There was a problem hiding this comment.
Sure thing, I've let AI extend the docs, but explanation has been reviewed. See d45d8e1
In essence share-review app triggers the delete in the respective app, app fires event to get permission checked, share-review app checks permission. Depending on the outcome, the app then deletes the share or not.
This gate is build so apps can get permissions checked upon deletion via the review-app, cause the app itself can't check the permission, given it is not owner based in any way. So the permission logic lives in the auditing app.
For examples, see nextcloud/deck#8052 or nextcloud/tables#2711 - also extended nextcloud/documentation#15223 in the same way
af59b39 to
791ed0d
Compare
Introduces OCP\Share\Events\ShareReviewAccessCheckEvent as the canonical authorization gate event for ShareReview sources. The event carries the source name and share ID for listener context, implements deny-wins semantics, and stops propagation immediately on denial. Assisted-by: ClaudeCode:claude-sonnet-4-6 Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
…re\ShareReview Assisted-by: Claude Code:claude-fable-5 Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
…ssCheckEvent Assisted-by: Claude Code:claude-fable-5 Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
f306220 to
d45d8e1
Compare
|
@provokateurin @CarlSchwan worked on addressing your review comments. |
Summary
Introduces
OCP\Share\Events\ShareReviewAccessCheckEventas the canonical authorization gate event for ShareReview sources. The event carries the source name and share ID for listener context, implements deny-wins semantics, and stops propagation immediately on denial.This is a discussed and agreed on measure to safeguard auditing-triggered share deletions throughout various apps using a "check back event mechanism", so apps can implement their support for this (any app that has shares basically, of any kind)
Docs at nextcloud/documentation#15223
Assisted-by: Claude Code:claude-sonnet-4-6
and
Assisted-by: Claude Code:claude-fable-5
TODO
Checklist
3. to review, feature component)stable32)AI (if applicable)