[Owncloud] Changes to ownCloud Sharing

Tony McCourin tony.mccourin at gmail.com
Mon Sep 26 06:50:07 UTC 2011 

Hi all

i have talked to darkh a little more about this.

basically, his improvements are really made out of three points. point one is 
the improvement to the filesystem e.g. putting usernames in Shared directory. 
however, it has some problems in that (from his words, i never looked at the 
code) since the same virtual filesystem is mounted to both webdav and the web 
GUI, it unnessesarily complicates sharing through the web GUI. I suggested we 
develop something that would allow having subfloders in webdav e.g.:
https://tonymc.pagekite.me/owncloud/apps/files_sharing/get.php?token=71c2b44b1e127718c36b84a0b42307ff353be9a9

while having the Shared folder in the GUI look a little different e.g.:
https://tonymc.pagekite.me/owncloud/apps/files_sharing/get.php?token=0cab118d0a91f1290c7dbe42abef1426374d1b33

I can't think of any way to make this happen in a clean manner (i.e. without a 
bunch of duct tape) but maybe we can figure something out together.

another bit of improvement (correctly outlined by MTGap) is the groups/users 
sharing. in order to better explain his changes, i am quoting our IRC 
conversation:
<darkh> in current master, if you share with a group than you actually share 
with all current users of that group... adding a new user to the group will 
not allow him to access the shared file
<darkh> my code is as you said really aware of groups

i am not sure if this is the case with the current codebase as i never tested 
it and never looked at the code, but if it really is - then his proposal makes 
perfect sense.

yet another proposal of his is that "public link" sharing is done via a "guest 
user/guest group" instead of just providing a link. while i can see where he 
is coming from (making public link use the same file access infrastructure that 
is used for regular, intra-owncloud links), i do not think this is a good 
idea, so i am currently persuading darkh to drop this idea simply because from 
a logical point of view "making file public" isn't sharing, it's making a link 
to that file, and should be treated as such.

however, darkh seems reluctant to drop his public linking idea 
(understandable, as he put in some work in this) so maybe if he doesn't agree 
with our point of view on that issue, someone could implement his ideas 
anyway.



now, concerning a point raised by MTGap in the original email. there can be 
now way for an owncloud user to *securely* make a _public_ link in a way that 
only a person to whom it's intended to is able to download it. you can do 
anything e.g. password-protect or any other method - it can always be 
circumvented, or it will involve way too much hassle for the end user (on both 
ends). the only idea that is close to being somewhat workeable is maybe 
limiting download times e.g. file can only be downloaded N times, or enabling 
some sort of time limit e.g. file can be downloaded during N hours after it has 
been shared.
-- 

Best regards,
Tony

On Saturday 24 September 18:15:31 Michael Gapczynski wrote:
> Darkh has been working on some changes to ownCloud sharing that I'd like to
> share with everyone else for some feedback. Darkh has implemented user
> folders inside of the 'Shared' directory for the files that are shared with
> you. This would be a clear identification of who the owner of the files is.
> Eventually I'm planning on the drop down also sharing this information with
> you and showing the original owner in the case of multiple reshares.
> 
> Darkh has also started fixing sharing with groups, which I guess broke
> sometime ago. I haven't been monitoring group sharing, because I personally
> feel that groups shouldn't be included in ownCloud. A regular user has no
> need for this and a folder shared with multiple people can be used to
> replace this. I know that this doesn't work in all cases and that many
> believe that businesses would want groups. I don't know of any businesses
> using ownCloud and I don't think it is our intention to target them nor
> should we. If this was something a business wanted and they felt strongly
> enough about using ownCloud they would implement it on their own.
> 
> The other thing is sharing with the public. I have two separate definitions
> and cases for public sharing. The first is sharing with all users in the
> same ownCloud instance, public to ownCloud users. The second is sharing with
> anyone with a link to the file (token will be depreciated soon for a human
> readable link), public to the world. In both cases I believe files should
> only be readable. I'm not sure how to separate them from a user's
> perspective or implement in the UI. Maybe the drop down should have an
> option to share with all and a folder 'Public' for sharing files with the
> world. The token links weren't great for sharing, but had a small layer of
> security with them. I think we still need to consider a way for a person to
> securely share a file with a specific person not on ownCloud.
> 
> Any feedback or even code contributions would be greatly appreciated :)
> 
> Michael

More information about the Owncloud mailing list