[Owncloud] Changes to ownCloud Sharing

Mon Sep 26 07:30:37 UTC 2011

(Sorry in advance for the short answer.)

On Mon, September 26, 2011 08:50, Tony McCourin wrote:
> basically, his improvements are really made out of three points. point one
> is
> the improvement to the filesystem e.g. putting usernames in Shared
> directory.

The problem here is that we want to go forward with enabling shared files
being anywhere, not only in the Shared directory. Also, it will be
cumbersome when you only share/get shared few files as you have to
navigate subfolders.

> while having the Shared folder in the GUI look a little different e.g.:
> https://tonymc.pagekite.me/owncloud/apps/files_sharing/get.php?token=0cab118d0a91f1290c7dbe42abef1426374d1b33
>
> I can't think of any way to make this happen in a clean manner (i.e.
> without a
> bunch of duct tape) but maybe we can figure something out together.

The plan is first to have the shared status icons (shared with people or
public) visible permanently, so you can better directly identified shared
files (this is in the fileactions-css branch). The next thing is to have
an overlay something which shows all shared/publicly linked files. We will
first start out with the shared files being more visible in the list
directly and see if that helps.

> <darkh> in current master, if you share with a group than you actually
> share
> with all current users of that group... adding a new user to the group
> will
> not allow him to access the shared file
> <darkh> my code is as you said really aware of groups

That bit should get in then.

> yet another proposal of his is that "public link" sharing is done via a
> "guest
> user/guest group" instead of just providing a link. while i can see where
> he
> is coming from (making public link use the same file access infrastructure
> that
> is used for regular, intra-owncloud links), i do not think this is a good
> idea, so i am currently persuading darkh to drop this idea simply because
> from
> a logical point of view "making file public" isn't sharing, it's making a
> link
> to that file, and should be treated as such.

Yes, we discussed it: having a public link is considered much different
than sharing.

> now, concerning a point raised by MTGap in the original email. there can
> be
> now way for an owncloud user to *securely* make a _public_ link in a way
> that
> only a person to whom it's intended to is able to download it. you can do
> anything e.g. password-protect or any other method - it can always be
> circumvented, or it will involve way too much hassle for the end user (on
> both
> ends). the only idea that is close to being somewhat workeable is maybe
> limiting download times e.g. file can only be downloaded N times, or
> enabling
> some sort of time limit e.g. file can be downloaded during N hours after
> it has
> been shared.

I advise against this. Once the file has been transferred to one person,
the "risk" is spread anyway. It’s not like the link poses extra danger
(since it will likely just be used in private chat). Arbitrarily trying to
limit that by having expiration mechanisms is more annoying than secure.
We had "expiration time" on public links and turns out almost no one used
it (it was a feature requested on IRC in the first place).
Rather, to increase public link usability, the token approach should be
dropped and the real filenames should be used (because everyone getting
the file sees that anyway). Then the file would be available at
http://owncloudprovider/username/filename
(I think Michael is on this.)

So yeah, please try to keep it simple.

> --
>
> Best regards,
> Tony
>
> On Saturday 24 September 18:15:31 Michael Gapczynski wrote:
>> Darkh has been working on some changes to ownCloud sharing that I'd like
>> to
>> share with everyone else for some feedback. Darkh has implemented user
>> folders inside of the 'Shared' directory for the files that are shared
>> with
>> you. This would be a clear identification of who the owner of the files
>> is.
>> Eventually I'm planning on the drop down also sharing this information
>> with
>> you and showing the original owner in the case of multiple reshares.
>>
>> Darkh has also started fixing sharing with groups, which I guess broke
>> sometime ago. I haven't been monitoring group sharing, because I
>> personally
>> feel that groups shouldn't be included in ownCloud. A regular user has
>> no
>> need for this and a folder shared with multiple people can be used to
>> replace this. I know that this doesn't work in all cases and that many
>> believe that businesses would want groups. I don't know of any
>> businesses
>> using ownCloud and I don't think it is our intention to target them nor
>> should we. If this was something a business wanted and they felt
>> strongly
>> enough about using ownCloud they would implement it on their own.
>>
>> The other thing is sharing with the public. I have two separate
>> definitions
>> and cases for public sharing. The first is sharing with all users in the
>> same ownCloud instance, public to ownCloud users. The second is sharing
>> with
>> anyone with a link to the file (token will be depreciated soon for a
>> human
>> readable link), public to the world. In both cases I believe files
>> should
>> only be readable. I'm not sure how to separate them from a user's
>> perspective or implement in the UI. Maybe the drop down should have an
>> option to share with all and a folder 'Public' for sharing files with
>> the
>> world. The token links weren't great for sharing, but had a small layer
>> of
>> security with them. I think we still need to consider a way for a person
>> to
>> securely share a file with a specific person not on ownCloud.
>>
>> Any feedback or even code contributions would be greatly appreciated :)
>>
>> Michael
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud
>