Conversation
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
| $context->registerEventListener(NodeRemovedFromCache::class, FileListener::class); | ||
| $context->registerEventListener(NodeWrittenEvent::class, FileListener::class); | ||
| $context->registerEventListener(AppDisableEvent::class, AppDisableListener::class); | ||
| $context->registerEventListener(UserDeletedEvent::class, UserDeletedListener::class); |
There was a problem hiding this comment.
Perhaps we also need Group member added/removed?
There was a problem hiding this comment.
how about adding it later with complete group based ACLs. We won't need to translate group -> users then, only the list of groups the user is part of, on the fly when querying.
In the backend it would be checked if a file can be accessed by the user or one of the groups the user is part of.
We can maintain a local list in the backend for user-group mappings but fetching it on the fly is not expensive, so we won't even need the listener if a user was added/removed from a group.
There was a problem hiding this comment.
mmh. I'd stick with user-based ACLs for this iteration, I think.
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
| $qb = $this->db->getQueryBuilder(); | ||
| $qb->delete($this->getTableName()) | ||
| ->where($qb->expr()->eq('id', $qb->createPositionalParameter($file->getId()))) | ||
| ->where($qb->expr()->in('id', $qb->createPositionalParameter($fileIds, IQueryBuilder::PARAM_INT_ARRAY))) |
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
|
|
||
| // the user(s) who have access to the file through file mounts, excluding the user(s) | ||
| // who have really lost access to the file and are present in $fileUserIds list | ||
| $realFileUserIds = array_diff($fileUserIds, $reallyUnsharedWith); |
There was a problem hiding this comment.
Scenario:
- File A is in a groupfolder
- File A is shared with group B additionally
- File A is unshared with group B but remains in groupfolder
- Will user in group B lose access?
There was a problem hiding this comment.
It is assumed that groupfolders and other non-share mounts do not also have a share.
Either case we'll be allowing more or less than actual access due to mount cache.
| continue; | ||
| } catch (LockedException $e) { | ||
| $retryQFiles[] = $queueFile; | ||
| $this->logger->info('File ' . $file->getPath() . ' is locked, could not read for indexing. Adding it to the next batch.'); |
2 participants
I'm sorry for the big PR :(