Hi all i have talked to darkh a little more about this.
basically, his improvements are really made out of three points. point one is the improvement to the filesystem e.g. putting usernames in Shared directory. however, it has some problems in that (from his words, i never looked at the code) since the same virtual filesystem is mounted to both webdav and the web GUI, it unnessesarily complicates sharing through the web GUI. I suggested we develop something that would allow having subfloders in webdav e.g.: https://tonymc.pagekite.me/owncloud/apps/files_sharing/get.php?token=71c2b44b1e127718c36b84a0b42307ff353be9a9 while having the Shared folder in the GUI look a little different e.g.: https://tonymc.pagekite.me/owncloud/apps/files_sharing/get.php?token=0cab118d0a91f1290c7dbe42abef1426374d1b33 I can't think of any way to make this happen in a clean manner (i.e. without a bunch of duct tape) but maybe we can figure something out together. another bit of improvement (correctly outlined by MTGap) is the groups/users sharing. in order to better explain his changes, i am quoting our IRC conversation: <darkh> in current master, if you share with a group than you actually share with all current users of that group... adding a new user to the group will not allow him to access the shared file <darkh> my code is as you said really aware of groups i am not sure if this is the case with the current codebase as i never tested it and never looked at the code, but if it really is - then his proposal makes perfect sense. yet another proposal of his is that "public link" sharing is done via a "guest user/guest group" instead of just providing a link. while i can see where he is coming from (making public link use the same file access infrastructure that is used for regular, intra-owncloud links), i do not think this is a good idea, so i am currently persuading darkh to drop this idea simply because from a logical point of view "making file public" isn't sharing, it's making a link to that file, and should be treated as such. however, darkh seems reluctant to drop his public linking idea (understandable, as he put in some work in this) so maybe if he doesn't agree with our point of view on that issue, someone could implement his ideas anyway. now, concerning a point raised by MTGap in the original email. there can be now way for an owncloud user to *securely* make a _public_ link in a way that only a person to whom it's intended to is able to download it. you can do anything e.g. password-protect or any other method - it can always be circumvented, or it will involve way too much hassle for the end user (on both ends). the only idea that is close to being somewhat workeable is maybe limiting download times e.g. file can only be downloaded N times, or enabling some sort of time limit e.g. file can be downloaded during N hours after it has been shared. -- Best regards, Tony On Saturday 24 September 18:15:31 Michael Gapczynski wrote: > Darkh has been working on some changes to ownCloud sharing that I'd like to > share with everyone else for some feedback. Darkh has implemented user > folders inside of the 'Shared' directory for the files that are shared with > you. This would be a clear identification of who the owner of the files is. > Eventually I'm planning on the drop down also sharing this information with > you and showing the original owner in the case of multiple reshares. > > Darkh has also started fixing sharing with groups, which I guess broke > sometime ago. I haven't been monitoring group sharing, because I personally > feel that groups shouldn't be included in ownCloud. A regular user has no > need for this and a folder shared with multiple people can be used to > replace this. I know that this doesn't work in all cases and that many > believe that businesses would want groups. I don't know of any businesses > using ownCloud and I don't think it is our intention to target them nor > should we. If this was something a business wanted and they felt strongly > enough about using ownCloud they would implement it on their own. > > The other thing is sharing with the public. I have two separate definitions > and cases for public sharing. The first is sharing with all users in the > same ownCloud instance, public to ownCloud users. The second is sharing with > anyone with a link to the file (token will be depreciated soon for a human > readable link), public to the world. In both cases I believe files should > only be readable. I'm not sure how to separate them from a user's > perspective or implement in the UI. Maybe the drop down should have an > option to share with all and a folder 'Public' for sharing files with the > world. The token links weren't great for sharing, but had a small layer of > security with them. I think we still need to consider a way for a person to > securely share a file with a specific person not on ownCloud. > > Any feedback or even code contributions would be greatly appreciated :) > > Michael _______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
