fix(trashbin): restrict restore and delete on the frontend#8392
Conversation
hamza221
requested review from
GVodyanov,
SebastianKrupinski and
tcitworld
as code owners
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
| @@ -194,6 +197,8 @@ export default { | |||
| url: vobject.uri, | |||
| deletedAt: vobject.dav._props['{http://nextcloud.com/ns}deleted-at'], | |||
There was a problem hiding this comment.
I know this is not really part of the scope, but when you are adding the access methods can you also add them for any other missing ones
vobject.dav._props['{http://nextcloud.com/ns}deleted-at']
| const withoutTrail = calendar.url.replace(/\/$/, '') | ||
| const uri = withoutTrail.slice(withoutTrail.lastIndexOf('/') + 1) | ||
| calendarUriMap[uri] = calendar | ||
| calendarBySource.set(`${lastSegment(calendar.owner)}|${sourceUriOf(calendar)}`, calendar) |
There was a problem hiding this comment.
@SebastianKrupinski is it safe to assume that url/ owner always follows this ?
There was a problem hiding this comment.
I don't know for sure but in a delegated scenario, the calendar owner is the original owner, in a shared scenario the owner is the original owner also. But in a shared scenario the uri is different than the original uri, not sure about delegated uri atm.
So I guess it depends on the intent, are you trying to match all the different calendar and object to the original owner or separate them.
hamza221
changed the title
hamza221
force-pushed
the
fix/restrict-trashbin
branch
from
e84a628 to
71582df
Compare
Signed-off-by: Hamza <hamzamahjoubi221@gmail.com>
hamza221
force-pushed
the
fix/restrict-trashbin
branch
from
71582df to
8d20663
Compare
|
Bypassing codecov |
|
/backport to stable6.4 |
backportbot
Bot
added
the
backport-request
backportbot
Bot
removed
the
backport-request
4 participants
In case of delegation and sharing (read-only), user might not have enough privilege to restore or permanently delete objects,
currently the frontend fails, this PR hides the buttons instead .