reva icon indicating copy to clipboard operation
reva copied to clipboard

Published 20 hours ago verified publisher icon cs3org

CERN: Lightweight accounts support

Open labkode opened this issue 2 years ago • 14 comments

Accounts that they do not have a personal home space but can access (ro/ rw) any shared space (Project Spaces and Shares).

labkode avatar Jun 14 '22 20:06 labkode

@dragotin

Not really CERN specific, guest accounts exist in OC10: https://owncloud.com/features/guest-users/#:~:text=The%20Guest%20User%20feature%20empowers,share%20additional%20files%20with%20it.

labkode avatar Jun 15 '22 13:06 labkode

While the lightweight account code has been merged we plan to support guest accounts with roles. Currently, reva calls CreateHome for every user. We should only make the CreateHome call for accounts that should be autoprovisioned. For guests that is not the case. We can identify guests based on their role or the idp.

Anyway, even if the CreateHome call fails (eg because it already exists) the user is allowed to login. So guest / lightweight accounts should be able to login. The /graph/v1.0/me/drives endpoint will not list a personal space for them. The question is if the clients can deal with that. They should hide the UI for the users home space and not expect every user to have a personal space.

  • [ ] web @kulmann
  • [ ] desktop client @TheOneRing
  • [ ] android client @abelgardep
  • [ ] ios client @felix-schwarz
  • [ ] ocdav service when using legacy /webdav url?

butonic avatar Jun 20 '22 08:06 butonic

What should the initial view of the files app be for web? Shares? At the moment web is not capable of dealing with no personal space being available, because the personal view is the default route of the files app.

kulmann avatar Jun 20 '22 09:06 kulmann

I'd expect the desktop client to work as expected.

TheOneRing avatar Jun 21 '22 09:06 TheOneRing

The iOS client currently sees the personal space as just another space among many, so I'd expect this to just work.

felix-schwarz avatar Jun 22 '22 07:06 felix-schwarz

The android client does not support spaces yet

abelgardep avatar Jun 22 '22 11:06 abelgardep

What should the initial view of the files app be for web? Shares? At the moment web is not capable of dealing with no personal space being available, because the personal view is the default route of the files app.

@labkode could you give a statement on this?

kulmann avatar Jun 30 '22 14:06 kulmann

@kulmann this is what we give: Screenshot 2022-07-01 at 09 07 10

labkode avatar Jul 01 '22 07:07 labkode

@kulmann this is what we give:

Thanks, so the requirement is actually to just show a customizable welcome screen? No files related view needed as initial view, correct?

kulmann avatar Jul 01 '22 07:07 kulmann

@kulmann correct, however access to Shares and Projects is still needed.

labkode avatar Jul 01 '22 07:07 labkode

@kulmann correct, however access to Shares and Projects is still needed.

Thats clear. Was just referring to the initial view :-)

kulmann avatar Jul 01 '22 07:07 kulmann

Work in progress

labkode avatar Jul 01 '22 12:07 labkode

This feature is on the roadmap for 2022 (after GA). It basically boils down to two parts a) A user invitation workflow (1. using integrated LDAP, 2. using external IDP provisioning API) b) A user role "Guest" that does incorporate the respective permission set (e.g., "owns a personal space")

pmaier1 avatar Jul 08 '22 11:07 pmaier1

From my point of view we can treat the lightweight accounts like normal User-role users in ocis. Backend side we'd need to make sure that the lightweight accounts don't have a drive of type personal in the /me/drives response. If we can make that possible we can implement in web that the Personal nav item would be omitted and instead show a welcome page with customizable content (via theme.json).

kulmann avatar Jul 08 '22 11:07 kulmann