[Bug]: [NC24.0.4] Remove the "Allow Download" permission on the shared folder and the PDF file will no longer be readable.

[ynott]

Steps to reproduce

1. Put PDF files in the test_share folder.
2. Share the test_share folder to the test_user folder and remove the "Allow download" permission.
3. Log in as the test_user user, open the test_share folder and open the PDF files

Expected behaviour

PDF files can be viewed but should be displayed as forbidden for download.

Actual behaviour

Errors are displayed when viewing PDF files.

Server configuration

Installation method

Manual installation

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.0

Web server

Nginx

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Updated from a minor version: 24.0.3 to 24.0.4

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• [X] Default user-backend (database)
• [ ] LDAP/ Active Directory
• [ ] SSO - SAML
• [ ] Other

Configuration report

$ sudo -u nginx php /var/www/html/nextcloud/occ config:list system
{
    "system": {
        "logtimezone": "Asia\/Tokyo",
        "default_language": "ja",
        "default_locale": "ja_JP",
        "default_phone_region": "JP",
        "defaultapp": "files",
        "tempdirectory": "\/home\/nextcloud\/data\/temp",
        "log_type": "file",
        "logfile": "\/var\/log\/nextcloud\/nextcloud.log",
        "logdateformat": "Y-m-d H:i:s",
        "loglevel": 0,
        "log_rotate_size": 0,
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "has_internet_connection": true,
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "filelocking.enabled": "true",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379,
            "timeout": 0,
            "password": "***REMOVED SENSITIVE VALUE***"
        },
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "nc24.nextcloud.biz"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "24.0.4.1",
        "overwrite.cli.url": "https:\/\/nc24.nextcloud.biz",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "maintenance": false,
        "updater.release.channel": "stable",
        "theme": "",
        "app_install_overwrite": [
            "workflow_script"
        ],
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_smtpauth": 1,
        "mail_smtpauthtype": "PLAIN",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpsecure": "tls",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "updater.secret": "***REMOVED SENSITIVE VALUE***"
    }
}

### List of activated Apps

```shell
sudo -u nginx php /var/www/html/nextcloud/occ app:list
Enabled:
  - accessibility: 1.10.0
  - activity: 2.16.0
  - admin_audit: 1.14.0
  - bruteforcesettings: 2.4.0
  - calendar: 3.4.2
  - checksum: 1.1.4
  - circles: 24.0.1
  - cloud_federation_api: 1.7.0
  - comments: 1.14.0
  - contactsinteraction: 1.5.0
  - dashboard: 7.4.0
  - dav: 1.22.0
  - federatedfilesharing: 1.14.0
  - federation: 1.14.0
  - files: 1.19.0
  - files_accesscontrol: 1.14.0
  - files_automatedtagging: 1.14.0
  - files_external: 1.16.1
  - files_lock: 24.0.1
  - files_pdfviewer: 2.5.0
  - files_retention: 1.13.2
  - files_rightclick: 1.3.0
  - files_sharing: 1.16.2
  - files_trashbin: 1.14.0
  - files_versions: 1.17.0
  - files_videoplayer: 1.13.0
  - firstrunwizard: 2.13.0
  - groupfolders: 12.0.1
  - guests: 2.2.0
  - impersonate: 1.11.0
  - logreader: 2.9.0
  - lookup_server_connector: 1.12.0
  - nextcloud_announcements: 1.13.0
  - notifications: 2.12.0
  - oauth2: 1.12.0
  - password_policy: 1.14.0
  - photos: 1.6.0
  - privacy: 1.8.0
  - provisioning_api: 1.14.0
  - recommendations: 1.3.0
  - richdocuments: 6.2.0
  - richdocumentscode: 22.5.502
  - sendent: 1.2.13
  - serverinfo: 1.14.0
  - settings: 1.6.0
  - sharebymail: 1.14.0
  - spreed: 14.0.4
  - survey_client: 1.12.0
  - systemtags: 1.14.0
  - text: 3.5.1
  - theming: 1.15.0
  - theming_customcss: 1.11.0
  - twofactor_backupcodes: 1.13.0
  - updatenotification: 1.14.0
  - user_migration: 1.1.0
  - user_saml: 5.0.2
  - user_status: 1.4.0
  - viewer: 1.8.0
  - weather_status: 1.4.0
  - workflow_script: 1.9.0
  - workflowengine: 2.6.0
Disabled:
  - encryption
  - files_fulltextsearch: 24.0.1
  - fulltextsearch: 24.0.0
  - fulltextsearch_elasticsearch: 24.0.1
  - support: 1.7.0
  - user_ldap

### Nextcloud Signing status

```shell
No errors have been found.

Additional info

No response

Client configuration

Browser:

Vivaldi :5.4.2753.33 (Stable channel) (64-bit)

Operating system:

Windows 10

Logs

Nextcloud Logs

No error log found.

Browser log

Failed to load resource: the server responded with a status of 403 ()
Error
    at BaseExceptionClosure (https://nc24.example.com/apps/files_pdfviewer/js/pdfjs/build/pdf.js?v=2.5.0:536:29)
    at Array.<anonymous> (https://nc24.example.com/apps/files_pdfviewer/js/pdfjs/build/pdf.js?v=2.5.0:539:2)
    at __w_pdfjs_require__ (https://nc24.example.com/apps/files_pdfviewer/js/pdfjs/build/pdf.js?v=2.5.0:15538:41)
    at https://nc24.example.com/apps/files_pdfviewer/js/pdfjs/build/pdf.js?v=2.5.0:15753:13
    at https://nc24.example.com/apps/files_pdfviewer/js/pdfjs/build/pdf.js?v=2.5.0:15800:3
    at https://nc24.example.com/apps/files_pdfviewer/js/pdfjs/build/pdf.js?v=2.5.0:15803:12
    at webpackUniversalModuleDefinition (https://nc24.example.com/apps/files_pdfviewer/js/pdfjs/build/pdf.js?v=2.5.0:31:50)
    at https://nc24.example.com/apps/files_pdfviewer/js/pdfjs/build/pdf.js?v=2.5.0:32:3

[PVince81]

when download is disabled, we should remove the PDF viewer option because there is currently no way to display a PDF without actually downloading it

cc @CarlSchwan

[Raudius]

there is currently no way to display a PDF without actually downloading it

If Nextcloud Office is installed it should be possible to open with Collabora

[PVince81]

@Raudius yes, there was a discussion about that but not sure about effort required to make it work

[ynott]

Hmmm. Is it possible to remove the printout and download menus by controlling the following areas?

https://github.com/nextcloud/files_pdfviewer/blob/master/templates/viewer.php#L283-L288

Whether this is a good idea or not.

I forced the download and printout elements to be removed in the browser's development tools, which resulted in the following menu

[PVince81]

in the case of the viewer it would be a good idea to remove the actions from the UI when the download permission is not given

yes

[timm2k]

Just for the record and for search engines:

Message: Unexpected server response (403) while retrieving PDF

[timm2k]

Are there any updates on this?

[timm2k]

bump

[PVince81]

follow up in https://github.com/nextcloud/files_pdfviewer/issues/649