nextcloud
[Bug]: replace senseless "allow download" option on shareing options with "hide download"
⚠️ This issue respects the following points: ⚠️
- [X] This is a bug, not a question or a configuration/webserver/proxy issue.
- [X] This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
- [X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
- [X] I agree to follow Nextcloud's Code of Conduct.
Bug description
When sharing with other cloud accounts, I can deactivate the checkbox in front of “allow downloads” in the advanced settings. As a result, people I share with in this way can only click on and view the images. Both PDF files (see https://github.com/nextcloud/server/issues/41686 ) and MD files including the readme.md (see https://github.com/nextcloud/server/issues/42250 ) can not be displayed because the browser implementation of Nextcloud wants to make a WebDAV download of the file, which is not allowed. The same happens with Office integrations, draw.io files etc. I can only see the existence of the files in the directory. Since the function is not working in a way that user would expects and displaying and downloading images ist possible despite the deactivated download this is posted as a bug, that can be fixed by changeing the feature.
Steps to reproduce
- Share a folder with a PDF, an MD and some various other files with another user
- open extended settings, uncheck "allow download"
- Log in as the other user and try to do view the information inside the files
Expected behavior
If I share a folder where I prevent the download of the files, I expect as a user that the file contents can still be viewed. The fact that, as here, only the directory entry is visible except for images is as unexpected as it is pointles. It is also inconsistent. Images are displayed via an < img > tag and are therefore downloaded to the user's PC; Firefox allows all media downloaded in this way to be saved at this point. This means that images can be downloaded despite the ban. As with external links, it would be consistent not to prohibit the download, but merely to deactivate the download link. In the 21st century, users must be aware that all content displayed on the other person's device is also stored there in some way, but it is not expected that forbidding the download will make the share itself - except for images - completely pointless.
Installation method
Community Manual installation with Archive
Nextcloud Server version
28
Operating system
Other
PHP engine version
PHP 8.1
Web server
Apache (supported)
Database engine version
MariaDB
Is this bug present after an update or on a fresh install?
Fresh Nextcloud Server install
Are you using the Nextcloud Server Encryption module?
None
What user-backends are you using?
- [X] Default user-backend (database)
- [X] LDAP/ Active Directory
- [ ] SSO - SAML
- [ ] Other
Configuration report
No response
List of activated Apps
No response
Nextcloud Signing status
No response
Nextcloud Logs
No response
Additional info
No response
Understand that this is an NC architecture issue and depencency, but wanted to highlight our use case, why we think secure-view disabling download is a strong feature as being implemented.
Delivering preview photos to clients often starts without option for client being able to download the files supported by the read only mode. This is a very needed and appreciated feature also available in other cloud solutions. The Readme.md is used to explain project details. When download is disabled this should still enable clients to see the content in the NC browser view.
Reflecting this discussion
and above issue proposal the secure-view should work consistently across sharing options. So the proposal from @Volker-K to change to hide download functionality is appreciated.
