ocis icon indicating copy to clipboard operation
ocis copied to clipboard
verified publisher icon owncloud

[PM] Users can write changes through an "upload" public link share

Open kulmann opened this issue 1 year ago • 33 comments

Describe the bug

OnlyOffice can write documents from a public link share with "Can upload" role.

Steps to reproduce

  1. As "admin", create asdf/test.docx via OnlyOffice
  2. As "admin", create a public link to the folder asdf with Can upload role (which states permissions view, download and upload)
  3. As anonymous, receive and follow the public link
  4. As anonymous, open asdf/test.docx via OnlyOffice
  5. As anonymous, write some content into the file and leave the document again
  6. As "admin", see that the changes have been written to disk (e.g. by downloading the file after the lock has been released)

Expected behavior

"anonymous" should have a read only view or at least an error message when trying to save.

Actual behavior

"anonymous" can edit and save the document.

kulmann avatar Mar 08 '24 14:03 kulmann