podofo icon indicating copy to clipboard operation
podofo copied to clipboard
verified publisher icon podofo

Restrictions should not apply when opening with owner password

Open ccreutzi opened this issue 3 months ago • 2 comments

  • What is the current behavior?

PdfDocument::IsCopyAllowed and its kin only react to the user access permissions in the encryption dictionary.

  • What is the expected behavior?

According to Section 7.6.4.1 of the PDF standard, “Opening the document with the correct owner password should allow full (owner) access to the document.” To me, that means IsCopyAllowed should return true.

That behaviour would also be consistent at least with Apple's Preview.app.

  • Please provide the steps to reproduce and if possible a minimal reproduction code of the problem

enc.pdf has user password "user" and owner password "owner".

  • Please tell us about your environment:

    • Version/git revision: 8b0012be0217566ca6d06d5f253e58c8b8b1a094
    • Operating System: all
    • Package manager used: source

  • Other information

    E.g. sample PDF documents, stacktraces, related issues, links for us to have context, suggestions how to fix, etc.

ccreutzi avatar Sep 04 '25 08:09 ccreutzi

Quick answer based on what passed on my mind right now: I possibly understand your problem, but PoDoFo itself never actually limits the ability to, for example, edit the PDF, not even if you open it with the user password and IsEditAllowed() returns false, and I don't think it's the right thing to begin doing it now (PoDoFo is and want to stay a low level library). In fact, you an always freely remove the encryption. So, asking for permissions for now returns the flagged state of the PDF as accessed with a user password, without never trying to actually enforcing them. We could definitely make permissions getters in PdfDocument (and only there, PdfEncrypt would still return the flagged state) to return true when the document is opened with a owner password, but it must be clear that denied permissions won't be enforced.

ceztko avatar Sep 04 '25 08:09 ceztko

Sure, and I used to get the value I wanted (in 0.9.6) from querying document.IsCopyAllowed() || document.GetEncrypt()->IsOwnerPasswordSet().

1.0.1 does not set IsOwnerPasswordSet() when opening a file with the owner password (maybe that's my gripe?), and I cannot check GetAuthResult() == PoDoFo::PdfAuthResult::Owner, because the public API does not let me query the PdfEncryptContext.

ccreutzi avatar Sep 04 '25 11:09 ccreutzi