Skip to content

feat(share): add public share-review API under OCP\Share\ShareReview#61543

Open
AndyScherzinger wants to merge 5 commits into
masterfrom
feat/noid/shareReviewDeleteEvent
Open

feat(share): add public share-review API under OCP\Share\ShareReview#61543
AndyScherzinger wants to merge 5 commits into
masterfrom
feat/noid/shareReviewDeleteEvent

Conversation

@AndyScherzinger

@AndyScherzinger AndyScherzinger commented Jun 23, 2026

Copy link
Copy Markdown
Member

Summary

Introduces OCP\Share\Events\ShareReviewAccessCheckEvent as the canonical authorization gate event for ShareReview sources. The event carries the source name and share ID for listener context, implements deny-wins semantics, and stops propagation immediately on denial.
This is a discussed and agreed on measure to safeguard auditing-triggered share deletions throughout various apps using a "check back event mechanism", so apps can implement their support for this (any app that has shares basically, of any kind)

Docs at nextcloud/documentation#15223

Assisted-by: Claude Code:claude-sonnet-4-6
and
Assisted-by: Claude Code:claude-fable-5

TODO

Checklist

AI (if applicable)

  • The content of this PR was partly or fully generated using AI

@AndyScherzinger AndyScherzinger added this to the Nextcloud 35 milestone Jun 23, 2026
@AndyScherzinger AndyScherzinger requested a review from a team as a code owner June 23, 2026 14:45
@AndyScherzinger AndyScherzinger requested review from Altahrim and ArtificialOwl and removed request for a team June 23, 2026 14:45
@AndyScherzinger AndyScherzinger added the 2. developing Work in progress label Jun 23, 2026
@AndyScherzinger AndyScherzinger marked this pull request as draft June 23, 2026 14:48
@AndyScherzinger

Copy link
Copy Markdown
Member Author

/backport to stable34

@CarlSchwan CarlSchwan left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to run build/autoloaderchecker.sh

Comment thread lib/public/Share/ShareReview/Events/ShareReviewAccessCheckEvent.php
@AndyScherzinger AndyScherzinger force-pushed the feat/noid/shareReviewDeleteEvent branch 6 times, most recently from c4ea0a9 to af59b39 Compare June 23, 2026 17:03
@AndyScherzinger AndyScherzinger marked this pull request as ready for review June 23, 2026 17:44
@AndyScherzinger AndyScherzinger added 3. to review Waiting for reviews and removed 2. developing Work in progress labels Jun 25, 2026
Comment thread lib/public/Share/ShareReview/Events/ShareReviewAccessCheckEvent.php Outdated
@AndyScherzinger AndyScherzinger force-pushed the feat/noid/shareReviewDeleteEvent branch 2 times, most recently from f306220 to d45d8e1 Compare July 2, 2026 21:42
@AndyScherzinger

Copy link
Copy Markdown
Member Author

@provokateurin @CarlSchwan worked on addressing your review comments.

@AndyScherzinger AndyScherzinger changed the title feat(share): add ShareReviewAccessCheckEvent to OCP public API feat(share): add public share-review API under OCP\Share\ShareReview Jul 2, 2026
@AndyScherzinger AndyScherzinger force-pushed the feat/noid/shareReviewDeleteEvent branch from d45d8e1 to e46b015 Compare July 3, 2026 16:59
@AndyScherzinger AndyScherzinger requested a review from susnux July 6, 2026 18:17

@provokateurin provokateurin left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding the explanation to the event docs.

Comment on lines +36 to +49
* @return array<int, array{
* id: string|int,
* object: string,
* initiator: string,
* type: int,
* recipient: string,
* permissions: int,
* time: string,
* action: string,
* timestamp?: int,
* password?: bool,
* expiration?: string,
* parent?: string|int
* }> Each share contains:

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not the same array shape that is used everywhere else. Either use exactly the same one or create a proper class to hold all these fields.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed via df285d5

Comment on lines +50 to +59
* id: The unique app-specific identifier for the share, passed to deleteShare().
* object: The name or title of the object, such as a file path or report name.
* initiator: The user ID of the initiator.
* type: The OCP\Share\IShare type of the share.
* recipient: The user ID of the owner or the token of a link.
* permissions: The permissions level. Use 1 as the default if not set.
* time: The creation time. Use '1970-01-01 01:00:00' as the default if null.
* action: Optional deletion identifier override. Use an empty string to use id.
* password: Whether the share is password protected. Do not return the password itself.
* expiration: Optional expiration date displayed for the share.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These descriptions can be inlined into the array type with // comment on a separate line before the line the comment is about.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed via df285d5

Comment on lines +18 to +39
/** @return class-string<IShareReviewSource> */
private function makeSourceClass(string $name): string {
$source = new class($name) implements IShareReviewSource {
public function __construct(
private readonly string $name = '',
) {
}

public function getName(): string {
return $this->name;
}

public function getShares(): array {
return [];
}

public function deleteShare(string $shareId): bool {
return false;
}
};
return $source::class;
}

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use mocks instead.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed via fa57f02

Introduces OCP\Share\Events\ShareReviewAccessCheckEvent as the canonical
authorization gate event for ShareReview sources. The event carries the
source name and share ID for listener context, implements deny-wins
semantics, and stops propagation immediately on denial.

Assisted-by: ClaudeCode:claude-sonnet-4-6
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
…re\ShareReview

Assisted-by: Claude Code:claude-fable-5
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
…ssCheckEvent

Assisted-by: Claude Code:claude-fable-5
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
Assisted-by: ClaudeCode:claude-fable-5
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
Assisted-by: ClaudeCode:claude-fable-5
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
@AndyScherzinger AndyScherzinger force-pushed the feat/noid/shareReviewDeleteEvent branch from e46b015 to fa57f02 Compare July 7, 2026 12:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants