[Libreoffice-bugs] [Bug 125735] New: Limit access to Action_RemoveView
bugzilla-daemon at bugs.documentfoundation.org
bugzilla-daemon at bugs.documentfoundation.org
Thu Jun 6 10:01:23 UTC 2019
https://bugs.documentfoundation.org/show_bug.cgi?id=125735
Bug ID: 125735
Summary: Limit access to Action_RemoveView
Product: LibreOffice Online
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: medium
Component: LibreOffice
Assignee: libreoffice-bugs at lists.freedesktop.org
Reporter: julius at nextcloud.com
The Action_RemoveView post message is currently available for all sessions. I
think it would make sense to enforce possible access limitations to sessions,
so that e.g. guest users / read only users cannot remove others from the
editing document.
I could not find anything related in the WOPI specs, so I would propose
we add a custom entry to the CheckFileInfo:
UserCanModerate:
A Boolean value that indicates that the user has permission to
remove other users from the editing session
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice-bugs/attachments/20190606/184f5012/attachment-0001.html>
More information about the Libreoffice-bugs
mailing list