Skip to content

feat(share): add public share-review API under OCP\Share\ShareReview#61543

Open
AndyScherzinger wants to merge 3 commits into
masterfrom
feat/noid/shareReviewDeleteEvent
Open

feat(share): add public share-review API under OCP\Share\ShareReview#61543
AndyScherzinger wants to merge 3 commits into
masterfrom
feat/noid/shareReviewDeleteEvent

Conversation

@AndyScherzinger

@AndyScherzinger AndyScherzinger commented Jun 23, 2026

Copy link
Copy Markdown
Member

Summary

Introduces OCP\Share\Events\ShareReviewAccessCheckEvent as the canonical authorization gate event for ShareReview sources. The event carries the source name and share ID for listener context, implements deny-wins semantics, and stops propagation immediately on denial.
This is a discussed and agreed on measure to safeguard auditing-triggered share deletions throughout various apps using a "check back event mechanism", so apps can implement their support for this (any app that has shares basically, of any kind)

Docs at nextcloud/documentation#15223

Assisted-by: Claude Code:claude-sonnet-4-6
and
Assisted-by: Claude Code:claude-fable-5

TODO

Checklist

AI (if applicable)

  • The content of this PR was partly or fully generated using AI

@AndyScherzinger AndyScherzinger added this to the Nextcloud 35 milestone Jun 23, 2026
@AndyScherzinger AndyScherzinger requested a review from a team as a code owner June 23, 2026 14:45
@AndyScherzinger AndyScherzinger requested review from Altahrim and ArtificialOwl and removed request for a team June 23, 2026 14:45
@AndyScherzinger AndyScherzinger added the 2. developing Work in progress label Jun 23, 2026
@AndyScherzinger AndyScherzinger marked this pull request as draft June 23, 2026 14:48
@AndyScherzinger

Copy link
Copy Markdown
Member Author

/backport to stable34

@CarlSchwan CarlSchwan left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to run build/autoloaderchecker.sh

Comment thread lib/public/Share/ShareReview/Events/ShareReviewAccessCheckEvent.php
@AndyScherzinger AndyScherzinger force-pushed the feat/noid/shareReviewDeleteEvent branch 6 times, most recently from c4ea0a9 to af59b39 Compare June 23, 2026 17:03
@AndyScherzinger AndyScherzinger marked this pull request as ready for review June 23, 2026 17:44
@AndyScherzinger AndyScherzinger added 3. to review Waiting for reviews and removed 2. developing Work in progress labels Jun 25, 2026
Comment on lines +16 to +17
* Authorization gate event dispatched by a ShareReview source before deleting
* an app-managed share on behalf of a ShareReview operator.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I honestly don't understand what this event is supposed to do, who calls it when and who should listen and modify it. Can you please extend this documentation?

@AndyScherzinger AndyScherzinger Jul 2, 2026

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure thing, I've let AI extend the docs, but explanation has been reviewed. See d45d8e1

In essence share-review app triggers the delete in the respective app, app fires event to get permission checked, share-review app checks permission. Depending on the outcome, the app then deletes the share or not.
This gate is build so apps can get permissions checked upon deletion via the review-app, cause the app itself can't check the permission, given it is not owner based in any way. So the permission logic lives in the auditing app.

For examples, see nextcloud/deck#8052 or nextcloud/tables#2711 - also extended nextcloud/documentation#15223 in the same way

@AndyScherzinger AndyScherzinger force-pushed the feat/noid/shareReviewDeleteEvent branch from af59b39 to 791ed0d Compare July 2, 2026 20:13
Introduces OCP\Share\Events\ShareReviewAccessCheckEvent as the canonical
authorization gate event for ShareReview sources. The event carries the
source name and share ID for listener context, implements deny-wins
semantics, and stops propagation immediately on denial.

Assisted-by: ClaudeCode:claude-sonnet-4-6
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
…re\ShareReview

Assisted-by: Claude Code:claude-fable-5
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
…ssCheckEvent

Assisted-by: Claude Code:claude-fable-5
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
@AndyScherzinger AndyScherzinger force-pushed the feat/noid/shareReviewDeleteEvent branch from f306220 to d45d8e1 Compare July 2, 2026 21:42
@AndyScherzinger

Copy link
Copy Markdown
Member Author

@provokateurin @CarlSchwan worked on addressing your review comments.

@AndyScherzinger AndyScherzinger changed the title feat(share): add ShareReviewAccessCheckEvent to OCP public API feat(share): add public share-review API under OCP\Share\ShareReview Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants