cs3org / reva

WebDAV/gRPC/HTTP high performance server to link high level clients to storage backends
https://reva.link
Apache License 2.0
172 stars 113 forks source link

CERN: Lightweight accounts support #2966

Open labkode opened 2 years ago

labkode commented 2 years ago

Accounts that they do not have a personal home space but can access (ro/ rw) any shared space (Project Spaces and Shares).

labkode commented 2 years ago

@dragotin

Not really CERN specific, guest accounts exist in OC10: https://owncloud.com/features/guest-users/#:~:text=The%20Guest%20User%20feature%20empowers,share%20additional%20files%20with%20it.

butonic commented 2 years ago

While the lightweight account code has been merged we plan to support guest accounts with roles. Currently, reva calls CreateHome for every user. We should only make the CreateHome call for accounts that should be autoprovisioned. For guests that is not the case. We can identify guests based on their role or the idp.

Anyway, even if the CreateHome call fails (eg because it already exists) the user is allowed to login. So guest / lightweight accounts should be able to login. The /graph/v1.0/me/drives endpoint will not list a personal space for them. The question is if the clients can deal with that. They should hide the UI for the users home space and not expect every user to have a personal space.

kulmann commented 2 years ago

What should the initial view of the files app be for web? Shares? At the moment web is not capable of dealing with no personal space being available, because the personal view is the default route of the files app.

TheOneRing commented 2 years ago

I'd expect the desktop client to work as expected.

felix-schwarz commented 2 years ago

The iOS client currently sees the personal space as just another space among many, so I'd expect this to just work.

abelgardep commented 2 years ago

The android client does not support spaces yet

kulmann commented 2 years ago

What should the initial view of the files app be for web? Shares? At the moment web is not capable of dealing with no personal space being available, because the personal view is the default route of the files app.

@labkode could you give a statement on this?

labkode commented 2 years ago

@kulmann this is what we give: Screenshot 2022-07-01 at 09 07 10

kulmann commented 2 years ago

@kulmann this is what we give:

Thanks, so the requirement is actually to just show a customizable welcome screen? No files related view needed as initial view, correct?

labkode commented 2 years ago

@kulmann correct, however access to Shares and Projects is still needed.

kulmann commented 2 years ago

@kulmann correct, however access to Shares and Projects is still needed.

Thats clear. Was just referring to the initial view :-)

labkode commented 2 years ago

Work in progress

pmaier1 commented 2 years ago

This feature is on the roadmap for 2022 (after GA). It basically boils down to two parts a) A user invitation workflow (1. using integrated LDAP, 2. using external IDP provisioning API) b) A user role "Guest" that does incorporate the respective permission set (e.g., "owns a personal space")

kulmann commented 2 years ago

From my point of view we can treat the lightweight accounts like normal User-role users in ocis. Backend side we'd need to make sure that the lightweight accounts don't have a drive of type personal in the /me/drives response. If we can make that possible we can implement in web that the Personal nav item would be omitted and instead show a welcome page with customizable content (via theme.json).