Allow option in Unified Search for whether search includes external integrations

[sunjam]

Related to warning displayed in Discourse integration, it'd be nice to allow users a certain amount of granular control when performing unified searches beyond just having to enable/disable each integration literally.

This request is for allowing a selectable search option or flag, to decide whether a unified search is performed:

1. Just on system without external integrations included
2. Unified search includes external integrations (github, discourse, and all else)

The feature could be something that makes it simple for users to understand what kind search they are making on-the-fly. Perhaps a selectable icon next to the search bar to confirm whether search will include external services.

Thanks for considering!

[Spartachetto]

I second @sunjam request. I do understand the simplicity of an integrated search bar, yet transmitting all the string searched to all the different external services has in my view two bad outcomes:

• gives away a lot of informations of the user
• it is potentially a big security risk for organizations. What if an organization uses external services just for some kinds of exchange or documents and Nextcloud for others. The search strings could provide externally a lot of information on the content of internal documents.

I am sorry I do not have big suggestions. I'll put a proposal that extends the one of @sunjam . Maybe the admin and / or the user could activate the presence of a toggle button; if the toggle button is activated, it should be visible just under the search field when you are typing and set by default on "secure search". If you select the toggle button that single search will become an "extensive search" . Of course a tooltip should be available to clearly explain the meaning of the two options

[sunjam]

That is exactly what I'm asking for. Sounds like our visions overlap.

On Fri, Nov 6, 2020 at 5:04 PM Spartachetto notifications@github.com wrote:

I second @sunjam https://github.com/sunjam request. I do understand the simplicity of an integrated search bar, yet transmitting all the string searched to all the different external services has in my view two bad outcomes:

• gives away a lot of informations of the user
• it is potentially a big security risk for organizations. What if an organization uses external services just for some kinds of exchange or documents and Nextcloud for others. The search strings could provide externally a lot of information on the content of internal documents.

I am sorry I do not have big suggestions. I'll put a proposal that extends the one of @sunjam https://github.com/sunjam . Maybe the admin and / or the user could activate the presence of a toggle button; if the toggle button is activated, it should be visible just under the search field when you are typing and set by default on "secure search". If you select the toggle button that single search will become an "extensive search" . Of course a tooltip should be available to clearly explain the meaning of the two options

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/nextcloud/server/issues/23946#issuecomment-723365234, or unsubscribe https://github.com/notifications/unsubscribe-auth/AANUKZXTNNGEN56UURUFTU3SOSMIPANCNFSM4TNB3FGQ .

[skjnldsv]

I mean, those services are not enabled by default right? So you enabled them?

In any case I think this might be a good idea, I remember a discussion about this. About something like not searching by default unless using the in:provider filter. cc @eneiluj you worked on the integrations, right? :)

[julien-nc]

I mean, those services are not enabled by default right?

Yep, not enabled by default.

About something like not searching by default unless using the in:provider filter.

I like the idea of having a global setting/flag to toggle unified search to external services. Even with external search disabled, it could be still done when using in:provider filter. @skjnldsv Is it more or less what you mean?

Just in case: Typing something once in the search bar to reach all enabled providers is very convenient so I won't be in favor of always having to use a filter to search to external services. You might want to search in GitHub and GitLab at the same time.

@sunjam @Spartachetto Do you mean you would like to let admins strictly disable search to external services?

[Spartachetto]

@skjnldsv @eneiluj first of all thank you for your prompt reply!

It seems to me that here we have two conflicting issues: usability and security. There are two elements that could be necessary: informing admins and users and possibility of configuration.

Concerning how and why to inform the users: even if theoretically I knew really well the issue @sunjam posed, I did not realize the risk up to the point I read this issue. So I think that both the admins and the users should be clearly informed that if they enable those services and they use the unified search, the search terms will be communicated to the external services. This means, to be crystal clear, that if that Nextcloud instance is used in an office which deals with health data and uses some external services (e.g. Github, it can happen), even when everyone know that Github is good for code and not good at all for people's health data and strict policies are in place and respected, if an user types in the unified search "John Doe Diabetes" to find an internal document then that search string will be transmitted to Github. It is clear that even single users could have issues with this, yet in some cases there could be strong legal risks and, again, admins and users have to be properly informed.

Concerning how and why to allow configuration: this question is really complex, also because it depends from the perception of the risk by the admins and the users. I can see some solutions, and of course you can evaluate which ones to implement. I guess that the choice will depend both by the technical feasibility and by what your clients will ask you to do... :)

• let admins strictly disable search to external services. This way at least you still have them (the services) integrated in the dashboard
• let admins activate a toggle button, visible only when someone types in the search field; if the toggle button is explicitly selected by the user then that single search will involve external services.
• let users activate a toggle button, visible only when they type in the search field; if the toggle button is explicitly selected by the user then that single search will involve external services.
• let users use in:provider filter.

Hope that helps a little bit

[skjnldsv]

Cc @jancborchardt for the usability

[Spartachetto]

Maybe, if you'll pick something like GitHub modal for the user ("in this repository" vs. "All GitHub"), this could serve also for #24644. Basically in that issue the user would like to specify if the search is unified or internal to the current app....

[ongun-kanat]

@Spartachetto That wouldn't be the thing I want for #24644 . Because previous search was instant. Separate search, filtering and external search is the only way I think.

[ghost]

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

[Spartachetto]

@jancborchardt ...

I understand that all of you are busy with next release, yet I think that this issue raises an important point. I hope it won't be closed without further discussion.

[ghost]

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

[sunjam]

Open please

On Wed, Feb 10, 2021, 3:24 AM nextcloud-stale[bot] notifications@github.com wrote:

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/nextcloud/server/issues/23946#issuecomment-776641497, or unsubscribe https://github.com/notifications/unsubscribe-auth/AANUKZT4ORCBUXQ7EQSGTNDS6JUIPANCNFSM4TNB3FGQ .

[Spartachetto]

I was thinking to this issue and I realized that there is one further possible situation which is worth considering.

In this context external integrations means integrations with tools (or software or services... you pick) external to Nextcloud.

Yet it is possible that these tools are internal to the organization (e.g.: Moodle or Discourse, but it could be something ad hoc).

So I guess that an administrator could need also a fine grained configuration. So s/he could decide to avoid the unified search on tools external to Nextcloud and to the organization, in order to avoid possible risks, but to allow the search on tools external to Nextcloud but internal to the organization. Of course there are also other possibilities (avoid the search on internal Discourse because it would not manage the extra load but allow it on Moodle because our installation is performant, for example).

[sunjam]

Because previous search was instant. Separate search, filtering and external search is the only way I think.

I guess I'm also imagining a check box or similar for including external searches as a user. Here is a rough mockup with [] representing a check box.

[Spartachetto]

I think that the parts of the previous discussion that refer to inform properly admins and users about the consequences of activating the external services could be broadly consider to be part of #15216 .

Clearly it is possible to provide this information by itself, but it could be worthwhile to explore the possibility to consider a global approach that includes the GDPR implications of all the apps.