Open pranavk opened 7 years ago
Did you find a solution ? I'm looking for a way to allow public pages to my apps (PhoneTrack and GpxPod) when they are group restrictions...
There is a duplicate of this issue : #6962
I suppose this issue is still valid? If not, please close this issue!
Currently, when group restrictions are on, it is not possible to have a controller method declared as public page because the security middleware checks if the app is enabled for the user unconditionally.
See: https://github.com/nextcloud/server/blob/master/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php#L188
Although, when group restrictions are disabled, then \OC_App::isEnabled($this->appName) returns true making it possible to access a public controller method.
However, an app might need to make a method public even when group restrictions are on. My use case is nextcloud/richdocuments where the document editing service requires to download the document from nextcloud to be able to edit it. Since it has no user context, it downloads the file (and does some other stuff too) via a public controller method, which fails when group restrictions are on.
I think we may need to introduce a new annotation here and then guard the security middleware method there with it.