Impact
As part of the application use cases, depending on the rights that a user has over a document, he should be able to open the office attachments files in view or edit mode. Right now, if a user opens an atachment file in edit mode in collabora, this right will be preserved for all future users, until the editing session is closes, even if some of them have only view right.
Steps to reproduce:
- Login with
user1 that has edit access on Sandbox.TestPage1 and access the page
- Got to the
Attachments tab
- Click on
New office file and create the test.odt file
- Remain with the editor opened for editing this file
- From an incognito browser window, login with
user2 that has view access on Sandbox.TestPage1 and access the page
- Go to the
Attachments tab
- Click on the
Collabora button next to the newly created test.odt file
Expected result:
The file is opened in view mode
Actual result:
The file is opened in edit mode. So, the first person that opens a file will mark the edit action for all future editors as long as the window is still opened. Because of this, if a user with view right will be the first to open a file, user with edit rights won't be able to edit it as long as the editor is opened.
Investigation
The problem comes from here. Collabora server is the one issuing this request and it seems that the userCanWrite query parameter is cached, even if, for example, token is not. But probably because it expects the token but no other parameters.
Patches
The issue has been fixed as part of Application Collabora 1.3 by 60c6e40
Workarounds
There are no known workarounds besides upgrading.
References
No references.
Impact
As part of the application use cases, depending on the rights that a user has over a document, he should be able to open the office attachments files in view or edit mode. Right now, if a user opens an atachment file in edit mode in collabora, this right will be preserved for all future users, until the editing session is closes, even if some of them have only view right.
Steps to reproduce:
user1that has edit access onSandbox.TestPage1and access the pageAttachmentstabNew office fileand create thetest.odtfileuser2that has view access onSandbox.TestPage1and access the pageAttachmentstabCollaborabutton next to the newly createdtest.odtfileExpected result:
The file is opened in view mode
Actual result:
The file is opened in edit mode. So, the first person that opens a file will mark the edit action for all future editors as long as the window is still opened. Because of this, if a user with view right will be the first to open a file, user with edit rights won't be able to edit it as long as the editor is opened.
Investigation
The problem comes from here. Collabora server is the one issuing this request and it seems that the
userCanWritequery parameter is cached, even if, for example, token is not. But probably because it expects the token but no other parameters.Patches
The issue has been fixed as part of Application Collabora 1.3 by 60c6e40
Workarounds
There are no known workarounds besides upgrading.
References
No references.