https://bugs.documentfoundation.org/show_bug.cgi?id=125735
Bug ID: 125735
Summary: Limit access to Action_RemoveView
Product: LibreOffice Online
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: medium
Component: LibreOffice
Assignee: libreoffice-bugs@lists.freedesktop.org
Reporter: jul...@nextcloud.com
The Action_RemoveView post message is currently available for all sessions. I
think it would make sense to enforce possible access limitations to sessions,
so that e.g. guest users / read only users cannot remove others from the
editing document.
I could not find anything related in the WOPI specs, so I would propose
we add a custom entry to the CheckFileInfo:
UserCanModerate:
A Boolean value that indicates that the user has permission to
remove other users from the editing session
--
You are receiving this mail because:
You are the assignee for the bug._______________________________________________
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
