CRUD permissions for internal & external shares

[AndyScherzinger]

How to use GitHub

• Please use the 👍 reaction to show that you are interested into the same feature.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

Is your feature request related to a problem? Please describe.
For external shares we only have “read only” and “allow upload and editing”.

Describe the solution you'd like
We would need to extend the permissions to have "read", “create”, “edit”, “delete”. In the past we went in the other direction, making share permissions less complex. So now we would revert it and add the complexity again (maybe as a config option so that admins can chose between simple and advanced share permissions?)

Describe alternatives you've considered
None

[szaimen]

cc @jancborchardt

[jancborchardt]

This could be put in the "Advanced settings" of sharing, as a "Custom permissions" checkbox which has subitems when checked.
If it is checked and modified from the defaults, on the top there will be another entry "Custom permissions". This one does not show by default and is merely informative. One can then quickly switch back to more general "View", "Edit" or "File drop".

[szaimen]

Though if upload+editing at the same time is used often which I suppose it would be (at least for private users), I think it shouuld be one of the default options as well...

[jancborchardt]

Though if upload+editing at the same time is used often which I suppose it would be (at least for private users), I think it shouuld be one of the default options as well...

Could be – but do we have a reason to think that this is very common? Others definitely don’t offer it in their sets of standard options instead focusing on "View" and "Edit".

[szaimen]

Could be – but do we have a reason to think that this is very common?

I'd say sharing your own pictures after an event with friends with a link and allowing them to upload files at the same time is a very common usecase but yeah...

Just wanted to bring this into focus ;)

[schiessle]

While working on the permissions and harmonize the permissions for internal and external shares it would be nice to add following permissions for internal share:

• read-only (no download, people just can view the documents in the browser)
• prevent printing (if possible)

This permissions are often requested for Virtual Data Room scenarios. Question is how to handle this permissions in the clients, my idea:

• desktop client would not sync this read-only files
• mobile clients could show the document in the embedded viewer if possible but not allow to download it

[AndyScherzinger]

This would change the scope and if not needed for this one I'd like them to be a separate issue because it doesn't just change the scope it also leads to new open issues that potentially slow down the implementation since they now also impact clients and a read-only file I think should still be "one way synced" server-to-client but any local change would have to be overwritten or create a warning or an error or else. So let's not add further aspects to the issue please.