opencloud-eu · rhafer · Nov 4, 2025 · Oct 30, 2025 · Oct 30, 2025 · Oct 30, 2025
diff --git a/services/collaboration/pkg/connector/fileconnector.go b/services/collaboration/pkg/connector/fileconnector.go
@@ -1198,6 +1198,7 @@ func (f *FileConnector) CheckFileInfo(ctx context.Context) (*ConnectorResponse,
 	isAnonymousUser := true
 
 	isPublicShare := false
+	isAdminUser := false
 	user := ctxpkg.ContextMustGetUser(ctx)
 	if user.String() != "" {
 		// if we have a wopiContext.User
@@ -1207,6 +1208,12 @@ func (f *FileConnector) CheckFileInfo(ctx context.Context) (*ConnectorResponse,
 			isAnonymousUser = false
 			userFriendlyName = user.GetDisplayName()
 			userId = hexEncodedWopiUserId
+
+			isAdminUser, err = utils.CheckPermission(ctx, "WebOffice.Manage", gwc)
+			if err != nil {
+				logger.Error().Err(err).Msg("CheckPermission failed")
+				isAdminUser = false
+			}
 		}
 	}
 
@@ -1268,6 +1275,7 @@ func (f *FileConnector) CheckFileInfo(ctx context.Context) (*ConnectorResponse,
 		fileinfo.KeySupportsRename:             true,
 
 		fileinfo.KeyIsAnonymousUser:  isAnonymousUser,
+		fileinfo.KeyIsAdminUser:      isAdminUser,
 		fileinfo.KeyUserFriendlyName: userFriendlyName,
 		fileinfo.KeyUserID:           userId,
 

diff --git a/services/collaboration/pkg/connector/fileconnector_test.go b/services/collaboration/pkg/connector/fileconnector_test.go
@@ -13,6 +13,7 @@ import (
 	auth "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1"
 	gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
 	userv1beta1 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
+	permissions "github.com/cs3org/go-cs3apis/cs3/permissions/v1beta1"
 	link "github.com/cs3org/go-cs3apis/cs3/sharing/link/v1beta1"
 	providerv1beta1 "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	typesv1beta1 "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
@@ -1671,6 +1672,13 @@ var _ = Describe("FileConnector", func() {
 			}
 			ctx = ctxpkg.ContextSetUser(ctx, u)
 
+			gatewayClient.On("CheckPermission", mock.Anything, mock.Anything).Return(
+				&permissions.CheckPermissionResponse{
+					Status: status.NewOK(ctx),
+				},
+				nil,
+			)
+
 			gatewayClient.On("Stat", mock.Anything, mock.Anything).Times(1).Return(&providerv1beta1.StatResponse{
 				Status: status.NewOK(ctx),
 				Info: &providerv1beta1.ResourceInfo{
@@ -1793,6 +1801,7 @@ var _ = Describe("FileConnector", func() {
 				BreadcrumbDocName:       "test.txt",
 				PostMessageOrigin:       "https://cloud.opencloud.test",
 				EnableInsertRemoteImage: true,
+				IsAnonymousUser:         true,
 			}
 
 			response, err := fc.CheckFileInfo(ctx)
@@ -1929,6 +1938,13 @@ var _ = Describe("FileConnector", func() {
 			}
 			ctx = ctxpkg.ContextSetUser(ctx, u)
 
+			gatewayClient.On("CheckPermission", mock.Anything, mock.Anything).Return(
+				&permissions.CheckPermissionResponse{
+					Status: status.NewOK(ctx),
+				},
+				nil,
+			)
+
 			gatewayClient.On("Stat", mock.Anything, mock.Anything).Times(1).Return(&providerv1beta1.StatResponse{
 				Status: status.NewOK(ctx),
 				Info: &providerv1beta1.ResourceInfo{
@@ -1977,6 +1993,7 @@ var _ = Describe("FileConnector", func() {
 				BreadcrumbDocName:       "test.txt",
 				PostMessageOrigin:       "https://cloud.opencloud.test",
 				EnableInsertRemoteImage: true,
+				IsAdminUser:             true,
 			}
 
 			response, err := fc.CheckFileInfo(ctx)
@@ -2003,6 +2020,13 @@ var _ = Describe("FileConnector", func() {
 			}
 			ctx = ctxpkg.ContextSetUser(ctx, u)
 
+			gatewayClient.On("CheckPermission", mock.Anything, mock.Anything).Return(
+				&permissions.CheckPermissionResponse{
+					Status: status.NewOK(ctx),
+				},
+				nil,
+			)
+
 			gatewayClient.On("Stat", mock.Anything, mock.Anything).Times(1).Return(&providerv1beta1.StatResponse{
 				Status: status.NewOK(ctx),
 				Info: &providerv1beta1.ResourceInfo{

diff --git a/services/collaboration/pkg/connector/fileinfo/collabora.go b/services/collaboration/pkg/connector/fileinfo/collabora.go
@@ -56,6 +56,10 @@ type Collabora struct {
 	SaveAsPostmessage bool `json:"SaveAsPostmessage,omitempty"`
 	// If set to true, it allows the document owner (the one with OwnerId =UserId) to send a closedocument message (see protocol.txt)
 	EnableOwnerTermination bool `json:"EnableOwnerTermination,omitempty"`
+	// If set to true, the user has administrator rights in the integration. Some functionality of Collabora Online, such as update check and server audit are supposed to be shown to administrators only.
+	IsAdminUser bool `json:"IsAdminUser"`
+	// If set to true, some functionality of Collabora which is supposed to be shown to authenticated users only is hidden
+	IsAnonymousUser bool `json:"IsAnonymousUser,omitempty"`
 
 	// JSON object that contains additional info about the user, namely the avatar image.
 	//UserExtraInfo -> requires definition, currently not used
@@ -131,6 +135,10 @@ func (cinfo *Collabora) SetProperties(props map[string]interface{}) {
 		//UserPrivateInfo -> requires definition, currently not used
 		case KeyWatermarkText:
 			cinfo.WatermarkText = value.(string)
+		case KeyIsAdminUser:
+			cinfo.IsAdminUser = value.(bool)
+		case KeyIsAnonymousUser:
+			cinfo.IsAnonymousUser = value.(bool)
 
 		case KeyEnableShare:
 			cinfo.EnableShare = value.(bool)

diff --git a/services/collaboration/pkg/connector/fileinfo/fileinfo.go b/services/collaboration/pkg/connector/fileinfo/fileinfo.go
@@ -50,6 +50,7 @@ const (
 
 	KeyIsAnonymousUser              = "IsAnonymousUser"
 	KeyIsEduUser                    = "IsEduUser"
+	KeyIsAdminUser                  = "IsAdminUser"
 	KeyLicenseCheckForEditIsEnabled = "LicenseCheckForEditIsEnabled"
 	KeyUserFriendlyName             = "UserFriendlyName"
 	KeyUserInfo                     = "UserInfo"

diff --git a/services/settings/pkg/store/defaults/defaults.go b/services/settings/pkg/store/defaults/defaults.go
@@ -140,6 +140,7 @@ func generateBundleAdminRole() *settingsmsg.Bundle {
 			SetProjectSpaceQuotaPermission(All),
 			SettingsManagementPermission(All),
 			SpaceAbilityPermission(All),
+			WebOfficeManagementPermssion(All),
 			WriteFavoritesPermission(Own),
 		},
 	}
@@ -659,9 +660,9 @@ func DefaultRoleAssignments(cfg *config.Config) []*settingsmsg.UserRoleAssignmen
 				RoleId:      BundleUUIDRoleUser,
 			},
 			{
-                                AccountUuid: "60708dda-e897-11ef-919f-bbb7437d6ec2",
-                                RoleId:      BundleUUIDRoleUser,
-                        },
+				AccountUuid: "60708dda-e897-11ef-919f-bbb7437d6ec2",
+				RoleId:      BundleUUIDRoleUser,
+			},
 			{
 				// additional admin user
 				AccountUuid: "cd88bf9a-dd7f-11ef-a609-7f78deb2345f", // demo user "dennis"

diff --git a/services/settings/pkg/store/defaults/permissions.go b/services/settings/pkg/store/defaults/permissions.go
@@ -621,3 +621,22 @@ func WriteFavoritesPermission(c settingsmsg.Permission_Constraint) *settingsmsg.
 		},
 	}
 }
+
+// WebOfficManagementPermssion is the permission to mark/unmark files as favorites
+func WebOfficeManagementPermssion(c settingsmsg.Permission_Constraint) *settingsmsg.Setting {
+	return &settingsmsg.Setting{
+		Id:          "27a29046-a816-424f-bd71-2ffb9029162f",
+		Name:        "WebOffice.Manage",
+		DisplayName: "Manage WebOffice",
+		Description: "This permission gives access to the admin features in the WebOffice suite.",
+		Resource: &settingsmsg.Resource{
+			Type: settingsmsg.Resource_TYPE_SYSTEM,
+		},
+		Value: &settingsmsg.Setting_PermissionValue{
+			PermissionValue: &settingsmsg.Permission{
+				Operation:  settingsmsg.Permission_OPERATION_READWRITE,
+				Constraint: c,
+			},
+		},
+	}
+}