Have someone successfully created pure read-only users in Nextcloud? What I mean by “read-only” users is them not being able to upload nor modify anything, but download anything they have access to.
I’ve been trying to accomplish this with the File Access Control app, but while the app is powerful, it’s a little bit too powerful… It denies users the ability to upload or create things, which is just what I want, but it also denies them the ability to read the contents of directories - which isn’t exactly what I’m out for.
Basically what I want to create is a repository where people who are authenticated can download files shared with them, and nothing else - but then maybe I am looking at the wrong product here.
Has anyone managed to create that kind of setup?
i have heard that there should be coming something like a “guest”-app… at least it was announced to be delivered with NC12. (it isn’t so far). but maybe that would be the thing you’re looking for.
other than that there are only strange workarounds that float my mind. like: sharing without granting any rights to a special user-account (maybe call it “generic employee”) and at the same time just granting said account 1kb of quota. could work. haven’t tested it. and yes. it’s a bit of an awkward solution…
I managed to come up with a half-working solution - though it has one flaw.
I created a File Access Control rule that is defined as:
User group membership -> not member of -> "admin"
File system tag -> is not tagged with -> “published”
This, along with sharing folders without write/edit/remove rights blocks non-admin users from uploading files or creating folders, but they can still read files and subdirectories in directories tagged “published”. My only problem now is that tagging folders and whatnot can be done by all users, without any way to control that.
The “guest”-app thingy seems like an interesting thing, I’ll see if I can find any info on it.
i have set up several groups like a group called eg. “PDF” for app “PDF-reader” and then made my users who need pdf-reader a member of said group (meaning: all others can’t access PDF-reader). etc. and so you could do something similar for every app you have installed and that can be put into groups. i just don’t know if tagging is allowed on a systemwide level or not.
How did you manage to limit access to apps based on group membership? The tag app I’m using is “Collaborative tags 1.1.3”. I can’t find another tagging app
argh… i just checked it on my NC… there really is an app called “Collaborative tags” (though it’s version 1.2.0) and i just enabled it… only to find out that you can’t limit access to groups… so it’s systemwide. and we’re at the beginning again.
but apart from that you could limit access to all other apps that allow limitation to groups.
This is pretty weird, actually - it seems like basic functionality to create users that can only download and read things. I wonder how hard it would be to create an app that does that… Time to learn PHP I guess
The app is currently developped, if you want to help, have a look here:
Testing is very important, this PR is supposed to make it compatible with Nextcloud (should work in theory but isn’t completely reviewed yet):
Wow, that looks exactly like what I need!
Do you have any idea when it might be released? Deploying WIP projects in a production environment is not exactly encouraged where I’m at
I wasn’t sure if you are still in a development/testing phase of the project.
The release date of the 1.0 milestone was 3 months ago, so I suppose the developers got stuck with more important things (e.g. 12.0.1 bugfix release) and the app is still in the pipeline. @jospoortvliet can perhaps give you a more specific date.
If this is in a business environment and you need a couple of features like this one, you could consider an enterprise subscription, this allows Nextcloud to dedicate more resources for your needs.
We’re just exploring some different options for now, so we’re not even in the dev phase
I’ve played around with the extension for a while, and it looks really promising. I might even be able to push new users directly into the database, and set their guest flag to 1 from there. I’ll mark your github link as the answer, thanks a bunch!
that’s all exactly right what tflidd said… we’re focussing on some more urgent stuff, but the guest app will come once this is done.