It would be nice to have a detailed list of what an app can do to with your data, kind of what you can see when installing an Android app or what CozyCloud shows.
App developpers would have to register their app permissions inside the info.xml file. It would require the server to check on each OCP call if the app has the correct permissions. When a user installs an app, thereās a prompt to tell him what this app can do.
A few permissions I would think of right now :
Can read/write your files
Can access your calendars
Can access your contacts
Can send emails
Can run background jobs
ā¦
Sorry if such an discussion already exists about this, didnāt found it.
I was just thinking, wouldnāt this implementation have some limits? Like you canāt use the OCP API, but you still can use PDO to fetch from the filecache table, or use fopen, file_get_contents to read from the filesystem?
Yes, well I think this a two different stories, the idea is not about Nextcloud (php) apps, but more about external apps (android, windows, ā¦).
E.g. you donāt want your calendar android app, to have a password that can read contacts and files as well. So the other apps and functionality is still loaded and so on, but the content and response would be different/restricted.
Well splitting this on php level is ā¦
We can only do it on our APIs, but if an app uses the filesystem/database directly, there is nothing we an do about.