Permissions for apps

It would be nice to have a detailed list of what an app can do to with your data, kind of what you can see when installing an Android app or what CozyCloud shows.

App developpers would have to register their app permissions inside the info.xml file. It would require the server to check on each OCP call if the app has the correct permissions. When a user installs an app, there’s a prompt to tell him what this app can do.

A few permissions I would think of right now :

  • Can read/write your files
  • Can access your calendars
  • Can access your contacts
  • Can send emails
  • Can run background jobs

Sorry if such an discussion already exists about this, didn’t found it.

1 Like

There is work towards this. But nothing completed yet

Is there some place to have a look ?

I was just thinking, wouldn’t this implementation have some limits? Like you can’t use the OCP API, but you still can use PDO to fetch from the filecache table, or use fopen, file_get_contents to read from the filesystem?

There isn’t a way in PHP to block this, right?

Yes, well I think this a two different stories, the idea is not about Nextcloud (php) apps, but more about external apps (android, windows, …).
E.g. you don’t want your calendar android app, to have a password that can read contacts and files as well. So the other apps and functionality is still loaded and so on, but the content and response would be different/restricted.

the idea is not about Nextcloud (php) apps, but more about external apps (android, windows, …).

That’s not really what I was thinking of then. Still, your thing is useful, but not what I expected.

Well splitting this on php level is …
We can only do it on our APIs, but if an app uses the filesystem/database directly, there is nothing we an do about.