Hi. I created an app named MyApp that allows users to upload, download, or delete custom_files. The custom_files are not files; they just store the absolute URL of files. The actual files are in /Files/MyApp/. As I said, I just want users to upload, download, or delete a file, not modify it. But if users go to Files/MyApp, they can still make changes to files, such as renaming. How do I prevent that?
Are these URLs files within the files app of the NC instance or just some URL in the big internet? I suspect that this is a file on the instance.
One way could be to listen to events created/dispatched from the server core/files app. If an action happens that you do not want, you might need to undo it or abort it if this is still possible. Honestly, I have not looked deeply into this and I am not convinced about it. This could lead to brittle code as it depends on foreign apps and their code.
The more secure way would be to handle the files yourself. I am unsure why you want to use the “normal” files as a storage backend. You could use as well the app file storage. Also, you could define your own storage backend to the server. It depends on your use-case what you want to achieve: Should the user have direct access to the files and why this should be done as you write.
Christian
So you mean I need to have my own storage instead of Nextcloud Files? ;-;
I’m using WebDAV to create a folder for MyApp in each user folder. Is it using the app file storage?
That is not a 1-to-1 mapping between the storages and the files app. Examples for storages are:
- Local storage
- Group folders
- External Files
The NC server combines these storages into a single folder per user. When using the files app (either on the web frontend or by other means like file sync client or WebDAV), you see this merged folder of your user.
You can add other such storages to the server that your app can control more detailed. This is however advanced and I would not suggest it unless you really need it.