3.0.0-rc.4
Pre-releaseChanges in 3.0.0
Warning
BREAKING CHANGE in ocis deployments
To upgrade from 2.0.0 to 3.0.0-rc.1 or later please shut down and execute the following steps
1. Application ID
you need to set
GRAPH_APPLICATION_ID
to a random uuidv4.You can also add
graph: application: id: some-random-uuid
to the ocis.yaml file which was created during initialisation
2. Search Index
The data format of the search index has also changed. You can safely delete the whole search index.
It is located in a subfolder calledsearch
in the ocis base path where ocis stores its data.
The search index automatically fills itself again when changes happen in each space. You can also re-index the space manually.Sorry for the inconvenience 😅
Note
The metadata store in the DecomposedFS has changed
When you upgrade from 2.0.0 to 3.0.0-rc.1 or later and if you didn't set
OCIS_DECOMPOSEDFS_METADATA_BACKEND
manually,
ocis will change the storage of the file metadata from using extended attributes (xattrs
) to messagepack (messagepack
).This decision was made because extended attributes are limited and have some issues using shared filesystems. Messagepack is a straightforward binary format.
Changes between 3.0.0-rc.3
and 3.0.0-rc.4
Web
- Bugfix owncloud/web#6434: Endless lazy loading indicator after sorting file table
- Bugfix owncloud/web#8987: Limit amount of concurrent tus requests
- Bugfix owncloud/web#8992: Personal space name after language change
- Bugfix owncloud/web#9004: Endless loading when encountering a public link error
- Bugfix owncloud/web#9015: Prevent "virtual" spaces from being displayed in the UI
Reva
- Bugfix cs3org/reva#3899: Harden uploads
- Enhancement cs3org/reva#3893: Cleanup Space Delete permissions
- Enhancement cs3org/reva#3898: Add Graph User capabilities
- Bugfix cs3org/reva#3890: Bring back public link sharing of project space roots
- Bugfix cs3org/reva#3888: We fixed a bug that unnecessarily fetched all members of a group
- Bugfix cs3org/reva#3886: Decomposedfs no longer deadlocks when cache is disabled
- Bugfix cs3org/reva#3892: Fix public links
- Bugfix cs3org/reva#3876: Remove go-micro/store/redis specific workaround
- Bugfix cs3org/reva#3889: Update space root mtime when changing space metadata
- Bugfix cs3org/reva#3836: Fix spaceID in the decomposedFS
- Bugfix cs3org/reva#3867: Restore last version after positive result
- Bugfix cs3org/reva#3849: Prevent sharing space roots and personal spaces
- Enhancement cs3org/reva#3865: Remove unneccessary code from gateway
- Enhancement cs3org/reva#3895: Add missing expiry date to shares
oCIS
- Bugfix - Reduced default TTL of user and group caches in graph API: #6320
- Bugfix - Use UUID attribute for computing "sub" claim in lico idp: #904
- Bugfix - Fix the empty string givenName attribute when creating user: #5431
- Bugfix - Fix the wrong status code when appRoleAssignments is forbidden: #6037
- Bugfix - Add missing response to blocked requests: #6277
- Bugfix - Update the default admin role: #6310
- Enhancement - Add specific result to antivirus for debugging: #6265
- Enhancement - Update Reva to 2.13.3: #6305
- Enhancement - Graph user capabilities: #6339
- Enhancement - Add Store to
postprocessing
: #6281 - Enhancement - Remove quota from share jails api responses: #6309
All Changes
- Bugfix - Return 425 on Thumbnails: #5300
- Bugfix - Allow selected updates on graph users: #6233
- Bugfix - Disassociate users from deleted school: #5343
- Bugfix - Fix default role assignment for demo users: #3432
- Bugfix - Reduced default TTL of user and group caches in graph API: #6320
- Bugfix - Fix so that PATCH requests for groups actually updates the group name: #5949
- Bugfix - Use UUID attribute for computing "sub" claim in lico idp: #904
- Bugfix - Hide the existence of space when deleting/updating: #5031
- Bugfix - Fix OIDC auth cache: #5997
- Bugfix - Fix the empty string givenName attribute when creating user: #5431
- Bugfix - Fix Postprocessing events: #5269
- Bugfix - Fix Search reindexing performance regression: #6085
- Bugfix - Fix Search tag indexing: #5405
- Bugfix - Fix the wrong status code when appRoleAssignments is forbidden: #6037
- Bugfix - Fix user type config for user provider: #6027
- Bugfix - Fix userlog panic: #6114
- Bugfix - Fix Logout Url config name: #6227
- Bugfix - Add missing CORS config: #5987
- Bugfix - Add missing response to blocked requests: #6277
- Bugfix - Populate expanded properties: #5421
- Bugfix - Add portrait thumbnail resolutions: #5656
- Bugfix - Update the default admin role: #6310
- Bugfix - Fix authenticate headers for API requests: #5992
- Change - Bump libregraph lico: #5768
- Change - Updated Cache Configuration: #5829
- Change - Remove the settings ui: #5463
- Change - Do not share versions: #5531
- Enhancement - Add specific result to antivirus for debugging: #6265
- Enhancement - Add debug server to audit: #6178
- Enhancement - Add debug server to idm: #6153
- Enhancement - Add debug server to postprocessing: #6203
- Enhancement - Add debug server to userlog: #6202
- Enhancement - Add 'ocis decomposedfs metadata' command: #5858
- Enhancement - Add debug server to eventhistory: #6204
- Enhancement - Add global env variable extractor: #5164
- Enhancement - Add the email HTML templates: #6147
- Enhancement - Open Debug endpoint for Notifications: #5002
- Enhancement - Add MessageRichParameters: #5927
- Enhancement - Add webfinger service: #5373
- Enhancement - Async Postprocessing: #5207
- Enhancement - Automate md creation: #5901
- Enhancement - Add more logging to av service: #5973
- Enhancement - Return Bad Request when requesting GDPR export for another user: #6123
- Enhancement - Add endpoints to upload a custom logo: #5735
- Enhancement - Bump go-ldap version: #6004
- Enhancement - Bump libre-graph-api-go: #5309
- Enhancement - Update Reva to version 2.13.3 and beyond: #6205
- Enhancement - Collect global envvars: #5367
- Enhancement - Make the settings bundles part of the service config: #5589
- Enhancement - Configure GRPC in ocs: #6022
- Enhancement - Disable Notifications: #6137
- Enhancement - Drive group permissions: #5312
- Enhancement - Make the group members addition limit configurable: #5357
- Enhancement - Allow username to be changed: #5509
- Enhancement - Graph Drives IdentitySet displayName: #5347
- Enhancement - Make the LDAP base DN for new groups configurable: #5974
- Enhancement - Update to go 1.20 to use memlimit: #5732
- Enhancement - Display surname and givenName attributes: #5388
- Enhancement - Extended search: #5221
- Enhancement - Resource tags: #5227
- Enhancement - Allow users to be disabled: #5588
- Enhancement - Web config additions: #6032
- Enhancement - Eventhistory service: #5600
- Enhancement - Expiration Notifications: #5330
- Enhancement - GDPR Export: #6064
- Enhancement - Make graph/education API errors more consistent: #5682
- Enhancement - Graph user capabilities: #6339
- Enhancement - Add endpoint to list permissions: #5594
- Enhancement - Notifications: #6038
- Enhancement - Open Debug endpoint for Nats: #5002
- Enhancement - No Notifications for own actions: #5871
- Enhancement - Notify about policies: #5912
- Enhancement - Add a capability for the Personal Data export: #5984
- Enhancement - Introduce policies-service: #5714
- Enhancement - Better config for postprocessing service: #5457
- Enhancement - Add Store to
postprocessing
: #6281 - Enhancement - Add config option to enforce passwords on public links: #5848
- Enhancement - Add new permission for public links: #5690
- Enhancement - Remove quota from share jails api responses: #6309
- Enhancement - Added possibility to assign roles based on OIDC claims: #6048
- Enhancement - Added option to configure default quota per role: #5616
- Enhancement - Add optional services to the runtime: #6071
- Enhancement - Add new SetProjectSpaceQuota permission: #5660
- Enhancement - Add expiration to user and group shares: #5389
- Enhancement - Space Management permissions: #5441
- Enhancement - Cli to purge expired trash-bin items: #5500
- Enhancement - Update web to v7.0.0-rc.36: #6234
- Enhancement - Use Accept-Language Header: #5918
- Enhancement - Use gotext master: #5867
- Enhancement - Userlog: #5699
- Enhancement - Userlog Service: #5610
- Enhancement - Determine the users language to translate via Transifex: #6089
- Enhancement - Web options configuration: #6188
Details
-
Bugfix - Return 425 on Thumbnails: #5300
Return
425
on thumbnailsGET
when file is processing. Pass425
also through webdav
endpoint -
Bugfix - Allow selected updates on graph users: #6233
We are now allowing a couple of update request to complete even if
GRAPH_LDAP_SERVER_WRITE_ENABLED=false:- When using a group to disable users (OCIS_LDAP_DISABLE_USER_MECHANISM=group) updates to the accountEnabled property of a user will be allowed
- When a distinct base dn for new groups is configured ( GRAPH_LDAP_GROUP_CREATE_BASE_DN is set to a different value than GRAPH_LDAP_GROUP_BASE_DN), allow the creation/update of local groups.
-
Bugfix - Disassociate users from deleted school: #5343
When a school is deleted, users should be disassociated from it.
-
Bugfix - Fix default role assignment for demo users: #3432
The roles-assignments for demo users where duplicated with every restart of the settings
service. -
Bugfix - Reduced default TTL of user and group caches in graph API: #6320
We reduced the default TTL of the cache for user and group information on the /drives endpoints
to 60 seconds. This fixes in issue where outdated information was show on the spaces list for a
very long time. -
Bugfix - Fix so that PATCH requests for groups actually updates the group name: #5949
-
Bugfix - Use UUID attribute for computing "sub" claim in lico idp: #904
By default the LDAP backend for lico uses the User DN for computing the "sub" claim of a user. This
caused the "sub" claim to stay the same even if a user was deleted and recreated (and go a new UUID
assgined with that). We now use the user's unique id (owncloudUUID
by default) for computing
thesub
claim. So that user's recreated with the same name will be treated as different users
by the IDP. -
Bugfix - Hide the existence of space when deleting/updating: #5031
The "code": "notAllowed" changed to "code": "itemNotFound"
-
Bugfix - Fix OIDC auth cache: #5997
We've fixed an issue rendering the OIDC auth cache useless.
-
Bugfix - Fix the empty string givenName attribute when creating user: #5431
Omitempty givenName attribute when creating user
-
Bugfix - Fix Postprocessing events: #5269
Postprocessing service did not want to play with non-tls events. That is fixed now
-
Bugfix - Fix Search reindexing performance regression: #6085
We've fixed a regression in the search service reindexing step, causing the whole space to be
reindexed instead of just the changed resources. -
Bugfix - Fix Search tag indexing: #5405
We've fixed an issue where search is not able to index tags for space resources.
-
Bugfix - Fix the wrong status code when appRoleAssignments is forbidden: #6037
Fix the wrong status code when appRoleAssignments is forbidden in the
CreateAppRoleAssignment and DeleteAppRoleAssignment methods. -
Bugfix - Fix user type config for user provider: #6027
We needed to provide a default value for the user type property in the user provider.
-
Bugfix - Fix userlog panic: #6114
Userlog services paniced because of
nil
ctx. That is fixed now -
Bugfix - Fix Logout Url config name: #6227
We fixed the yaml and json name of the logout url option.
-
Bugfix - Add missing CORS config: #5987
The graph, userlog and ocdav services had no CORS config options.
-
Bugfix - Add missing response to blocked requests: #6277
We added the missing response body to requests which were blocked by the policy engine.
-
Bugfix - Populate expanded properties: #5421
We now return an empty array when an expanded relation has no entries. This makes consuming the
responses a little easier. -
Bugfix - Add portrait thumbnail resolutions: #5656
Add portrait-orientation resolutions to the thumbnail service's default configuration.
This prevents portrait photos from being heavily cropped into landscape resolutions in the
web viewer. -
Bugfix - Update the default admin role: #6310
The admin role was missing two permissions. We added them to make the space admin role a subset of
the admin role. This matches better with the default user expectations. -
Bugfix - Fix authenticate headers for API requests: #5992
We changed the www-authenticate header which should not be sent when the
XMLHttpRequest
header is set. -
Change - Bump libregraph lico: #5768
We updated lico to the latest version * Update to 0.59.4 - upstream dropped the kc and cookie
backends -
Change - Updated Cache Configuration: #5829
We updated all cache related environment vars to more closely follow the go micro naming
pattern: -{service}_CACHE_STORE_TYPE
becomes{service}_CACHE_STORE
or
{service}_PERSISTENT_STORE
-{service}_CACHE_STORE_ADDRESS(ES)
becomes
{service}_CACHE_STORE_NODES
- Themem
store implementation name changes tomemory
-
In yaml files the cachetype
becomesstore
We introducedredis-sentinel
as a store
implementation. -
Change - Remove the settings ui: #5463
With ownCloud Web having transitioned to Vue 3 recently, we would have had to port the settings
ui as well. The decision was made to discontinue the settings ui instead. As a result all traces
of the settings ui have been removed.The only user facing setting that ever existed in the settings service is now integrated into
theaccount
page of ownCloud Web (click on top right user menu, then on your username to reach
the account page). -
Change - Do not share versions: #5531
We changed the default behavior of shares: Share receivers have no access to versions. People
in spaces with the "Editor" or "Manager" role can still see versions and work with them. -
Enhancement - Add specific result to antivirus for debugging: #6265
We added the ability to define a specific result for the virus scanner via env-var
(ANTIVIRUS_DEBUG_SCAN_OUTCOME) -
Enhancement - Add debug server to audit: #6178
We added a debug server to audit.
-
Enhancement - Add debug server to idm: #6153
We added a debug server to idm.
-
Enhancement - Add debug server to postprocessing: #6203
We added a debug server to postprocessing.
-
Enhancement - Add debug server to userlog: #6202
We added a debug server to userlog.
-
Enhancement - Add 'ocis decomposedfs metadata' command: #5858
We added a 'ocis decomposedfs metadata' command for inspecting and manipulating node
metadata. -
Enhancement - Add debug server to eventhistory: #6204
We added a debug server to eventhistory.
-
Enhancement - Add global env variable extractor: #5164
We have added a little tool that will extract global env vars, that are loaded only through
os.Getenv for documentation purposes -
Enhancement - Add the email HTML templates: #6147
Add the email HTML templates
-
Enhancement - Open Debug endpoint for Notifications: #5002
We added a debug server to the notifications service
-
Enhancement - Add MessageRichParameters: #5927
Adds the messageRichParameters to virus and policies notifications
-
Enhancement - Add webfinger service: #5373
Adds a webfinger service to redirect ocis clients
-
Enhancement - Async Postprocessing: #5207
Provides functionality for async postprocessing. This will allow the system to do the
postprocessing (virusscan, copying of bytes to their final destination, ...) asynchronous
to the users request. Major change when active. -
Enhancement - Automate md creation: #5901
Automatically create
_index.md
files from the servicesREADME.md
-
Enhancement - Add more logging to av service: #5973
We need more debug logging in some situations to understand the state of a virus scan.
-
Enhancement - Return Bad Request when requesting GDPR export for another user: #6123
This is an enhancement, not security related as the requested uid is never used
-
Enhancement - Add endpoints to upload a custom logo: #5735
Added endpoints to upload and reset custom logos. The files are stored under the
WEB_ASSET_PATH
which defaults to$OCIS_BASE_DATA_PATH/web/assets
. -
Enhancement - Bump go-ldap version: #6004
Use master version of go-ldap to get rid of nasty
=
bug. See
go-ldap/ldap#416 -
Enhancement - Bump libre-graph-api-go: #5309
We fixed a couple of issues in libre-graph-api-go package.
- rename drive permission grantedTo to grantedToIdentities to be ms graph spec compatible.
- drive.name is a required property now.
- add group property to the identitySet.
-
Enhancement - Update Reva to version 2.13.3 and beyond: #6205
Changelog for reva unreleased =======================================
- Bugfix cs3org/reva#3899: Harden uploads
- Enhancement cs3org/reva#3893: Cleanup Space Delete permissions
- Enhancement cs3org/reva#3898: Add Graph User capabilities
Changelog for reva 2.13.3 (2023-05-17) =======================================
- Bugfix cs3org/reva#3890: Bring back public link sharing of project space roots
- Bugfix cs3org/reva#3888: We fixed a bug that unnecessarily fetched all members of a group
- Bugfix cs3org/reva#3886: Decomposedfs no longer deadlocks when cache is disabled
- Bugfix cs3org/reva#3892: Fix public links
- Bugfix cs3org/reva#3876: Remove go-micro/store/redis specific workaround
- Bugfix cs3org/reva#3889: Update space root mtime when changing space metadata
- Bugfix cs3org/reva#3836: Fix spaceID in the decomposedFS
- Bugfix cs3org/reva#3867: Restore last version after positive result
- Bugfix cs3org/reva#3849: Prevent sharing space roots and personal spaces
- Enhancement cs3org/reva#3865: Remove unneccessary code from gateway
- Enhancement cs3org/reva#3895: Add missing expiry date to shares
Https://github.com/owncloud/ocis/pull/6305
#6339 Changelog for reva 2.13.2 (2023-05-08)- Bugfix cs3org/reva#3845: Fix propagation
- Bugfix cs3org/reva#3856: Fix response code
- Bugfix cs3org/reva#3857: Fix trashbin purge
Changelog for reva 2.13.1 (2023-05-03) =======================================
- Bugfix cs3org/reva#3843: Allow scope check to impersonate space owners
Changelog for reva 2.13.0 (2023-05-02) =======================================
- Bugfix cs3org/reva#3570: Return 425 on HEAD
- Bugfix cs3org/reva#3830: Be more robust when logging errors
- Bugfix cs3org/reva#3815: Bump micro redis store
- Bugfix cs3org/reva#3596: Cache CreateHome calls
- Bugfix cs3org/reva#3823: Deny correctly in decomposedfs
- Bugfix cs3org/reva#3826: Add by group index to decomposedfs
- Bugfix cs3org/reva#3618: Drain body on failed put
- Bugfix cs3org/reva#3685: Send fileid on copy
- Bugfix cs3org/reva#3688: Return 425 on GET
- Bugfix cs3org/reva#3755: Fix app provider language validation
- Bugfix cs3org/reva#3800: Fix building for freebsd
- Bugfix cs3org/reva#3700: Fix caching
- Bugfix cs3org/reva#3535: Fix ceph driver storage fs implementation
- Bugfix cs3org/reva#3764: Fix missing CORS config in ocdav service
- Bugfix cs3org/reva#3710: Fix error when try to delete space without permission
- Bugfix cs3org/reva#3822: Fix deleting spaces
- Bugfix cs3org/reva#3718: Fix revad-eos docker image which was failing to build
- Bugfix cs3org/reva#3559: Fix build on freebsd
- Bugfix cs3org/reva#3696: Fix ldap filters when checking for enabled users
- Bugfix cs3org/reva#3767: Decode binary UUID when looking up a users group memberships
- Bugfix cs3org/reva#3741: Fix listing shares to multiple groups
- Bugfix cs3org/reva#3834: Return correct error during MKCOL
- Bugfix cs3org/reva#3841: Fix nil pointer and improve logging
- Bugfix cs3org/reva#3831: Ignore 'null' mtime on tus upload
- Bugfix cs3org/reva#3758: Fix public links with enforced password
- Bugfix cs3org/reva#3814: Fix stat cache access
- Bugfix cs3org/reva#3650: FreeBSD xattr support
- Bugfix cs3org/reva#3827: Initialize user cache for decomposedfs
- Bugfix cs3org/reva#3818: Invalidate cache when deleting space
- Bugfix cs3org/reva#3812: Filemetadata Cache now deletes keys without listing them first
- Bugfix cs3org/reva#3817: Pipeline cache deletes
- Bugfix cs3org/reva#3711: Replace ini metadata backend by messagepack backend
- Bugfix cs3org/reva#3828: Send quota when listing spaces in decomposedfs
- Bugfix cs3org/reva#3681: Fix etag of "empty" shares jail
- Bugfix cs3org/reva#3748: Prevent service from panicking
- Bugfix cs3org/reva#3816: Write Metadata once
- Change cs3org/reva#3641: Hide file versions for share receivers
- Change cs3org/reva#3820: Streamline stores
- Enhancement cs3org/reva#3732: Make method for detecting the metadata backend public
- Enhancement cs3org/reva#3789: Add capabilities indicating if user attributes are read-only
- Enhancement cs3org/reva#3792: Add a prometheus gauge to keep track of active uploads and downloads
- Enhancement cs3org/reva#3637: Add an ID to each events
- Enhancement cs3org/reva#3704: Add more information to events
- Enhancement cs3org/reva#3744: Add LDAP user type attribute
- Enhancement cs3org/reva#3806: Decomposedfs now supports filtering spaces by owner
- Enhancement cs3org/reva#3730: Antivirus
- Enhancement cs3org/reva#3531: Async Postprocessing
- Enhancement cs3org/reva#3571: Async Upload Improvements
- Enhancement cs3org/reva#3801: Cache node ids
- Enhancement cs3org/reva#3690: Check set project space quota permission
- Enhancement cs3org/reva#3686: User disabling functionality
- Enhancement cs3org/reva#3505: Fix eosgrpc package
- Enhancement cs3org/reva#3575: Fix skip group grant index cleanup
- Enhancement cs3org/reva#3564: Fix tag pkg
- Enhancement cs3org/reva#3756: Prepare for GDPR export
- Enhancement cs3org/reva#3612: Group feature changed event added
- Enhancement cs3org/reva#3729: Improve decomposedfs performance, esp. with network fs/cache
- Enhancement cs3org/reva#3697: Improve the ini file metadata backend
- Enhancement cs3org/reva#3819: Allow creating internal links without permission
- Enhancement cs3org/reva#3740: Limit concurrency in decomposedfs
- Enhancement cs3org/reva#3569: Always list shares jail when listing spaces
- Enhancement cs3org/reva#3788: Make resharing configurable
- Enhancement cs3org/reva#3674: Introduce ini file based metadata backend
- Enhancement cs3org/reva#3728: Automatically migrate file metadata from xattrs to messagepack
- Enhancement cs3org/reva#3807: Name Validation
- Enhancement cs3org/reva#3574: Opaque space group
- Enhancement cs3org/reva#3598: Pass estream to Storage Providers
- Enhancement cs3org/reva#3763: Add a capability for personal data export
- Enhancement cs3org/reva#3577: Prepare for SSE
- Enhancement cs3org/reva#3731: Add config option to enforce passwords on public links
- Enhancement cs3org/reva#3693: Enforce the PublicLink.Write permission
- Enhancement cs3org/reva#3497: Introduce owncloud 10 publiclink manager
- Enhancement cs3org/reva#3714: Add global max quota option and quota for CreateHome
- Enhancement cs3org/reva#3759: Set correct share type when listing shares
- Enhancement cs3org/reva#3594: Add expiration to user and group shares
- Enhancement cs3org/reva#3580: Share expired event
- Enhancement cs3org/reva#3620: Allow a new ShareType
SpaceMembershipGroup
- Enhancement cs3org/reva#3609: Space Management Permissions
- Enhancement cs3org/reva#3655: Add expiration date to space memberships
- Enhancement cs3org/reva#3697: Add support for redis sentinel caches
- Enhancement cs3org/reva#3552: Suppress tusd logs
- Enhancement cs3org/reva#3555: Tags
- Enhancement cs3org/reva#3785: Increase unit test coverage in the ocdav service
- Enhancement cs3org/reva#3739: Try to rename uploaded files to their final position
- Enhancement cs3org/reva#3610: Walk and log chi routes
-
Enhancement - Collect global envvars: #5367
Compose a list of all envvars living in more than 1 service
-
Enhancement - Make the settings bundles part of the service config: #5589
We added the settings bundles to the config. The default roles are still unchanged. You can now
override the defaults by replacing the whole bundles list via json config files. The config
file is loaded from a specified path which can be configured withSETTINGS_BUNDLES_PATH
. -
Enhancement - Configure GRPC in ocs: #6022
Fixes a panic in ocs when running not in single binary
-
Enhancement - Disable Notifications: #6137
Introduce new setting to disable notifications
-
Enhancement - Drive group permissions: #5312
We've updated the libregraph.Drive response to contain group permissions.
-
Enhancement - Make the group members addition limit configurable: #5357
It's now possible to configure the limit of group members addition by PATCHing
/graph/v1.0/groups/{groupID}
. It still defaults to 20 as defined in the spec but it can be
configured via.graph.api.group_members_patch_limit
inocis.yaml
or via the
GRAPH_GROUP_MEMBERS_PATCH_LIMIT
environment variable. -
Enhancement - Allow username to be changed: #5509
When OnPremisesSamAccountName is present in a PATCH on
{apiRoot}/users/{userID}
it will
change the username of the user. This also changes the references to this user in the groups. -
Enhancement - Graph Drives IdentitySet displayName: #5347
We've added the IdentitySet displayName property to the group and user sets for the graph
drives endpoint. The values for groups and users get cached. -
Enhancement - Make the LDAP base DN for new groups configurable: #5974
The LDAP backend for the Graph service introduced a new config option for setting the Parent DN
for new groups created via the/groups/
endpoint. (GRAPH_LDAP_GROUP_CREATE_BASE_DN
)It defaults to the value of
GRAPH_LDAP_GROUP_BASE_DN
. If set to a different value the
GRAPH_LDAP_GROUP_CREATE_BASE_DN
needs to be a subordinate DN of
GRAPH_LDAP_GROUP_BASE_DN
.All existing groups with a DN outside the
GRAPH_LDAP_GROUP_CREATE_BASE_DN
tree will be
treated as read-only groups. So it is not possible to edit these groups. -
Enhancement - Update to go 1.20 to use memlimit: #5732
We updated to go 1.20 which allows setting GOMEMLIMIT, which we by default set to 0.9.
-
Enhancement - Display surname and givenName attributes: #5388
When querying the graph API, the surname and givenName attributes are now displayed for users.
-
Enhancement - Extended search: #5221
Provides multiple enhancement to the search implementation. * content extraction, search
now supports apache tika to extract resource contents. * search engine, underlying search
engine is swappable now. * event consumers, the number of event consumers can now be set, which
improves the speed of the individual tasks -
Enhancement - Resource tags: #5227
We've added the ability to tag resources via the graph api. Tags can be added (put request) and
removed (delete request) from a resource, a list of available tags can also be requested by
sending a get request to the graph endpoint. -
Enhancement - Allow users to be disabled: #5588
By setting the
accountEnabled
property tofalse
for a user via the graph API. Users can be
disabled (i.e. they can no longer login) -
Enhancement - Web config additions: #6032
We've added config keys for defining additional css, scripts and translations for ownCloud
Web. -
Enhancement - Eventhistory service: #5600
Introduces the
eventhistory
service. It is a service that stores events and provides a grpc
API to retrieve them. -
Enhancement - Expiration Notifications: #5330
Send emails to the user informing that a share or a space membership expires.
-
Enhancement - GDPR Export: #6064
Adds an endpoint to collect all data that is related to a user
-
Enhancement - Make graph/education API errors more consistent: #5682
Aligned the error messages when creating schools and classes fail and changed the response
code from 500 to 409. -
Enhancement - Graph user capabilities: #6339
Adds capablities to show if users are writeable in LDAP so clients can block their specific
fields -
Enhancement - Add endpoint to list permissions: #5594
We added 'https://cloud.ocis.test/api/v0/settings/permissions-list' to retrieve all
permissions of the logged in user. -
Enhancement - Notifications: #6038
Make Emails translatable via transifex The transifex translation add in to the email
templates. The optional environment variable NOTIFICATIONS_TRANSLATION_PATH added to
config. The optional global environment variable OCIS_TRANSLATION_PATH added to
notifications and userlog config. -
Enhancement - Open Debug endpoint for Nats: #5002
We added a debug server to nats
-
Enhancement - No Notifications for own actions: #5871
Don't send notifications on space events when the user has executed them herself.
-
Enhancement - Notify about policies: #5912
Notify the user when a file was deleted due to policies (policies service)
-
Enhancement - Add a capability for the Personal Data export: #5984
Adds a capability for the personal data export endpoint
-
Enhancement - Introduce policies-service: #5714
Introduces policies service. The policies-service provides a new grpc api which can be used to
return whether a requested operation is allowed or not. Open Policy Agent is used to determine
the set of rules of what is permitted and what is not.2 further levels of authorization build on this:
- Proxy Authorization
- Event Authorization (needs async post-processing enabled)
The simplest authorization layer is in the proxy, since every request is processed here, only
simple decisions that can be processed quickly are made here, more complex queries such as file
evaluation are explicitly excluded in this layer.The next layer is event-based as a pipeline step in asynchronous post-processing, since
processing at this point is asynchronous, the operations there can also take longer and be more
expensive, the bytes of a file can be examined here as an example.Since the base block is a grpc api, it is also possible to use it directly. The policies are
written in the rego query
language. -
Enhancement - Better config for postprocessing service: #5457
The postprocessing service is now individually configurable. This is achieved by allowing a
list of postprocessing steps that are processed in order of their appearance in the
POSTPROCESSING_STEPS
envvar. -
Enhancement - Add Store to
postprocessing
: #6281Add a gomicro store for the postprocessing service. Needed to run multiple postprocessing
instances -
Enhancement - Add config option to enforce passwords on public links: #5848
Added a new config option to enforce passwords on public links with "Uploader, Editor,
Contributor" roles.The new options are:
OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD
,
SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD
and
FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD
. Check the docs on how to
properly set them. -
Enhancement - Add new permission for public links: #5690
Added a new permission 'PublicLink.Write' to check if a user can create or update public links.
-
Enhancement - Remove quota from share jails api responses: #6309
We have removed the quota object from api responses for share jails, which would permanently
show exceeded due to restrictions in the permission system. -
Enhancement - Added possibility to assign roles based on OIDC claims: #6048
OCIS can now be configured to update a user's role assignment from the values of a claim provided
via the IDPs userinfo endpoint. The claim name and the mapping between claim values and ocis
role name can be configured via the configuration of the proxy service. Example:role_mapping: - role_name: admin claim_value: myAdminRole - role_name: spaceadmin claim_value: mySpaceAdminRole - role_name: user claim_value: myUserRole - role_name: guest: claim_value: myGuestRole ``` https://github.com/owncloud/ocis/pull/6048
-
Enhancement - Added option to configure default quota per role: #5616
Admins can assign default quotas to users with certain roles by adding the following config to
theproxy.yaml
. E.g.: ``` role_quotas: d7beeea8-8ff4-406b-8fb6-ab2dd81e6b11: 2300000It maps a role ID to the quota in bytes. https://github.com/owncloud/ocis/pull/5616
-
Enhancement - Add optional services to the runtime: #6071
Make it possible to start optional services in the ocis runtime. Instead of using
OCIS_RUN_SERVICES
to define all services we can now useOCIS_ADD_RUN_SERVICES
to add a
comma separated list of additional services which are not started in the single process by
default. -
Enhancement - Add new SetProjectSpaceQuota permission: #5660
Additionally to
set-space-quota
for setting quota on personal spaces we now have
Drive.ReadWriteQuota.Project
for setting project spaces quota -
Enhancement - Add expiration to user and group shares: #5389
Added expiration to user and group shares.
-
Enhancement - Space Management permissions: #5441
We added new space management permissions.
space-properties
will allow changing space
properties (name, description, ...).space-ability
will allow enabling and disabling
spaces -
Enhancement - Cli to purge expired trash-bin items: #5500
Introduction of a new cli command to purge old trash-bin items. The command is part of the
storage-users
service and can be used as follows:ocis storage-users trash-bin purge-expired
.The
purge-expired
command configuration is done in theocis
configuration or as usual by
using environment variables.ENV
STORAGE_USERS_PURGE_TRASH_BIN_USER_ID
is used to obtain space trash-bin
information and takes the system admin user as the defaultOCIS_ADMIN_USER_ID
. It should be
noted, that this is only set by default in the single binary. The command only considers spaces
to which the user has access and delete permission.ENV
STORAGE_USERS_PURGE_TRASH_BIN_PERSONAL_DELETE_BEFORE
has a default value of30 days
, which means the command will delete all files older than30 days
. The value is
human-readable, valid values are24h
,60m
,60s
etc.0
is equivalent to disable and
prevents the deletion ofpersonal space
trash-bin files.ENV
STORAGE_USERS_PURGE_TRASH_BIN_PROJECT_DELETE_BEFORE
has a default value of30 days
, which means the command will delete all files older than30 days
. The value is
human-readable, valid values are24h
,60m
,60s
etc.0
is equivalent to disable and
prevents the deletion ofproject space
trash-bin files.Likewise, only spaces of the type
project
andpersonal
are taken into account. Spaces of
typevirtual
, for example, are ignored. -
Enhancement - Update web to v7.0.0-rc.36: #6234
Tags: web
We updated ownCloud Web to v7.0.0-rc.36. Please refer to the changelog (linked) for details on
the web release.- Bugfix owncloud/web#6423: Archiver in protected public links
- Bugfix owncloud/web#6731: Layout with long breadcrumb
- Bugfix owncloud/web#6768: Pagination after increasing items per page
- Bugfix owncloud/web#7513: Calendar popup position in right sidebar
- Bugfix owncloud/web#7655: Loading shares in deep nested folders
- Bugfix owncloud/web#7925: "Paste"-action without write permissions
- Bugfix owncloud/web#7926: Include spaces in the list info
- Bugfix owncloud/web#7958: Prevent deletion of own account
- Bugfix owncloud/web#7966: UI fixes for sorting and quickactions
- Bugfix owncloud/web#7969: Space quota not displayed after creation
- Bugfix owncloud/web#8026: Text editor appearance
- Bugfix owncloud/web#8040: Reverting versions for read-only shares
- Bugfix owncloud/web#8045: Resolving drives in search
- Bugfix owncloud/web#8054: Search repeating no results message
- Bugfix owncloud/web#8058: Current year selection in the date picker
- Bugfix owncloud/web#8061: Omit "page"-query in breadcrumb navigation
- Bugfix owncloud/web#8080: Left sidebar navigation item text flickers on transition
- Bugfix owncloud/web#8081: Space member disappearing
- Bugfix owncloud/web#8083: Re-using space images
- Bugfix owncloud/web#8148: Show space members despite deleted entries
- Bugfix owncloud/web#8158: Search bar input appearance
- Bugfix owncloud/web#8265: Application menu active display on hover
- Bugfix owncloud/web#8276: Loading additional user data
- Bugfix owncloud/web#8300: Re-loading space members panel
- Bugfix owncloud/web#8326: Editing users who never logged in
- Bugfix owncloud/web#8340: Cancel custom permissions
- Bugfix owncloud/web#8411: Drop menus with limited vertical screen space
- Bugfix owncloud/web#8420: Token renewal in vue router hash mode
- Bugfix owncloud/web#8434: Accessing route in admin-settings with insufficient permissions
- Bugfix owncloud/web#8479: "Show more"-action in shares panel
- Bugfix owncloud/web#8480: Paste action conflict dialog broken
- Bugfix owncloud/web#8498: PDF display issue - Update CSP object-src policy
- Bugfix owncloud/web#8508: Remove fuzzy search results
- Bugfix owncloud/web#8523: Space image upload
- Bugfix owncloud/web#8549: Batch context actions in admin settings
- Bugfix owncloud/web#8554: Height of dropdown no-option
- Bugfix owncloud/web#8576: De-duplicate event handling to prevent errors on Draw-io
- Bugfix owncloud/web#8585: Users without role assignment
- Bugfix owncloud/web#8587: Password enforced check for public links
- Bugfix owncloud/web#8592: Group members sorting
- Bugfix owncloud/web#8694: Broken re-login after logout
- Bugfix owncloud/web#8695: Open files in external app
- Bugfix owncloud/web#8756: Copy link to clipboard text
- Bugfix owncloud/web#8758: Preview controls colors
- Bugfix owncloud/web#8776: Selection reset on action click
- Bugfix owncloud/web#8814: Share recipient container exceed
- Bugfix owncloud/web#8825: Remove drop target in read-only folders
- Bugfix owncloud/web#8827: Opening context menu via keyboard
- Bugfix owncloud/web#8834: Hide upload hint in empty read-only folders
- Bugfix owncloud/web#8864: Public link empty password stays forever
- Bugfix owncloud/web#8880: Sidebar header after deleting resource
- Bugfix owncloud/web#8928: Infinite login redirect
- Change owncloud/web#6661: Streamline new tab handling in extensions
- Change owncloud/web#7948: Update Vue to v3.2
- Change owncloud/web#8431: Remove permission manager
- Change owncloud/web#8455: Configurable extension autosave
- Change owncloud/web#8563: Theme colors
- Enhancement owncloud/web#6183: Global loading indicator
- Enhancement owncloud/web#7388: Add tag support
- Enhancement owncloud/web#7721: Improve performance when loading folders and share indicators
- Enhancement owncloud/web#7942: Warn users when using unsupported browsers
- Enhancement owncloud/web#7965: Optional Contributor role and configurable resharing permissions
- Enhancement owncloud/web#7968: Group and user creation forms submit on enter
- Enhancement owncloud/web#7976: Add switch to enable condensed resource table
- Enhancement owncloud/web#7977: Introduce zoom and rotate to the preview app
- Enhancement owncloud/web#7983: Conflict dialog UX
- Enhancement owncloud/web#7991: Add tiles view for resource display
- Enhancement owncloud/web#7994: Introduce full screen mode to the preview app
- Enhancement owncloud/web#7995: Enable autoplay in the preview app
- Enhancement owncloud/web#8008: Don't open sidebar when copying quicklink
- Enhancement owncloud/web#8021: Access right sidebar panels via URL
- Enhancement owncloud/web#8051: Introduce image preloading to the preview app
- Enhancement owncloud/web#8055: Retry failed uploads on re-upload
- Enhancement owncloud/web#8056: Increase Searchbar height
- Enhancement owncloud/web#8057: Show text file icon for empty text files
- Enhancement owncloud/web#8132: Update libre-graph-api to v1.0
- Enhancement owncloud/web#8136: Make clipboard copy available to more browsers
- Enhancement owncloud/web#8161: Space group members
- Enhancement owncloud/web#8161: Space group shares
- Enhancement owncloud/web#8166: Show upload speed
- Enhancement owncloud/web#8175: Rename "user management" app
- Enhancement owncloud/web#8178: Spaces list in admin settings
- Enhancement owncloud/web#8261: Admin settings users section uses graph api for role assignments
- Enhancement owncloud/web#8279: Move user group select to edit panel
- Enhancement owncloud/web#8280: Add support for multiple clients in
theme.json
- Enhancement owncloud/web#8294: Move language selection to user account page
- Enhancement owncloud/web#8306: Show selectable groups only
- Enhancement owncloud/web#8317: Add context menu to groups
- Enhancement owncloud/web#8320: Space member expiration
- Enhancement owncloud/web#8320: Update SDK to v3.1.0-alpha.3
- Enhancement owncloud/web#8324: Add context menu to users
- Enhancement owncloud/web#8331: Admin settings users section details improvement
- Enhancement owncloud/web#8354: Add
ItemFilter
component - Enhancement owncloud/web#8356: Slight improvement of key up/down performance
- Enhancement owncloud/web#8363: Admin settings general section
- Enhancement owncloud/web#8375: Add appearance section in general settings
- Enhancement owncloud/web#8377: User group filter
- Enhancement owncloud/web#8387: Batch edit quota in admin panel
- Enhancement owncloud/web#8398: Use standardized layout for file/space action list
- Enhancement owncloud/web#8425: Add dark ownCloud logo
- Enhancement owncloud/web#8432: Inject customizations
- Enhancement owncloud/web#8433: User settings login field
- Enhancement owncloud/web#8441: Skeleton App
- Enhancement owncloud/web#8449: Configurable top bar
- Enhancement owncloud/web#8450: Rework notification bell
- Enhancement owncloud/web#8455: Autosave content changes in text editor
- Enhancement owncloud/web#8473: Update CERN links
- Enhancement owncloud/web#8489: Respect max quota
- Enhancement owncloud/web#8492: User role filter
- Enhancement owncloud/web#8503: Beautify file version list
- Enhancement owncloud/web#8515: Introduce trashbin overview
- Enhancement owncloud/web#8518: Make notifications work with oCIS
- Enhancement owncloud/web#8541: Public link permission
PublicLink.Write.all
- Enhancement owncloud/web#8553: Add and remove users from groups batch actions
- Enhancement owncloud/web#8554: Beautify form inputs
- Enhancement owncloud/web#8557: Rework mobile navigation
- Enhancement owncloud/web#8566: QuickActions role configurable
- Enhancement owncloud/web#8612: Add
Accept-Language
header to all outgoing requests - Enhancement owncloud/web#8630: Add logout url
- Enhancement owncloud/web#8652: Enable guest users
- Enhancement owncloud/web#8711: Remove placeholder, add customizable label
- Enhancement owncloud/web#8713: Context helper read more link configurable
- Enhancement owncloud/web#8715: Enable rename groups
- Enhancement owncloud/web#8730: Create Space from selection
- Enhancement owncloud/web#8738: GDPR export
- Enhancement owncloud/web#8762: Stop bootstrapping application earlier in anonymous contexts
- Enhancement owncloud/web#8766: Add support for read-only groups
- Enhancement owncloud/web#8790: Custom translations
- Enhancement owncloud/web#8797: Font family in theming
- Enhancement owncloud/web#8806: Preview app sorting
- Enhancement owncloud/web#8820: Adjust missing reshare permissions message
- Enhancement owncloud/web#8822: Fix quicklink icon alignment
- Enhancement owncloud/web#8826: Admin settings groups members panel
- Enhancement owncloud/web#8868: Respect user read-only configuration by the server
- Enhancement owncloud/web#8876: Update roles and permissions names, labels, texts and icons
- Enhancement owncloud/web#8882: Layout of Share role and expiration date dropdown
- Enhancement owncloud/web#8883: Webfinger redirect app
- Enhancement owncloud/web#8898: Rename "Quicklink" to "link"
- Enhancement owncloud/web#8911: Add notification setting to account page
#6234
https://github.com/owncloud/web/releases/tag/v7.0.0-rc.36 -
Enhancement - Use Accept-Language Header: #5918
Use the
Accept-Language
header instead of the customPrefered-Language
-
Enhancement - Use gotext master: #5867
We needed to use forked version until our upstream changes were merged
-
Enhancement - Userlog: #5699
Enhance userlog service with proper api and messages
-
Enhancement - Userlog Service: #5610
Introduces userlog service. It stores eventIDs the user is interested in and provides an API to
retrieve the events. -
Enhancement - Determine the users language to translate via Transifex: #6089
#6087
#6089
Enhance
userlog
service
with
proper
api
and
messages -
Enhancement - Web options configuration: #6188
Hardcode web options instead of using a generic
map[string]interface{}