diff --git a/common/Session.cpp b/common/Session.cpp index c73ba78fb2..16022cdb90 100644 --- a/common/Session.cpp +++ b/common/Session.cpp @@ -238,6 +238,7 @@ void Session::parseDocOptions(const StringVector& tokens, int& part, std::string else if (name == "isAllowChangeComments") { _isAllowChangeComments = value == "true"; + ++offset; } } diff --git a/wsd/ClientRequestDispatcher.cpp b/wsd/ClientRequestDispatcher.cpp index 4e2129257b..a159e0c50d 100644 --- a/wsd/ClientRequestDispatcher.cpp +++ b/wsd/ClientRequestDispatcher.cpp @@ -576,6 +576,9 @@ void ClientRequestDispatcher::handleIncomingMessage(SocketDisposition& dispositi "access_token=" + accessDetails.accessToken(), "access_token_ttl=0" }; + if (!accessDetails.permission().empty()) + options.push_back("permission=" + accessDetails.permission()); + const RequestDetails fullRequestDetails = RequestDetails(accessDetails.wopiSrc(), options, /*compat=*/std::string()); LOG_TRC("Creating RVS with key: " << requestKey << ", for DocumentLoadURI: " diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp index 3892ecb2a2..368a5aab9e 100644 --- a/wsd/FileServer.cpp +++ b/wsd/FileServer.cpp @@ -415,7 +415,7 @@ bool FileServerRequestHandler::isAdminLoggedIn(const HTTPRequest& request, http: fileInfo->set("OwnerId", "test"); fileInfo->set("UserId", userId); fileInfo->set("UserFriendlyName", userNameString); - fileInfo->set("UserCanWrite", "true"); + fileInfo->set("UserCanWrite", (requestDetails.getParam("permission") != "readonly") ? "true": "false"); fileInfo->set("PostMessageOrigin", postMessageOrigin); fileInfo->set("LastModifiedTime", localFile->getLastModifiedTime()); fileInfo->set("EnableOwnerTermination", "true"); @@ -1013,6 +1013,7 @@ static const std::string POSTMESSAGE_ORIGIN = "%POSTMESSAGE_ORIGIN%"; static const std::string BRANDING_THEME = "%BRANDING_THEME%"; static const std::string CHECK_FILE_INFO_OVERRIDE = "%CHECK_FILE_INFO_OVERRIDE%"; static const std::string BUYPRODUCT_URL = "%BUYPRODUCT_URL%"; +static const std::string PERMISSION = "%PERMISSION%"; /// Per user request variables. /// Holds access_token, css_variables, postmessage_origin, etc. @@ -1102,6 +1103,8 @@ public: extractVariable(form, "buy_product", BUYPRODUCT_URL); + extractVariable(form, "permission", PERMISSION); + std::string buyProduct; { std::lock_guard lock(COOLWSD::RemoteConfigMutex); @@ -1504,7 +1507,7 @@ FileServerRequestHandler::ResourceAccessDetails FileServerRequestHandler::prepro socket->send(oss.str()); LOG_TRC("Sent file: " << relPath << ": " << preprocess); - return ResourceAccessDetails(wopiSrc, urv[ACCESS_TOKEN]); + return ResourceAccessDetails(wopiSrc, urv[ACCESS_TOKEN], urv[PERMISSION]); } diff --git a/wsd/FileServer.hpp b/wsd/FileServer.hpp index d62f5c157c..f4fc73d64e 100644 --- a/wsd/FileServer.hpp +++ b/wsd/FileServer.hpp @@ -80,9 +80,10 @@ public: public: ResourceAccessDetails() = default; - ResourceAccessDetails(std::string wopiSrc, std::string accessToken) + ResourceAccessDetails(std::string wopiSrc, std::string accessToken, std::string permission) : _wopiSrc(std::move(wopiSrc)) , _accessToken(std::move(accessToken)) + , _permission(std::move(permission)) { } @@ -90,10 +91,12 @@ public: const std::string wopiSrc() const { return _wopiSrc; } const std::string accessToken() const { return _accessToken; } + const std::string permission() const { return _permission; } private: std::string _wopiSrc; std::string _accessToken; + std::string _permission; }; private: