Public share middleware #5986
Description
For each app that wants to provide access to some public page the same logic has to be implemented. This is already duplicated in:
- Normal public page
- Gallery public page
But will be extended if we would add more things. Like editing with the files_texteditor on public links etc.
Now we should not duplicate this code everywhere. For obvious reasons like:
- We will mess up somewhere
- Changes at 1 point are not propagated properly
My brain fart of the evening
- We add a new (abstract) Controller: PublicShareController
- function: authenticate($token, $password = '') : TemplateResponse
- abstract function: authenticationUrl($token) : RedirectResponse
- abstract function: failedAuthentication() : TemplateResponse
- We add a new middleware: PublicShareMiddleware
- We require a route paremeter: token
The middleware will for each PublicShareController check if the the share requires authentication. And if so if that is properly set in the session. If not redirect to authenticationUrl.
If the authentication function returns false we will request a template response. And set the some parameter.
This is just a very rough brain dump. But it should kind of force some structure for PublicSharePage.
What I still need to think about:
- What if you don't have an authentication page? (the files_texteditor public endpoint?) Just a generic 403 would be enough then I think
- We could just set the share object when we have it anyway if everything passes?
@LukasReschke as discussed.