Projects tigase _server tigase-http-api Issues #110
Add support for querying and managing uploaded files (#110)
Closed
Andrzej Wójcik (Tigase) opened 4 years ago

HTTP File Upload component implemented according to the XEP-0363: HTTP File Upload does not provide any way to manage uploaded files. It would be good to have a way to:

  • count used space
  • browse uploaded files
  • delete uploaded files
Andrzej Wójcik (Tigase) commented 4 years ago

It would be good to consider browsing files with querying by mime type, name and being able to have paginated results.

The best would be to use ad-hoc commands for that and use <reported/> to return results.

Andrzej Wójcik (Tigase) commented 4 years ago

I've created ad-hoc commands for managing uploaded files:

  1. For ADMIN: 1.1. Query used space by files of a user (node: query-space-used-admin) You need to enter user jid (into jid field) to fetch this data. Value will be returned in the form in used-space field. 1.2. Query used space by files of users from a domain (node: query-space-used-domain) You need to enter domain (into domain field) and value will be returned in used-space form field. 1.3. Query files uploaded by user/users of a domain (node: query-files-admin) You need to select a type of a query (files of a user or files from a domain users). Then you enter jid of a user or domain to query. You need to submit a form to retrieve list of files (from the oldest) returned as a list of <item/> elements in the form (one for each returned slot). Headers for those results are in <reported/> element (as specified at https://xmpp.org/extensions/xep-0050.html#execute see example 9) most of the fields are easy to understand. Additionally, there is url which has url for downloading file and id (id of a slot) which can be used as a value for after-id form field to retrieve next results. limit field returns number of items returned in each request. (Slots are returned from the oldest to the newest). 1.4. Remove file (node: delete-slot-admin) To remove a file, you need to fill a form with slot-id (id of a file slot to remove) and jid (jid of the owner/uploader of the file) and submit the form.
  2. For USER: 2.1. Query used space by files of a user (node: query-space-used) After execution (no form to fill), the value will be returned in the form in used-space field. 2.2. Query files uploaded by user (node: query-files) Then you enter jid of a user and then you need to submit a form to retrieve list of files (from the oldest) returned as a list of <item/> elements in the form (one for each returned slot). Headers for those results are in <reported/> element (as specified at https://xmpp.org/extensions/xep-0050.html#execute see example 9) most of the fields are easy to understand. Additionally, there is url which has url for downloading file and id (id of a slot) which can be used as a value for after-id form field to retrieve next results. limit field returns number of items returned in each request. (Slots are returned from the oldest to the newest). 2.3. Remove file (node: delete-slot) To remove a file, you need to fill a form with slot-id (id of a file slot to remove) and submit the form.

NOTE: Each form can be submitted in a single step. If you know the form on the last step you can prepare a form on the client side and just send it in the initial request to the server to speed up processing (no need to wait for a server to return a form).

I'm assigning this to @wojtek to review changes related to project and bumped dependency versions.

@kobit Please review my comment and let me know if that is what you expected to have.

Basically, the admin can:

  1. Query space used by user or by domain
  2. Browse uploaded files (slots) of any user
  3. Remove file of any user

The user can:

  1. Query space used by his files
  2. Browse his files
  3. Remove his files

Note: We do use ACL for ad-hoc commands, so those commands need to be configured to be executed by DOMAIN_ADMIN - for admin commands, and LOCAL for user commands.

Artur Hefczyc commented 4 years ago

All seems correct.

I understand that to get files shared with a user, the user would use the extended MAM protocol and other XEPs?

Andrzej Wójcik (Tigase) commented 4 years ago

@kobit Yes, you are correct. That is just for managing files uploaded by the user (or users of a domain). While for user most of the browsing might be done with UA (MAM+extensions), I've implemented this one as it can still be useful i.e. for domain owners or admins.

wojciech.kapcia@tigase.net commented 4 years ago

@andrzej.wojcik one (nitpick) question - wouldn't it be prudent to merge query-space-used-admin and query-space-used-domain into a single command (akin query-files command) and possibly give result based on input (JID with or without localpart) or re-utilise QueryFilesCommandAdmin.QueryType from query-file?

Note: We do use ACL for ad-hoc commands, so those commands need to be configured to be executed by DOMAIN_ADMIN - for admin commands, and LOCAL for user commands.

Haven't we talked about extending the API with "default adhoc ACL"?

I went over the code and it looks ok.

Andrzej Wójcik (Tigase) commented 4 years ago

@wojtek

one (nitpick) question - wouldn't it be prudent to merge query-space-used-admin and query-space-used-domain into a single command (akin query-files command) and possibly give result based on input (JID with or without localpart) or re-utilise QueryFilesCommandAdmin.QueryType from query-file?

I thought that we may need/want to add some additional data to query-space-used-domain or give access to this command to non-admins and ie. users or managers (not always with admins rights) - people without rights to query other user files or space of used by files uploaded by others.

Note: We do use ACL for ad-hoc commands, so those commands need to be configured to be executed by DOMAIN_ADMIN - for admin commands, and LOCAL for user commands.

Haven't we talked about extending the API with "default adhoc ACL"?

Yes, we talked about it, but I did not follow up on this idea, so it is not implemented.

wojciech.kapcia@tigase.net commented 4 years ago

@andrzej.wojcik please squash and merge the changes.

Andrzej Wójcik (Tigase) commented 4 years ago

I've squashed changes and merged them into master branch.

issue 1 of 1
Type
Task
Priority
Normal
Assignee
Version
tigase-server-8.2.0
Issue Votes (0)
Watchers (0)
Reference
tigase/_server/tigase-http-api#110
Please wait...
Page is in error, reload to recover