Use the previously unused UnauthorizedRequestException for this, and
throw a such in StorageBase::create() when the WOPI host doesn't match
any of those configured.
In a developer debug build, without access to any real WOPI
functionality, you can test by setting the FAKE_UNAUTHORIZED
environment variable and attempting to edit a plain local file:
URI. That will cause such an exception to be thrown in that function.
Catch that UnauthorizedRequestException in
ClientRequestHandler::handleGetRequest(), and send an 'error:
cmd=internal kind=unauthorized' message to the client. Handle that in
loleaflet in the same place where the 'error: cmd=internal
kild=diskfull' message is handled, and in the same fashion, giving up
on the document.
Actually, using exceptions for relatively non-exceptional situations
like this is lame and makes understanding the code harder, but that is
just my personal preference...
FIXME: By the time StorageBase::create() gets called we have already
sent three 'statusindicator:' messages ('find', 'connect', and
'ready') to the client. We should ideally do the checks we do in
StorageBase::create() much earlier.
Also consider that ClientRequestHandler::handleClientRequest() has
code that catches UnauthorizedRequestException and
BadRequestException, and tries to set the HTTP response in those
cases. I am not sure if that functionality has ever been exercised,
though. Currently, we upgrade the HTTP connection to WebSocket early,
and only after that we check whether the WOPI host is authorized
etc. By that time it is too late to return an HTTP response to the
user. If that even is what we ideally should do? If not, then we
probably should drop the code that constructs HTTP responses and
attempts to send them.
Also, if I, as a test, force an HTTPResponse::HTTP_BAD_REQUEST to be
sent before the HTTP connection is upgraded to WebSocket, loleaflet
throws up the generic "Well, this is embarrassing" dialog anyway. At
least in Firefox on Linux. (Instead of the browser showing some own
dialog, which I was half-expecting to happen.)
.uno:TrackedChangeAuthors doesn't give correct colors for
documents other than writer, lets use our old algorithm for color
assignment for these documents.
Change-Id: If865788154a80da2637aad84183a0e947bb4b7e8
Set the mode to viewonly after the error so that user can still
see the tiles downloaded from the server, but cannot interact
anymore before server administrator fixes the disk space.
Change-Id: If03f4fabe93458672a631c020d09dcebecbb955c
- show best, average, worst, last times of
- server ping round trip
- times between key press and invalidation message
- tile based and total tile update latencies
- show data of the last five invalidation:
- tilecombine messages, if they exist
- otherwise the invalidation message
- border of the last five invalidation rectangles
- visual fixes:
- more transparent red color for better text typing
- small letters over tiles with transparent background
- black attribution text instead of gray + bottomleft position
- show invalidated rectangles with fading effect
- show last tilecombine message and cancelled tile count
- show received/requested tile updates
- fix popup handling
- custom popup style (transparent, big numbers)
- clean up
Editlock buttons have already been removed; most of this code is
unreachable/useless anyways.
Don't listen to editlock messages anymore, and always set the map
permission to edit unless specified.
Change-Id: I2ee672e72beaa48a7c6cd0bbd1c548ff10a251d1
