Allow public page access to apps with group restrictions

[julien-nc]

This PR is related to #6962, #5309, nextcloud/polls#225 and phonetrack-oc/#78.

It allows non-logged user to access public pages of applications restricted to a group.

It does not fix the following problem : Logged-in users who are not in the authorized group cannot access public pages of an app. They are redirected to "Files" app.

I ran unit tests with autotest.sh and there were two unrelated errors :

There were 2 failures:                                                                
                                                                                      
1) Test\LargeFileHelperGetFileSizeTest::testGetFileSizeViaCurl with data set #0 ('/var/www/html/ncdev/tests/dat...em.txt', 446)
Failed asserting that null is identical to 446.                                                                      
                                                                                                                                                                             
/var/www/html/ncdev/tests/lib/LargeFileHelperGetFileSizeTest.php:53                                                      
                                                                                                                                                         
2) Test\LargeFileHelperGetFileSizeTest::testGetFileSizeViaCurl with data set #1 ('/var/www/html/ncdev/tests/dat...2).txt', 446)
Failed asserting that null is identical to 446.                                       
                                                                                                                                                                             
/var/www/html/ncdev/tests/lib/LargeFileHelperGetFileSizeTest.php:53

[MorrisJobke]

It allows non-logged user to access public pages of applications restricted to a group.

I'm still unsure if this is the right approach, because the app could be disabled. On the other side the app code is only loaded if the app is enabled at all. Just thinking about possible side effects.

cc @rullzer @nickvergessen @blizzz

[MorrisJobke]

CI failure is unrelated and fixed in master.

[rullzer]

If the app is not enabled we also cna't route anywhere ;)

Let me think about this a bit. And add test cases at least. (I want all our security middleware to be properly unit tested at the very least).

[nickvergessen]

Also not a big fan of this.
I get the idea, but logicwise it makes less sense to me.

[MorrisJobke]

Also not a big fan of this.
I get the idea, but logicwise it makes less sense to me.

I still see the point. Sometimes you have public pages (i.e. an external API endpoint that is authenticated but you want the pages that are shown internally only show to a limited group).

[julien-nc]

To help you picture the two problems :

I want to restrict Gallery app to a group. In Gallery, I generate a share link for a directory. For visitors who are not logged in, this link leads to a page saying : App is not enabled. For users who are not in the allowed group, there is a redirection to Files app.

In my opinion, visitors and any user should be able to visit any public page even if it comes from an app which is restricted to a group.

This problem does not exist with the File app which can't be restricted to a group.

[rullzer]

Ok let me fix some tests here and then lets do it.

[codecov]

Codecov Report

Merging #8593 into master will increase coverage by 0.06%.
The diff coverage is 100%.

@@             Coverage Diff              @@
##             master    #8593      +/-   ##
============================================
+ Coverage     51.87%   51.94%   +0.06%     
- Complexity    25406    25407       +1     
============================================
  Files          1609     1609              
  Lines         95296    95296              
  Branches       1378     1378              
============================================
+ Hits          49437    49500      +63     
+ Misses        45859    45796      -63

Impacted Files	Coverage Δ	Complexity Δ
...amework/Middleware/Security/SecurityMiddleware.php	77.38% <100%> (ø)	27 <0> (+1)	⬆️
apps/files_trashbin/lib/Trashbin.php	72.46% <0%> (-0.25%)	136% <0%> (ø)
lib/private/Files/ObjectStore/SwiftFactory.php	52.87% <0%> (+52.87%)	35% <0%> (ø)	⬇️
lib/private/Files/ObjectStore/Swift.php	75% <0%> (+75%)	8% <0%> (ø)	⬇️

[rullzer]

fine by me now

[MorrisJobke]

Added code looks good and it CI failure is unrelated.

[julien-nc]

Thanks a lot for having considered this PR !

[rullzer]

@eneiluj sure. And feel free to submit more :)

[nickvergessen]

Well this changes the definition of the "Enable for groups", please add to the dev notes and make sure it ends up in the release notes.

[MorrisJobke]

Well this changes the definition of the "Enable for groups", please add to the dev notes and make sure it ends up in the release notes.

Yes - already on it