BG 44883: Allows anonymous user to start download job in container and allows anonymous user to see the notification center

[matheuszych]

https://mantis.ilias.de/view.php?id=44883

Aims to allow anonymous user to start download job in container and allow anonymous user to see the notification center.
@thojou @mjansenDatabay

[matheuszych]

@matthiaskunkel
I believe this is not a trivial change and should be discussed by the Jour Fixe. Please correct me if i am wrong about this.

Agenda note (Jour Fixe):

Decision needed: Enable anonymous users to perform the “Download Multiple Objects” action (Container) and to view Notifications (Notifications). This alters default ILIAS behavior and affects two components. The current UI already shows the download button but denies execution. Even if execution were permitted, the user would not be shown the download link. Should both actions be available to anonymous users? Otherwise, the “Download Multiple Objects” action should probably not be shown to anonymous users in the first place.

[mjansenDatabay]

Hi @matheuszych ,

I have a question: If you as anonymous person A initiated a multi-download in the graphical user interface, and this task is then successfully processed by the ILIAS background tasks, how do you ensure that anonymous person B does not see the processed item in the notification center? AFAIK there is currently no concept of identifiable anonymous initiators for background tasks. Seeing finalized background tasks of other individuals would be confusing IMO. We should not do this.

Even if we decide to propose a concept of identifiable anonymous initiators for background tasks, I strongly recommend protecting the downloadObject command by adding permissions checks.
It might be the case that such permission checks are already missing. However, even if we want to allow the Anonymous user to trigger a multi-download (which can of course cause load/work on the server(s) and consume a lot of disk space), this feature should only available (IMO) if the current actor is assigned to at least one ILIAS role with granted access to the multi-download of files/folders (maybe read is sufficient here, but this is the decision of the authority/domain where the multi-download functionality is currently offered). The Anonymous user is (or should be) always assigned to the Anonymous role (obj_id = 14), so granting required permissions should be possible

Best regards,
Michael

[matheuszych]

Hello @mjansenDatabay ,

thank you for your feedback!

I just tested the behavior you described, and unfortunately it works exactly as you said: anonymous user B can see anonymous user A’s notification (background task). This is not only confusing but also poses a spam risk for other users. This definitely would need to be addressed. For example via session tracking, where regular users could be allowed multiple simultaneous sessions, whereas each anonymous-user session would be isolated and treated as a separate user.

The file object has its own permission set. There, you can configure whether anonymous users have the “Visible” and “Read” permissions.

The “Visible” permission lets a user see that a file exists, its name, file type, size, and upload date. It also displays the message: “To access this item you need to be logged in and have appropriate permissions.”
To view and download the file, the user additionally needs the “Read” permission. Therefore, it is up to the file owner to allow anonymous users to download it.

Currently, all ilContainerGUI::downloadObject calls are blocked for anonymous users, regardless of their permissions. However, with the appropriate permissions, they can still download specific individual files, just not in bulk.

The easiest approach here would be to hide the “Download Multiple Objects” action for anonymous users. They could still download the files one by one (with correct permissions).

Best regards
@matheuszych