The D.O.C. needs to facilitate editing and viewing of documents on the server rather than on the local client.

Checklist:

• Implement DocumentFileModel:
• Local file creation
• Implement MS Office URI Scheme
• Implement API endpoints for kownsl/zac/etc to talk to:
• Update ZAC to only do permission checks(?) and send request to D.O.C.
• Implement ZGW Auth like kownsl so that users from external API's can be identified.

Visualization

After deploying, trying to create the superuser:

Gebruikersnaam: sergei
Password: 
Password (again): 
Traceback (most recent call last):
  File "src/manage.py", line 24, in <module>
    execute_from_command_line(sys.argv)
  File "/usr/local/lib/python3.8/site-packages/django/core/management/__init__.py", line 381, in execute_from_command_line
    utility.execute()
  File "/usr/local/lib/python3.8/site-packages/django/core/management/__init__.py", line 375, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 323, in run_from_argv
    self.execute(*args, **cmd_options)
  File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 61, in execute
    return super().execute(*args, **options)
  File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 364, in execute
    output = self.handle(*args, **options)
  File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 156, in handle
    self.UserModel._default_manager.db_manager(database).create_superuser(**user_data)
TypeError: create_superuser() missing 1 required positional argument: 'email'
Sentry is attempting to send 0 pending error messages
Waiting up to 2 seconds
Press Ctrl-C to quit
command terminated with exit code 1

Context: GemeenteUtrecht/ZGW#684

When the user is done editing the document and the record is DELETEd through the API, the API should not respond with a
HTTP 204 (empty body), but rather return the URL of the updated document from the Documenten API, including the ?versie= parameter.

The MS Office WebDAV clients seems to need to be able to crawl down to the parent directory of the resource in order to function correctly. This leads to a potential security issue if all documents of every user are stored in the same directory.

To secure this potential leak from happening a subfolder from a private media directory is created that is related to the username of the user making the request (root/some-path/private-media-root/username/public/filename.file_extension). (I.e., this is based on the premise that users should be able to see all their documents for as long as they exist in that particular folder).

The owner of the link can still see the entire folder with all the user's documents with a GET request and might even be able to potentially do a POST request, which at that point in time is most likely malicious.

To secure this all requests but the OPTIONS for a path to the parent directory of the file should be forbidden.

Do you agree?