Regenerate and revoke shared links

Emmanuel

Problem

Currently, when a CryptPad document is shared via a link, anyone possessing that link can continue accessing the document according to the permissions associated with it. If a link is accidentally disclosed, shared too broadly, or needs to be withdrawn, the only workaround is often to create a new document and migrate the content.

Proposed Feature

For each existing share link, add the ability to:

Revoke the link, immediately invalidating it.
Regenerate the link, creating a new URL with the same permissions while invalidating the previous one.
Optionally perform these actions separately for each link type associated with the document.

Example

A user creates an edit link and sends it to a project team.

Later, the user discovers that the link has circulated outside the intended group.

Instead of duplicating the document, the user could:

Open the Share dialog.
Select the affected edit link.
Click Revoke or Regenerate.
Send the newly generated link to the intended collaborators.

The document, its history, comments, and associated data would remain unchanged.

Benefits

Better control over document access.
Reduced impact of accidental link disclosure.
Simpler administration of long-lived collaborative documents.
Avoids unnecessary duplication of pads and loss of continuity.

Fabrice

Hello,

Thanks for your feedback, it was actually experimented a few years ago along with a prototype: https://blueprints.cryptpad.org/prototypes/revocation/

However we can’t give ETA on when it will be integrated in the product as we don’t have the financial capacities right now to prioritize this :/

Emmanuel

Thanks for the pointer!

The prototype seems to address the underlying revocation problem. The user-facing feature I would find most useful is the ability to revoke and regenerate existing sharing links (view, edit, presentation, etc.) directly from the Share dialog.

Good to know this has already been explored, even if there is no ETA yet.