Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

restriction based on tags not only applies to tagged folder but also to its first ascendant. #421

Closed
maximelehericy opened this issue Sep 17, 2023 · 5 comments
Closed

restriction based on tags not only applies to tagged folder but also to its first ascendant. #421

maximelehericy opened this issue Sep 17, 2023 · 5 comments
Labels
regression

Comments

@maximelehericy
Copy link

maximelehericy commented Sep 17, 2023
edited
Loading

Steps to reproduce

  1. As an admin, create a group grouptest, a restricted tag tagtest.
  2. Create the following folder structure and apply the tag tagtest on level 3:
  • level 1
    • level 2
      • level 3 (tagtest)
  1. create a file access control rule as follow: if folder is tagged with tagtest and user is not member of grouptest then block access to the file
  2. share the level1 folder with Bob who is NOT member of grouptest
  3. As Bob, go into level 1 folder.
  4. Try to go inside level 2 folder

Expected behaviour

Bob should be able to go inside level 2, and should see level 3 greyed out

Actual behaviour

Going into level 2 raise a forbidden operation error to Bob.

The main issue is that if Bob should access data inside level 2 folder other than the level 3 folder, he can't anymore :/

Server configuration

Operating system:

Web server:

Database:

PHP version:

Nextcloud version: (see Nextcloud admin page) 27.1.0

Where did you install Nextcloud from:
t.nc.c

Signing status:

Login as admin user into your Nextcloud and access
http://example.com/index.php/settings/integrity/failed
paste the results here.

List of activated apps:

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder

Nextcloud configuration:

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder

or

Insert your config.php content here
Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …)

Are you using external storage, if yes which one: local/smb/sftp/...

Are you using encryption: yes/no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...

Client configuration

Browser:

Operating system:

Logs

Nextcloud log (data/owncloud.log)

Insert your Nextcloud log here

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) ...
@nickvergessen
Copy link
Member

Definitely a regression and not meant to be that way. But can confirm.

My home instance is not usable anymore because I have a blocked folder in my root.

@maximelehericy
Copy link
Author

@icewind1991 told me it has been fixed and should be shipped soon

@icewind1991
Copy link
Member

nextcloud/server#40473

@nickvergessen
Copy link
Member

Let me try to write an integration test to test this in the future with this app here

@nickvergessen
Copy link
Member

Okay, can't find a way and the patch is working, so closing this here for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
regression
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nickvergessen @icewind1991 @maximelehericy