Groupfolder permissions do not match webdav permissions

[tcoupin]

How to use GitHub

• Please use the 👍 reaction to show that you are affected by the same issue.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

Steps to reproduce

Giving a user "tom" and a group "users" (tom is in users):

1. Create groupfolder "GP" with write, share and delete permissions to group "users", enable advanced permissions to admin group
2. As admin, create follwing folders with permissions:

www-data@0761526c0c2c:~/html$ ./occ groupfolders:permission 1
+-----------------+--------------+-----------------------------------------+
| Path            | User/Group   | Permissions                             |
+-----------------+--------------+-----------------------------------------+
| /               | group: users | +read, -write, -create, -delete, -share |
| folder          | user: tom    | +read, +write, +create, +delete, +share |
| folder/todelete | group: users | +read, -write, -create, -delete, -share |
+-----------------+--------------+-----------------------------------------+

3. Set acl-inherit-per-user to true: occ config:app:set groupfolders acl-inherit-per-user --value true
4. Verify permisisons for tom:

./occ groupfolders:permission -u tom -t 1 folder/todelete
+read, +write, +create, +delete, +share

Expected behaviour

Tom has "delete folder" item in the contextual menu and can delete folder folder/todelete

Actual behaviour

Tom has "delete folder" item in the contextual menu but can not delete folder folder/todelete :

DELETE /remote.php/dav/files/tom/test/folder/todelete

<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
  <s:exception>Sabre\DAV\Exception\Forbidden</s:exception>
  <s:message/>
</d:error>

Server configuration

Operating system: docker image (debian)

Web server: apache

Database: sqlite

PHP version: 8.2.17

Nextcloud version: (see Nextcloud admin page) 27.1.11

Group folders version: v15.3.8

Updated from an older Nextcloud/ownCloud or fresh install: fresh install, but I have the same behavior on my production updated to 27.1.11

Where did you install Nextcloud from: docker image

Are you using external storage, if yes which one: no

**Are you using encryption:**no

Are you using an external user-backend, if yes which one: not on my lab, yes on production (OpenId Connect)

Client configuration

Browser: firefox ESR

Operating system: macOS

Logs

Web server error log

Web server error log

192.168.65.1 - - [30/Jul/2024:13:20:40 +0000] "DELETE /remote.php/dav/files/tom/test/folder/todelete HTTP/1.1" 403 780 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0"

Nextcloud log (data/nextcloud.log)

Nextcloud log

{"reqId":"Xu1v7tPwwxP5J8FA528N","level":0,"time":"2024-07-30T13:20:40+00:00","remoteAddr":"192.168.65.1","user":"tom","app":"webdav","method":"DELETE","url":"/remote.php/dav/files/tom/test/folder/todelete","message":"Exception thrown: Sabre\\DAV\\Exception\\Forbidden","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0","version":"27.1.7.2","exception":{"Exception":"Sabre\\DAV\\Exception\\Forbidden","Message":"","Code":0,"Trace":[{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Tree.php","line":179,"function":"delete","class":"OCA\\DAV\\Connector\\Sabre\\Directory","type":"->","args":[]},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":281,"function":"delete","class":"Sabre\\DAV\\Tree","type":"->","args":["files/tom/test/folder/todelete"]},{"file":"/var/www/html/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"httpDelete","class":"Sabre\\DAV\\CorePlugin","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":472,"function":"emit","class":"Sabre\\DAV\\Server","type":"->","args":["method:DELETE",[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]]},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"/var/www/html/apps/dav/lib/Server.php","line":368,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"/var/www/html/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->","args":[]},{"file":"/var/www/html/remote.php","line":172,"args":["/var/www/html/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],"File":"/var/www/html/apps/dav/lib/Connector/Sabre/Directory.php","Line":309,"message":"","exception":{},"CustomMessage":"Exception thrown: Sabre\\DAV\\Exception\\Forbidden"}}

Browser log

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) ...