Groupfolder permissions do not match webdav permissions

Question

Groupfolder permissions do not match webdav permissions

tcoupin opened this issue 4 months ago · 0 comments

tcoupin commented 4 months ago

How to use GitHub

Please use the 👍 reaction to show that you are affected by the same issue.
Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
Subscribe to receive notifications on status change and new comments.

Steps to reproduce

Giving a user "tom" and a group "users" (tom is in users):

Create groupfolder "GP" with write, share and delete permissions to group "users", enable advanced permissions to admin group
As admin, create follwing folders with permissions:

www-data@0761526c0c2c:~/html$ ./occ groupfolders:permission 1
+-----------------+--------------+-----------------------------------------+
| Path            | User/Group   | Permissions                             |
+-----------------+--------------+-----------------------------------------+
| /               | group: users | +read, -write, -create, -delete, -share |
| folder          | user: tom    | +read, +write, +create, +delete, +share |
| folder/todelete | group: users | +read, -write, -create, -delete, -share |
+-----------------+--------------+-----------------------------------------+

Set acl-inherit-per-user to true: occ config:app:set groupfolders acl-inherit-per-user --value true
Verify permisisons for tom:

./occ groupfolders:permission -u tom -t 1 folder/todelete
+read, +write, +create, +delete, +share

Expected behaviour

Tom has "delete folder" item in the contextual menu and can delete folder folder/todelete

Actual behaviour

Tom has "delete folder" item in the contextual menu but can not delete folder folder/todelete :

DELETE /remote.php/dav/files/tom/test/folder/todelete

<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
  <s:exception>Sabre\DAV\Exception\Forbidden</s:exception>
  <s:message/>
</d:error>

Server configuration

Operating system: docker image (debian)

Web server: apache

Database: sqlite

PHP version: 8.2.17

Nextcloud version: (see Nextcloud admin page) 27.1.11

Group folders version: v15.3.8

Updated from an older Nextcloud/ownCloud or fresh install: fresh install, but I have the same behavior on my production updated to 27.1.11

Where did you install Nextcloud from: docker image

Are you using external storage, if yes which one: no

**Are you using encryption:**no

Are you using an external user-backend, if yes which one: not on my lab, yes on production (OpenId Connect)

Client configuration

Browser: firefox ESR

Operating system: macOS

Logs

Web server error log

192.168.65.1 - - [30/Jul/2024:13:20:40 +0000] "DELETE /remote.php/dav/files/tom/test/folder/todelete HTTP/1.1" 403 780 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0"

Nextcloud log (data/nextcloud.log)

Nextcloud log

{"reqId":"Xu1v7tPwwxP5J8FA528N","level":0,"time":"2024-07-30T13:20:40+00:00","remoteAddr":"192.168.65.1","user":"tom","app":"webdav","method":"DELETE","url":"/remote.php/dav/files/tom/test/folder/todelete","message":"Exception thrown: Sabre\\DAV\\Exception\\Forbidden","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0","version":"27.1.7.2","exception":{"Exception":"Sabre\\DAV\\Exception\\Forbidden","Message":"","Code":0,"Trace":[{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Tree.php","line":179,"function":"delete","class":"OCA\\DAV\\Connector\\Sabre\\Directory","type":"->","args":[]},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":281,"function":"delete","class":"Sabre\\DAV\\Tree","type":"->","args":["files/tom/test/folder/todelete"]},{"file":"/var/www/html/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"httpDelete","class":"Sabre\\DAV\\CorePlugin","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":472,"function":"emit","class":"Sabre\\DAV\\Server","type":"->","args":["method:DELETE",[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]]},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"/var/www/html/apps/dav/lib/Server.php","line":368,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"/var/www/html/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->","args":[]},{"file":"/var/www/html/remote.php","line":172,"args":["/var/www/html/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],"File":"/var/www/html/apps/dav/lib/Connector/Sabre/Directory.php","Line":309,"message":"","exception":{},"CustomMessage":"Exception thrown: Sabre\\DAV\\Exception\\Forbidden"}}

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) ...