Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nested Groupfolder Desktop Client Sync Exclusion via Flow - Access Denied #3423

Open
mpivchev opened this issue Nov 13, 2024 · 1 comment
Open

Nested Groupfolder Desktop Client Sync Exclusion via Flow - Access Denied #3423

mpivchev opened this issue Nov 13, 2024 · 1 comment
Assignees
@artonge
Labels
0. Needs triage Issues that need to be triaged bug

Comments

@mpivchev
Copy link

mpivchev commented Nov 13, 2024
edited
Loading

Steps to reproduce

  1. Create a Invisible Tag named "Client"
  2. Create create a toplevel Groupfolder eg. "Mainfolder"
  3. Create a Subgroupfolder named Mainfolder/Subfolder
  4. Give permissions to both folders to our main Usergroup "users"
  5. Tag the toplevel Folder with the "Client" tag
  6. Create File Access Control Flow which targets Dekstop Client Userstring and the grouptag "Client"
  7. Connect a Desktop Client to the server and try to sync.

Expected behaviour

If just the topmost groupfolder is tagged and we want to add a folder to sync in the Desktop Client we get Access Denied. This is resolved if we manually also tag the subgroupfolder.

Actual behaviour

As in the documentation states (https://docs.nextcloud.com/server/latest/admin_manual/file_workflows/access_control.html#available-rules-label) the rules should work for the tagged folder itself and its contents. In the documentation the following is stated: "File collaborative tag: Either the file itself, or any of the file owner’s parent folders needs to be tagged with the tag." So this should work if we just tag the topmost groupfolder.

Server configuration

Operating system: Linux 5.15.0-122-generic

Web server: Apache/2.4.52 (Ubuntu) (fpm-fcgi)

Database: mysql 10.11.8

PHP version: 8.3.11

Nextcloud version: (see Nextcloud admin page) 29.0.7 Enterprise

Group folders version: 17.0.3

Updated from an older Nextcloud/ownCloud or fresh install:

Where did you install Nextcloud from:

Are you using external storage, if yes which one: local/s3/smb/sftp/...

Are you using encryption: no

Are you using an external user-backend, if yes which one: SAML

Client configuration

Browser:

Operating system: iOS 18/MacOS Sonoma 14.6.1

Logs

Web server error log

Web server error log 
{"reqId":"ynVgToRNLEFX0RSaqZCx","level":3,"time":"2024-11-08T10:16:48+00:00","remoteAddr":"10.1.241.170","user":"nc-admin","app":"webdav","method":"PROPFIND","url":"/remote.php/dav/files/nc-admin/","message":"Access denied","userAgent":"Mozilla/5.0 (Windows) mirall/3.14.13.14-Win64 (build 20240927) (Nextcloud, windows-10.0.22631 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"29.0.8.2","exception":{"Exception":"OCP\\Files\\ForbiddenException","Message":"Access denied","Code":0,"Trace":[{"file":"/var/www/nextcloud/apps/files_accesscontrol/lib/StorageWrapper.php","line":60,"function":"checkFileAccess","class":"OCA\\FilesAccessControl\\Operation","type":"->"},{"file":"/var/www/nextcloud/apps/files_accesscontrol/lib/StorageWrapper.php","line":75,"function":"checkFileAccess","class":"OCA\\FilesAccessControl\\StorageWrapper","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/View.php","line":1171,"function":"mkdir","class":"OCA\\FilesAccessControl\\StorageWrapper","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/View.php","line":247,"function":"basicOperation","class":"OC\\Files\\View","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/View.php","line":1536,"function":"mkdir","class":"OC\\Files\\View","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Node/Folder.php","line":106,"function":"getDirectoryContent","class":"OC\\Files\\View","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/Directory.php","line":261,"function":"getDirectoryListing","class":"OC\\Files\\Node\\Folder","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Tree.php","line":218,"function":"getChildren","class":"OCA\\DAV\\Connector\\Sabre\\Directory","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":900,"function":"getChildren","class":"Sabre\\DAV\\Tree","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":982,"function":"generatePathNodes","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":1662,"function":"getPropertiesIteratorForPath","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":1647,"function":"writeMultiStatus","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":346,"function":"generateMultiStatus","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"httpPropFind","class":"Sabre\\DAV\\CorePlugin","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":472,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/Server.php","line":61,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"OCA\\DAV\\Connector\\Sabre\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Server.php","line":393,"function":"exec","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/remote.php","line":172,"args":["/var/www/nextcloud/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],"File":"/var/www/nextcloud/apps/files_accesscontrol/lib/Operation.php","Line":106,"message":"Access denied","exception":{},"CustomMessage":"Access denied"}}
{"reqId":"nM6F2UQipfyjWugXBSTg","level":3,"time":"2024-11-08T10:16:57+00:00","remoteAddr":"10.1.241.170","user":"nc-admin","app":"webdav","method":"PROPFIND","url":"/remote.php/dav/files/nc-admin/","message":"Access denied","userAgent":"Mozilla/5.0 (Windows) mirall/3.14.13.14-Win64 (build 20240927) (Nextcloud, windows-10.0.22631 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"29.0.8.2","exception":{"Exception":"OCP\\Files\\ForbiddenException","Message":"Access denied","Code":0,"Trace":[{"file":"/var/www/nextcloud/apps/files_accesscontrol/lib/StorageWrapper.php","line":60,"function":"checkFileAccess","class":"OCA\\FilesAccessControl\\Operation","type":"->"},{"file":"/var/www/nextcloud/apps/files_accesscontrol/lib/StorageWrapper.php","line":75,"function":"checkFileAccess","class":"OCA\\FilesAccessControl\\StorageWrapper","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/View.php","line":1171,"function":"mkdir","class":"OCA\\FilesAccessControl\\StorageWrapper","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/View.php","line":247,"function":"basicOperation","class":"OC\\Files\\View","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/View.php","line":1536,"function":"mkdir","class":"OC\\Files\\View","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Node/Folder.php","line":106,"function":"getDirectoryContent","class":"OC\\Files\\View","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/Directory.php","line":261,"function":"getDirectoryListing","class":"OC\\Files\\Node\\Folder","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Tree.php","line":218,"function":"getChildren","class":"OCA\\DAV\\Connector\\Sabre\\Directory","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":900,"function":"getChildren","class":"Sabre\\DAV\\Tree","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":982,"function":"generatePathNodes","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":1662,"function":"getPropertiesIteratorForPath","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":1647,"function":"writeMultiStatus","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":346,"function":"generateMultiStatus","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"httpPropFind","class":"Sabre\\DAV\\CorePlugin","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":472,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/Server.php","line":61,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"OCA\\DAV\\Connector\\Sabre\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Server.php","line":393,"function":"exec","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/remote.php","line":172,"args":["/var/www/nextcloud/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],"File":"/var/www/nextcloud/apps/files_accesscontrol/lib/Operation.php","Line":106,"message":"Access denied","exception":{},"CustomMessage":"Access denied"}}
{"reqId":"16RNGIRxQrN8EBQIoqHN","level":3,"time":"2024-11-08T10:17:21+00:00","remoteAddr":"10.1.241.170","user":"nc-admin","app":"webdav","method":"PROPFIND","url":"/remote.php/dav/files/nc-admin/","message":"Access denied","userAgent":"Mozilla/5.0 (Windows) mirall/3.14.13.14-Win64 (build 20240927) (Nextcloud, windows-10.0.22631 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"29.0.8.2","exception":{"Exception":"OCP\\Files\\ForbiddenException","Message":"Access denied","Code":0,"Trace":[{"file":"/var/www/nextcloud/apps/files_accesscontrol/lib/StorageWrapper.php","line":60,"function":"checkFileAccess","class":"OCA\\FilesAccessControl\\Operation","type":"->"},{"file":"/var/www/nextcloud/apps/files_accesscontrol/lib/StorageWrapper.php","line":75,"function":"checkFileAccess","class":"OCA\\FilesAccessControl\\StorageWrapper","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/View.php","line":1171,"function":"mkdir","class":"OCA\\FilesAccessControl\\StorageWrapper","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/View.php","line":247,"function":"basicOperation","class":"OC\\Files\\View","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/View.php","line":1536,"function":"mkdir","class":"OC\\Files\\View","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Node/Folder.php","line":106,"function":"getDirectoryContent","class":"OC\\Files\\View","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/Directory.php","line":261,"function":"getDirectoryListing","class":"OC\\Files\\Node\\Folder","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Tree.php","line":218,"function":"getChildren","class":"OCA\\DAV\\Connector\\Sabre\\Directory","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":900,"function":"getChildren","class":"Sabre\\DAV\\Tree","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":982,"function":"generatePathNodes","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":1662,"function":"getPropertiesIteratorForPath","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":1647,"function":"writeMultiStatus","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":346,"function":"generateMultiStatus","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"httpPropFind","class":"Sabre\\DAV\\CorePlugin","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":472,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/Server.php","line":61,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"OCA\\DAV\\Connector\\Sabre\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Server.php","line":393,"function":"exec","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/remote.php","line":172,"args":["/var/www/nextcloud/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],"File":"/var/www/nextcloud/apps/files_accesscontrol/lib/Operation.php","Line":106,"message":"Access denied","exception":{},"CustomMessage":"Access denied"}}
{"reqId":"Ke9hvBIm7L7UqxSel2aN","level":3,"time":"2024-11-08T10:17:23+00:00","remoteAddr":"10.1.241.170","user":"nc-admin","app":"webdav","method":"PROPFIND","url":"/remote.php/dav/files/nc-admin/","message":"Access denied","userAgent":"Mozilla/5.0 (Windows) mirall/3.14.13.14-Win64 (build 20240927) (Nextcloud, windows-10.0.22631 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"29.0.8.2","exception":{"Exception":"OCP\\Files\\ForbiddenException","Message":"Access denied","Code":0,"Trace":[{"file":"/var/www/nextcloud/apps/files_accesscontrol/lib/StorageWrapper.php","line":60,"function":"checkFileAccess","class":"OCA\\FilesAccessControl\\Operation","type":"->"},{"file":"/var/www/nextcloud/apps/files_accesscontrol/lib/StorageWrapper.php","line":75,"function":"checkFileAccess","class":"OCA\\FilesAccessControl\\StorageWrapper","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/View.php","line":1171,"function":"mkdir","class":"OCA\\FilesAccessControl\\StorageWrapper","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/View.php","line":247,"function":"basicOperation","class":"OC\\Files\\View","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/View.php","line":1536,"function":"mkdir","class":"OC\\Files\\View","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Node/Folder.php","line":106,"function":"getDirectoryContent","class":"OC\\Files\\View","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/Directory.php","line":261,"function":"getDirectoryListing","class":"OC\\Files\\Node\\Folder","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Tree.php","line":218,"function":"getChildren","class":"OCA\\DAV\\Connector\\Sabre\\Directory","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":900,"function":"getChildren","class":"Sabre\\DAV\\Tree","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":982,"function":"generatePathNodes","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":1662,"function":"getPropertiesIteratorForPath","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":1647,"function":"writeMultiStatus","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":346,"function":"generateMultiStatus","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"httpPropFind","class":"Sabre\\DAV\\CorePlugin","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":472,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/Server.php","line":61,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"OCA\\DAV\\Connector\\Sabre\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Server.php","line":393,"function":"exec","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/remote.php","line":172,"args":["/var/www/nextcloud/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],"File":"/var/www/nextcloud/apps/files_accesscontrol/lib/Operation.php","Line":106,"message":"Access denied","exception":{},"CustomMessage":"Access denied"}}
@mpivchev mpivchev added 0. Needs triage Issues that need to be triaged bug labels Nov 13, 2024
@provokateurin
Copy link
Member

I'm not sure if this is really Groupfolders specific, I wouldn't know why it should be different than any other folder.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@artonge artonge

Labels
0. Needs triage Issues that need to be triaged bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@artonge @mpivchev @provokateurin