Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Files cannot be saved if in a group folder owned by a different user #691

Closed
nikkilocke opened this issue Sep 13, 2022 · 2 comments
Closed

Files cannot be saved if in a group folder owned by a different user #691

nikkilocke opened this issue Sep 13, 2022 · 2 comments
Labels
duplicate This issue or pull request already exists

Comments

@nikkilocke
Copy link

I have the group_folders app (and file_versions) in my Nextcloud.

User A is a member of group G, which has a group folder.
User A shares a subdirectory of the group folder with group H (read-write).
User B is a member of group H, so can see the share,
User B opens a docx file in the shared folder, edits it, and attempts to save it.
The save fails.

I have spent a couple of days tracking down the issue. It appears to be in callbackcontroller.php function track.

Extract from code:

        $user = $this->userManager->get($userId);
        if (!empty($user)) {
            \OC_User::setUserId($userId);
        } else {
            if (empty($shareToken)) {
                $this->logger->error("Track without token: $fileId status $status", ["app" => $this->appName]);
                return new JSONResponse(["message" => $this->trans->t("Access denied")], Http::STATUS_FORBIDDEN);
            }

            $this->logger->debug("Track $fileId by token for $userId", ["app" => $this->appName]);
        }

Later on:

        // owner of file from the callback link
        $ownerId = $hashData->ownerId;
        $owner = $this->userManager->get($ownerId);

        if (!empty($owner)) {
            $userId = $ownerId;
        } else {
            $callbackUser = $this->userManager->get($callbackUserId);

            if (!empty($callbackUser)) {
                // author of the callback link
                $userId = $callbackUserId;

                // path for author of the callback link
                $filePath = $hashData->filePath;
            }
        }

        if (!empty($userId)) {
            \OC_Util::setupFS($userId);
        }

Unfortunately, group folder mount points seem to be created for the user set in \OC_User::setUserId($userId); rather than the one passed to \OC_Util::setupFS($userId);.

Moving the call to \OC_User::setUserId($userId); to just before the one to \OC_Util::setupFS($userId); enables the file to be saved (but I guess might have unintended consequences if file modofications are logged to the user?).

Presumably passing the user's id instead of the owner's to setupFS would also work - is there a good reason why you set up the file system as the owner rather than the user?
@nikkilocke
Copy link
Author

An alternative fix is not to use the owner id at all.
Not sure why you do that anyway.

@LinneyS LinneyS added the duplicate This issue or pull request already exists label Oct 4, 2022
@LinneyS
Copy link
Member

LinneyS commented Oct 4, 2022

#660

@LinneyS LinneyS closed this as completed Oct 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate This issue or pull request already exists
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nikkilocke @LinneyS