-
Notifications
You must be signed in to change notification settings - Fork 187
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
send PUT requests to another user's webDav endpoints as normal user #2759
Comments
Current ocis behavior is ok IMO. @SwikritiT Can you point out why this could be a problem for the end user? |
Yes, IMO the current oCIS behavior is OK (actually it is good - 403 Forbidden is correct) It is strange that oC10 happens to return 409 Conflict with a Sabre exception It would be nice if the oC10 code path noticed first that Brian is Forbidden in general to access the WebDav endpoint of Alice. I suggest that we:
@SwikritiT can you have a look please. (Let me know if my suggestion is rubbish) |
That sounds good. I'll do as you suggested |
core issue is owncloud/core#39597 - closing here as the "problem" is in core. The core API tests have been updated, and the core commit id update is in oCIS PR #2881 |
Describe the bug
Sending PUT request to another users' WebDav endpoints as normal user gives different status code for
oc10
andocis
Steps to reproduce
Steps to reproduce the behavior:
Alice and Brian
Alice
create a folderPARENT
/PARENT/parent.txt
andtextfile1.txt
PUT
request to endpoint/remote.php/dav/files/Alice/textfile1.txt
as userBrian
with bodydoesnotmatter
oc10
andocis
/remote.php/dav/files/Alice/PARENT/parent.txt
as userBrian
with bodydoesnotmatter
403
forocis
and409
foroc10
.Expected behavior
I don't know what the expected behaviour is for this one probably
ocis
one? I'm putting oc10's behaviour hereActual behavior
This is current
OCIS
behaviourThe text was updated successfully, but these errors were encountered: