-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[QA] Viewer can modify shared folder on owncloud and ocis driver #236
Comments
it was actually broken, so it wasn't permission enforcement but rather that file operations were not working at all within received shares. we fixed file operations to work correctly, so now the error is gone and the operations go through however, we need now to work on actually enforcing permissions. Correction: the above comment only applies to OC storage |
@butonic were sharing permissions implemented with EOS ? AFAIK we are setting ACLs already, so this would be expected to work and is a bug if it doesn't ? or is it a task ? |
reproducible on ocis and owncloud driver the permissions should have been enforced by the storage driver. will check with eos |
when I am on eos I cannot upload into a shared folder, the acls are stored and enforced properly but I still get this error:
this smells:
|
@jnweiger I see you are trying to create some skeleton in einsteins home in https://github.com/owncloud-docker/compose-playground/blob/master/examples/hetzner-deploy/make_ocis_eos_compose_test.sh#L272-L284 In the process you are omitting some of the things that the eoshome driver does to create the storage, eg setting some special attributes: see https://github.com/cs3org/reva/blob/master/pkg/storage/utils/eosfs/eosfs.go#L818-L952 instead of doing that you could trigger a basic auth login: |
fixing related bugs on eos client as I go: cs3org/reva#1183 |
trying to reproduce the above steps I can neither rename, nor delete, nor upload a new file (or folder). I do see ui glitches like no error popping up and a refresh when the file upload fails ... but acls are enforced. enforcing ACLs on owncloud and ocis storage drivers needs to be implemented. |
Seems we're missing hide dialogue logic in case of errors - https://github.com/owncloud/phoenix/blob/fcbfd6346cfed4c45edc0b1b1813de60fcdde86c/apps/files/src/mixins/deleteResources.js#L150 |
@LukasHirt This was marked a release blocker in RC1, any updates here? |
@jnweiger The UI part hasn't been touched. I am not sure about the enforcing of ACLs though |
Thanks. I'll retest with RC2 |
Retested in RC3. Fixed. Thanks! |
follow up: owncloud/ocis#875 |
Tested with
Version details ocis-1.0.0-rc1
Reproducer
Expected behaviour: einsteins should not be able to rename, delete add as role viewer.
This was changed since RC1. In rc1, all shared folders were readonly.
The text was updated successfully, but these errors were encountered: