files cannot be deleted using only the fileId

[individual-it]

Describe the bug

A lot of file-operations can be done by only knowing the fileId. E.g

• PROPFIND
• PUT
• MOVE

but its impossible to delete a file only by the fileId

Steps to reproduce

Steps to reproduce the behavior:

1. create a file in any folder
2. get the fileId of the file
3. try a PROPFIND using that fileId. e.g. curl -uadmin:admin -k 'https://localhost:9200/remote.php/dav/spaces/33c9baa8-450f-4873-a049-7beb8227face$136ffc9b-d317-4219-a0c3-084d5e070c60!0b8eff1a-8401-4bda-a7e7-8333e44e4ded' -XPROPFIND
4. try to DELETE the file using the fileId: curl -uadmin:admin -k 'https://localhost:9200/remote.php/dav/spaces/33c9baa8-450f-4873-a049-7beb8227face$136ffc9b-d317-4219-a0c3-084d5e070c60!0b8eff1a-8401-4bda-a7e7-8333e44e4ded' -XDELETE

Expected behavior

File should be deleted

Actual behavior

confusing error message is shown:

<?xml version="1.0" encoding="UTF-8"?>
<d:error xmlns:d="DAV" xmlns:s="http://sabredav.org/ns"><s:exception>Sabre\DAV\Exception\MethodNotAllowed</s:exception><s:message>deleting spaces via dav is not allowed</s:message></d:error>

Setup

Please describe how you started the server and provide a list of relevant environment variables or configuration files.

PROXY_ENABLE_BASIC_AUTH=true ocis/bin/ocis server

[kobergj]

The webdav delete handler expects a relative path since cs3org/reva#2828 This was probably an easy way to block deleting spaces via dav.

Even though I have written it it doesn't seem right to me any more. We should accept ids as for the other endpoints. We should still block deleting spaces via dav but we need another way to identify them

[nirajacharya2]

duplicate of #9619