files_lock icon indicating copy to clipboard operation
files_lock copied to clipboard
verified publisher icon nextcloud

User can unlock file locked by other user in shared folders

Open susnux opened this issue 2 years ago • 2 comments

Scenario: User A creates a shared directory. User B creates a file in that directory and locks the file User A tries to unlock that file.

What happens: The file gets unlocked without errors.

What should happen / is expected: The file stays locked and the server returns 403. Because the lock is owned by user B.

Why does this happen The initial test if the owner of the lock and the current user are the same, fails :heavy_check_mark: https://github.com/nextcloud/files_lock/blob/7b1827af32b848b6ed25bcefc17696b9260a61f8/lib/Service/LockService.php#L244

But then the next check allows to unlock, because the file is created inside the shared directory it is owned implicitly by the sharing user, and we allow file owners always to unlock: https://github.com/nextcloud/files_lock/blob/7b1827af32b848b6ed25bcefc17696b9260a61f8/lib/Service/LockService.php#L248

I am not sure if this is a feature or a bug. So probably two solutions here:

  1. Allow configure whether file owners are allowed to always unlock
  2. Document that file owners always can unlock their files and note that files in shared folders are always owned by the folder owner.

susnux avatar Sep 27 '23 10:09 susnux

was introduced here https://github.com/nextcloud/files_lock/pull/140

Rello avatar Sep 27 '23 12:09 Rello

hello

We have some trouble I thinks related as explained at https://github.com/nextcloud/files_lock/issues/170#issuecomment-1868337420

camlafit avatar Jan 25 '24 15:01 camlafit