server
server copied to clipboard
nextcloud
Permission depends on the way of entering folders
Steps to reproduce
- Create a folder with some subfolder
- Share the top-folder with only read-access
- Share the subfolder with write access
- If users enter the subfolder directly out of their start-view, they can write to the subfolder, if they first open the top-folder and then the subfolder, they can't write to the folder
Expected behaviour
Allow the user to write even if they open the subfolder after the topfolder
Actual behaviour
see above
Server configuration
Operating system: Ubuntu 18.04
Web server: Nginx
Database: MySQL
PHP version: 7.2
Nextcloud version: 14.0.1
Updated from an older Nextcloud/ownCloud or fresh install: fresh
GitMate.io thinks possibly related issues are https://github.com/nextcloud/server/issues/7588 (Folder permissions), https://github.com/nextcloud/server/issues/8479 (Simplify sharing permissions for folders), https://github.com/nextcloud/server/issues/11717 (NotPermittedException: No create permission for folder), https://github.com/nextcloud/server/issues/8931 (external folder can not be shared with delete permissions), and https://github.com/nextcloud/server/issues/2268 (Users can delete shared folders without permissions).
I would suggest to not allow a file/folder which is inside an already shared folder to be shared to the same recipient a second time. But it would be usefull to let the owner "upgrade" the permission for a subfolder/file. What do you think @nextcloud/sharing @nextcloud/designers ?
I think this is an impotent feature to upgrade the permissions in a shared fordert, to create finer permissions. It could be created like ACLs in filesystems. This were a more flexible system for permissions.
As discussed with @juliushaertl a possible way of doing this could be to check for a (new) share if there already exists a parent share to the same recipient and then only upgrading the permissions for this folder/file (inside the parent share) instead of creating a new share which shows up in the recipients root. What do you think @rullzer @schiessle? Would this be possible?
Is it necessary to rethink the way we do sharing? Wouldn’t it just be possible for Nextcloud to get "ah, now the person is in the subfolder, where they have write access to"?
Ideally nothing should change for people in the interface. This is a clear case of "it should just work as expected". :)
@jancborchardt yes, that's exactly the idea! The only thing to consider, I think, is if this shared subfolder should be visible in the recievers root directory (like a separate share) or not...?
Is it necessary to rethink the way we do sharing? Wouldn’t it just be possible for Nextcloud to get "ah, now the person is in the subfolder, where they have write access to"?
Yes, it would be possible, and yes it would be rethinking the way sharing works today :wink: But there are good chance that with Nextcloud 16 we will be able to solve it.
We've been hit by this issue on 18.0.4 as well, would be nice to have this fixed as it confuses our users and it took us some time to identify what was happening.
Note : when adding a tag to the file it seems nextcloud always choose the path through the shared directory and so no rights.
This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.
@szaimen which info is needed? I think the comments above clarify everything, it just has to be fixed.
It think it's both confusing and annoying since
- the root gets pretty crowded if there are many shared (sub-)folders (20+)
- our students don't know where they have to go to have the expected rigths f.e. they have the folder IT with the subfolders Teamwork and Content. The expected way would be - go to IT - go to Teamwork (with writing rights) - start collaborative working ... . Now I share this folder and there pops up a folder "Teamwork" on their root. If the next teacher has the same idea, there will be "Teamwork(2)" etc.
Really hope that can be fixed since in my eyes NC is a sharing plattform but thats pretty inelegant sharing. Wondering how any schools/companys deal with that problem...
Hi, please update to 24.0.8 or better 25.0.2 and report back if it fixes the issue. Thank you!
It is still there. For every subfolder I share with writing/deleting rights there pops up a new folder X on root. If my students go via the topfolder to the subfolder X (expected way for them), they do not have writing/deleting permissions.
24.0.8. Since it is our productive machine we will wait to 25.0.4 with the next update
Unfortuately still the same with NC 25.0.4. If my pupils enter the folder the "normal" way they do not have writing rights in any subfolder even if I gave it to them earlier for the folder "collaboration". They have to enter the "new folder collaboration" that pops up in their root.
The problems connected with that behaviour:
- Young pupils dont get that system "Want to do my Math Collaboration - so I enter the Math folder, then the collaboration folder, ... but there are no writing rights".
- Teacher B, C, D, ... has the same idea: Their pops up "collaboration (2), (3), (4), ...) on any pupils root