server icon indicating copy to clipboard operation
server copied to clipboard
verified publisher icon nextcloud

avoiding duplicated shares

Open jospoortvliet opened this issue 2 years ago • 3 comments

A short proposal on simplifying the issue we have with duplicating sharing data. Often, a new team member shares with me sub folders or files in folders that are already shared. So they get duplicated and how up in my root. My sync client then syncs them, and well, I rather not have a copy of our Launch Marketing folder synced twice as that will definitely fill my hard drive.

If somebody shares a file with somebody else but that person has already access, we should just give a short notification (NO modal) saying "user already has access to the file", and do nothing. This fixes a scenario like "I share folder X with person A and B, Person A shares subfolder folder Y from folder X with person B, B now has stuff double".

This doesn't fix a scenario like "I share folder X with person A, Person A shares sub folder folder Y from folder X with person B, I then share Folder X with person B" - and there are other troublesome issues like when permissions don't match.

We can't fix everything in one go, but we could fix the most common mistake with the change I propose and that would already save a ton of mess.

@jancborchardt @nimishavijay as you asked

jospoortvliet avatar Jul 04 '23 19:07 jospoortvliet

@AndyScherzinger what do you (or relevant engineer) think regarding feasibility?

jancborchardt avatar Jul 10 '23 10:07 jancborchardt

/I do have more or less the same problem but I don't think that simply doing nothing when a folder is already shared with a user (or a group a user belongs) is not enough.

In my scenario the folder structure looks like this: All-Projects-Folder :: read-only shared with all users +- Project-1-Folder :: shared with all permissions to Team-01 +- Project-2-Folder :: shared with all permissions to Team-02 and so on...

All users have the All-Projects-Folder in their root folder and the team members additionally the project folder the team member belongs to - also in the root folder.

But here is the interesting thing:

  1. When surfing inside the "Projects-Folder" down to the project folder in which a user has all permissions (create/edit/delete) he cannot do anything. The permissions are still read-only.
  2. When using the project folder which is located in the root folder the user can create/edit/delete files.

So it seems that the whole sharing logic is somehow broken and nobody worked on it for six months..!!

Unfortunately, the group folders app can no longer be used because it has serious problems of its own. :-(

What other option is currently available to share a very common structure in which an entire tree of folders is read-only for all users and some users/groups/circles have additional rights in subfolders?

gibelium avatar Jan 31 '24 00:01 gibelium

Why is the priority of this issue marked as "low"?

I guess that meaningful sharing possibilities are the most important and fundamental function of Nextcloud.

gibelium avatar Jan 31 '24 22:01 gibelium

Hi @gibelium you are right, sharing is important. However, changing the 'share semantics' like this has serious risks and so we tend to err on the side of caution. Moreover, while this causes some issues, the pain is not that huge for most users. The biggest issues are in the /talk folder (for which there are other solutions being researched) and when using the desktop client (file storage, but only when not using the virtual file system). And perhaps it can occasionally create duplication in a users' home folder - how big an issue that is depends a lot on the user and their work flow.

Meanwhile it can cause risks and complication. For example, you already give a more complicated scenario. Why do we not 'smash' all the permissions, taking the permissions from the shared root folder and apply it to the projects folder (likely a Groupfolder I guess)? Because in YOUR case, it makes total sense. But there are definitely cases one can think of where such a 'privilege escalation' is unintentional. Moreover, it has a significant performance impact with our current permissions architecture, from what I understand.

In your case, I would recommend to use Groupfolders and ACL's to give users read-write access to folders. No need to do a double share.

jospoortvliet avatar Apr 05 '24 08:04 jospoortvliet

Thank you @jospoortvliet I can imagine that changing sharing semantics not is an easy task but as you have created this issue I guess there is some ongoing research in this area.

However, I really would like to use Groupfolders but the list of known issues (https://github.com/nextcloud/groupfolders/issues/1414) and the related problems in a productive environment do not allow this. :-(

gibelium avatar Apr 06 '24 13:04 gibelium