nextcloud
[Bug]: Subsequent shares should respect the original expiration date
⚠️ This issue respects the following points: ⚠️
- [X] This is a bug, not a question or a configuration/webserver/proxy issue.
- [X] This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
- [X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
- [X] I agree to follow Nextcloud's Code of Conduct.
Bug description
Subsequent shares (share by a user that has received the shared file from another user) do not respect the original share's expiration date.
If user1 shares a file with user2 with expiration date 1 day in the future, user2 can, when the share is live, share it with user3 with an expiration date lasting much longer.
All the shares are visible to the original sharer with the expiration dates but it still would make sense to limit the expiration date by parent's expiration date.
Could be relevant: https://github.com/nextcloud/server/blob/master/apps/files_sharing/lib/Controller/ShareAPIController.php#L770-L777
(Share seems to fail with 'expiration date is in the past' error for 28 and master)
cc @artonge
Steps to reproduce
- Share a file from user1 to user2 with expiration date 1 day in future and share permissions
- Share the same file from user2 to user3 with expiration date more than 1 day in future and share permissions
Expected behavior
user2 is not able to share the file with longer expiration date (if the expiration date was set for the share initially)
Installation method
None
Nextcloud Server version
27
Operating system
None
PHP engine version
None
Web server
None
Database engine version
None
Is this bug present after an update or on a fresh install?
None
Are you using the Nextcloud Server Encryption module?
None
What user-backends are you using?
- [ ] Default user-backend (database)
- [ ] LDAP/ Active Directory
- [ ] SSO - SAML
- [ ] Other
Configuration report
{
"system": {
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"localhost"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "sqlite3",
"version": "27.1.6.2",
"overwrite.cli.url": "http:\/\/localhost",
"updater.release.channel": "git",
"installed": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"log_type": "errorlog",
"maintenance": false,
"loglevel": 0
}
}
List of activated Apps
Enabled:
- cloud_federation_api: 1.10.0
- comments: 1.17.0
- contactsinteraction: 1.8.0
- dashboard: 7.7.0
- dav: 1.27.0
- federatedfilesharing: 1.17.0
- federation: 1.17.0
- files: 1.22.0
- files_reminders: 1.0.0
- files_sharing: 1.19.0
- files_trashbin: 1.17.0
- files_versions: 1.20.0
- lookup_server_connector: 1.15.0
- oauth2: 1.15.2
- provisioning_api: 1.17.0
- settings: 1.9.0
- sharebymail: 1.17.0
- systemtags: 1.17.0
- theming: 2.2.0
- twofactor_backupcodes: 1.16.0
- updatenotification: 1.17.0
- user_status: 1.7.0
- weather_status: 1.7.0
- workflowengine: 2.9.0
Disabled:
- admin_audit: 1.17.0
- encryption: 2.15.0
- files_external: 1.19.0
- testing: 1.17.0
- user_ldap: 1.17.0
Nextcloud Signing status
integrity:check-core can not be used on git checkouts
Nextcloud Logs
No response
Additional info
No response
Here a little animation of the problem which is multiple discribed since many weeks
I hope we can fix that quickly because it is a basic function of NextCloud and should work without problems. :)
thanks!
