ocis icon indicating copy to clipboard operation
ocis copied to clipboard

Published 20 hours ago verified publisher icon owncloud

Creating a file using `app/new` endpoint inside shared folder/space as Viewer returns `500` status code

Open PrajwolAmatya opened this issue 5 months ago • 0 comments

Describe the bug

Trying to create file using app/new returns 500 status code for following cases:

  • sharee with permission Viewer tries to create text file inside shared folder
  • user with Viewer role tries to create a text file inside shared project space using wopi endpoint
  • user with Viewer role tries to create a odt file inside shared project space using wopi endpoint
  • sharee with permission Viewer tries to create odt file inside shared folder using wopi endpoint
  • public user with permission view tries to creates odt file inside public folder using wopi endpoint
  • public user with permission view tries to create odt file inside folder of public space using wopi endpoint

Steps to reproduce

  1. user einstein creates a folder shareFolder
  2. user einstein shares folder to user marie with permission Viewer
  3. user marie tries to create file inside shared folder using app/create endpoint
curl -kv -XPOST -umarie:radioactivity "https://host.docker.internal:9200/app/new?parent_container_id={parent_containrer_id}&filename=testfile.odt"

We get the following response:

< HTTP/1.1 500 Internal Server Error
< Content-Length: 77
< Content-Security-Policy: child-src 'self'; connect-src 'self' https://raw.githubusercontent.com/owncloud/awesome-ocis/; default-src 'none'; font-src 'self'; frame-ancestors 'self'; frame-src 'self' blob: https://embed.diagrams.net/ http://host.docker.internal:8080/; img-src 'self' data: blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/ http://host.docker.internal:8080/; manifest-src 'self'; media-src 'self'; object-src 'self' blob:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
< Content-Type: application/json
< Date: Mon, 23 Sep 2024 03:58:28 GMT
< Referrer-Policy: strict-origin-when-cross-origin
< Strict-Transport-Security: max-age=315360000; preload
< Vary: Origin
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Permitted-Cross-Domain-Policies: none
< X-Request-Id: ef21cf802eb3/QZu8BvOIG6-000778
< X-Robots-Tag: none
< X-Xss-Protection: 1; mode=block
< 
{ [77 bytes data]
100    77  100    77    0     0   1774      0 --:--:-- --:--:-- --:--:--  1790
* Connection #0 to host host.docker.internal left intact
{
  "code": "SERVER_ERROR",
  "message": "error calling InitiateFileUpload"
}

Expected behavior

The response should return status code 403

Actual behavior

The response returns 500 status code which indicates Internal Server Error.

PrajwolAmatya avatar Sep 23 '24 04:09 PrajwolAmatya