Sharing folders leads to issues when the owner is removed while promoting another user as the new owner

[remote-tty1]

Platform info

Passbolt Version affected: v4.4.2 Platform: Docker (passbolt docker image nonroot ce) Database server: MariaDB 10.11.5

How to reproduce:

1. Share a multilevel folder tree directly from the root folder, for example:

• company01 <-- folder with subfolders

  • administration <-- folder with credentials
  • itops <-- folder with credentials
  • devs <-- folder with credentials
  • top_management <-- folder with credentials

  User A is the sole owner of the root folder, no one else has access.

2. Now share the root folder (company01 in the previous example) with user B and while doing so promote user B as the new Owner and remove user A from the list

3. Now log in to user B account, you will see that all the credential objects are now under the "all items" section and the folders on the left are all on one level with no credentials in them like this:

   • company01
   • administration
   • itops
   • devs
   • top_management

What I would expect:

• Owners should only be removed by other Owners and cannot remove themselves (not a bad practice IMHO)
• Postponed user removal (user A in this case) until all sharing tasks (including reassigning credentials to folders) are complete

[stripthis]

Thanks for the report, we'll look into it.

[pbek]

Owners should only be removed by other Owners and cannot remove themselves (not a bad practice IMHO)

This just happened to me! I removed myself in the UI and don't even know how this happened!

I opened https://github.com/passbolt/passbolt_api/issues/516 for this...