Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: File copy action is visible even though user doesn't have permission #37729

Closed
6 of 9 tasks
marcelklehr opened this issue Apr 14, 2023 · 5 comments · Fixed by #37802
Closed
6 of 9 tasks

[Bug]: File copy action is visible even though user doesn't have permission #37729

marcelklehr opened this issue Apr 14, 2023 · 5 comments · Fixed by #37802
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 27-feedback bug design Design, UI, UX, etc. feature: files

Comments

@marcelklehr
Copy link
Member

⚠️ This issue respects the following points: ⚠️

  • This is a bug, not a question or a configuration/webserver/proxy issue.
  • This issue is not already reported on Github (I've searched it).
  • Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
  • Nextcloud Server is running on 64bit capable CPU, PHP and OS.
  • I agree to follow Nextcloud's Code of Conduct.

Bug description

File copy action is displayed even if the user doesn't have necessary permissions. Trying to copy the shared file is still getting rejected properly.

Steps to reproduce

  1. Open using another account
  2. Share a folder to test account
  3. Uncheck all rights
  4. Go to web app via test account
  5. Go to the shared folder
  6. Click on the button "..." next to a file inside the shared folder
  7. Obtained Results : Also have "Copy" action

Expected behavior

Expected results : Should not see Copy action

Installation method

Community Docker image

Nextcloud Server version

master

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.1

Web server

Apache (supported)

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Fresh Nextcloud Server install

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

No response

List of activated Apps

Enabled:
  - cloud_federation_api: 1.10.0
  - comments: 1.17.0
  - contactsinteraction: 1.8.0
  - dashboard: 7.7.0
  - dav: 1.26.0
  - federatedfilesharing: 1.17.0
  - federation: 1.17.0
  - files: 1.22.0
  - files_sharing: 1.19.0
  - files_trashbin: 1.17.0
  - files_versions: 1.20.0
  - lookup_server_connector: 1.15.0
  - oauth2: 1.15.0
  - photos: 2.0.1
  - profiler: 1.3.0
  - provisioning_api: 1.17.0
  - settings: 1.9.0
  - sharebymail: 1.17.0
  - systemtags: 1.17.0
  - text: 3.7.2
  - theming: 2.2.0
  - twofactor_backupcodes: 1.16.0
  - updatenotification: 1.17.0
  - user_status: 1.7.0
  - viewer: 2.1.0
  - weather_status: 1.7.0
  - workflowengine: 2.9.0
Disabled:
  - admin_audit: 1.17.0
  - bookmarks: 13.0.0
  - deck: 1.8.1
  - encryption: 2.15.0
  - files_external: 1.19.0
  - recognize: 3.7.0
  - richdocuments: 8.1.0-dev.1
  - tables: 0.3.0
  - testing: 1.17.0
  - user_ldap: 1.17.0
  - user_oidc: 1.3.1

Nextcloud Signing status

No response

Nextcloud Logs

No response

Additional info

No response
@marcelklehr marcelklehr added bug 0. Needs triage Pending check for reproducibility or if it fits our roadmap feature: files ux labels Apr 14, 2023
@marcelklehr
Copy link
Member Author

cc @skjnldsv

@skjnldsv
Copy link
Member

skjnldsv commented Apr 18, 2023
edited
Loading

Which version is it starting from?
Did you reproduce the issue?
What is the webdav permission response ?

@marcelklehr
Copy link
Member Author

Which version is it starting from?

I don't know. I assume it's always been this way.

Did you reproduce the issue?

Yes, on latest master.

What is the webdav permission response ?

oc:permissionsSG</oc:permissions> for the files

oc:permissionsSGD</oc:permissions> for the folder containing them

@marcelklehr
Copy link
Member Author

Seems like this line is to blame

server/apps/files/js/fileactions.js

Line 685 in 1a25537

permissions: $('#isPublic').val() ? OC.PERMISSION_UPDATE : OC.PERMISSION_READ,

marcelklehr added a commit that referenced this issue Apr 18, 2023
@marcelklehr
fix(files/fileactions.js): Do not show copy action when user doesn't …
f1fb803 
…have update permissions

fixes #37729

Signed-off-by: Marcel Klehr <mklehr@gmx.net>
@marcelklehr marcelklehr mentioned this issue Apr 18, 2023
Merged
4 tasks
@marcelklehr
Copy link
Member Author

Seems like the permission error stems from here: https://github.com/nextcloud/server/blob/master/apps/dav/lib/DAV/ViewOnlyPlugin.php

@jancborchardt jancborchardt added the design Design, UI, UX, etc. label Apr 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 27-feedback bug design Design, UI, UX, etc. feature: files
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Sharing: Do not show copy action when user doesn't have permissions nextcloud/server
4 participants
@jancborchardt @marcelklehr @skjnldsv @szaimen