-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Delete a file of a not a valid user (LDAP) #8651
Comments
Whether or not User1 is disabled, User2 (any user account) must not be able to delete a file or share that he does not own. Period. The system should, however, disable/remove shares of an account that gets disabled. The user backend is completely irrelevant for this. Whats counts is: the account is valid or invalid. |
Hey tfl, thanks for your post. The backend is in kind of relevant because the normal delete function is not called via the webinterface. User1 was removed via another interface (LDAP). Because i guess if you use the occ command to remove a user it works like expected. |
To let a user A delete shares/files from user B via web is highly dangerous and should be avoided! If I where in charge of this issue I would close it. I see it this way: it is the daily administrators task to run something like "occ check user and at least remove shares from non-existent or locked accounts" (I am not sure about locked accounts...). If occ does not support this, then I consider this a bug. Otherwise it's not. |
Hey tfl, deleting a shared link is not deleting the file/folder by it self. Its only the link between the users. This is how its done right now. For example you share an file (A.pdf) with me, then it appears in my view. If i don't like it i delete the file. The file is still in your space but not linked/shared with me in my space. It is not about deleting content, it is about deleting the connection which normally works if the user how shared a file with me is valid but don't work if the user is invalid. |
Hey, this issue has been closed because the label (This is an automated comment from GitMate.io.) |
Steps to reproduce
Expected behaviour
File is removed from User2
Actual behaviour
Error appears and file is not removed
Server configuration
Operating system: Debian
Web server: NGINX
Database: mysql
PHP version: 5.6.30
Nextcloud version: 13.0.0.14
Updated from an older Nextcloud/ownCloud or fresh install: update from older versions
Where did you install Nextcloud from: tar
Signing status:
Signing status
List of activated apps:
App list
Nextcloud configuration:
Config report
Are you using an external user-backend, if yes which one: LDAP
LDAP configuration (delete this part if not used)
LDAP config
Client configuration
Browser: chrome and firefox
Operating system: Debian
Logs
Nextcloud log (data/nextcloud.log)
Nextcloud log
The text was updated successfully, but these errors were encountered: