nextcloud / files_accesscontrol

🚫 App to manage access control for files
https://apps.nextcloud.com/apps/files_accesscontrol
50 stars 21 forks source link

Accès controle problème #133

Closed rheylens closed 5 years ago

rheylens commented 5 years ago

Steps to reproduce

  1. Create a public tag (for this detail TEST TAG)
  2. Put the TEST TAG on a file
  3. Create an access role name for exempel TEST with this detail File is taged with TEST TAG User groupe is not TEST

Expected behaviour

The user who are not in the test group shoud note see the file

Actual behaviour

I receive and error message and i recive the same error if i test with a suer in or out the group TEST.

In the activity log on NC GUI i have this error [index] Error: Exception: The requested uri(/doc/remote.php/webdav/Assembl%C3%A9es%20G%C3%A9n%C3%A9rales/1968/1968%2011%2016%20-%20AGO%20-%20Procurations.pdf) cannot be processed by the script '/webdav/Assembl%C3%A9es%20G%C3%A9n%C3%A9rales/1968/1968%2011%2016%20-%20AGO%20-%20Procurations.pdf') at <>

  1. /var/www/nextcloud__2/lib/base.php line 930 getRawPathInfo()
  2. /var/www/nextcloud__2/index.php line 42 handleRequest()

GET /doc/remote.php/webdav/Assembl%C3%A9es%20G%C3%A9n%C3%A9rales/1968/1968%2011%2016%20-%20AGO%20-%20Procurations.pdf from 91.183.107.110 by rheylens at 2019-08-30T00:11:54+00:00

On the screen in the browser i have this when i want to open the file (the file is showed in the file liste and i suppose it shoud not be) Nextcloud

Erreur interne du serveur Le serveur est incapable d'exécuter votre requête.

Si cela se reproduit, veuillez envoyer les détails techniques ci-dessous à l'administrateur du serveur.

Le fichier journal du serveur peut fournir plus de renseignements.

Renseignements techniques Adresse distante : 91.183.107.110 ID de la demande : B3ETBlwbU91GUeTdd6i4 Nextcloud – un lieu sûr pour toutes vos données

Only way to have access the the file again is to remove the tag TEST TAG.

Server configuration detail

Operating system: Linux 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u4 (2019-07-19) x86_64 (Yunohost installation)

Webserver: nginx/1.10.3 (fpm-fcgi)

Database: mysql 10.1.38

PHP version:

7.0.33-0+deb9u3 Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, standard, cgi-fcgi, mysqlnd, PDO, xml, apcu, apc, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, iconv, igbinary, imagick, intl, json, ldap, exif, mcrypt, mysqli, pdo_mysql, Phar, posix, readline, redis, shmop, SimpleXML, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xmlreader, xmlwriter, xsl, zip, Zend OPcache

Nextcloud version: 15.0.7 - 15.0.7.0

Updated from an older Nextcloud/ownCloud or fresh install: fresh

Where did you install Nextcloud from: Yunohost

Signing status Integrity checker has been disabled. Integrity cannot be verified.
List of activated apps ``` Enabled: - activity: 2.8.2 - apporder: 0.6.0 - calendar: 1.6.5 - cloud_federation_api: 0.1.0 - comments: 1.5.0 - contacts: 3.1.3 - dav: 1.8.1 - deck: 0.6.6 - event_update_notification: 0.3.4 - extract: 1.2.0 - federatedfilesharing: 1.5.0 - files: 1.10.0 - files_accesscontrol: 1.5.0 - files_antivirus: 2.1.1 - files_automatedtagging: 1.5.0 - files_external: 1.6.0 - files_pdfviewer: 1.4.0 - files_sharing: 1.7.0 - files_texteditor: 2.7.0 - files_trashbin: 1.5.0 - files_versions: 1.8.0 - files_videoplayer: 1.4.0 - gallery: 18.2.0 - issuetemplate: 0.5.0 - logreader: 2.0.0 - lookup_server_connector: 1.3.0 - mail: 0.11.1 - metadata: 0.9.0 - nextcloud_announcements: 1.4.0 - notifications: 2.3.0 - oauth2: 1.3.0 - occweb: 0.0.4 - password_policy: 1.5.0 - polls: 0.10.2 - previewgenerator: 2.1.0 - printer: 0.0.1 - provisioning_api: 1.5.0 - registration: 0.4.7 - serverinfo: 1.5.0 - sharebymail: 1.5.0 - spreed: 5.0.4 - support: 1.0.0 - survey_client: 1.3.0 - systemtags: 1.5.0 - tasks: 0.11.1 - theming: 1.6.0 - twofactor_backupcodes: 1.4.1 - twofactor_nextcloud_notification: 1.1.2 - workflow_script: 1.0.1 - workflowengine: 1.5.0 Disabled: - accessibility - admin_audit - encryption - federation - files_inotify - files_rightclick - firstrunwizard - richdocuments - timetracker - updatenotification - user_ldap ```
Configuration (config/config.php) ``` { "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "localhost", "cloud.monacp.be" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "15.0.7.0", "overwrite.cli.url": "https:\/\/cloud.monacp.be", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "instanceid": "***REMOVED SENSITIVE VALUE***", "ldapIgnoreNamingRules": false, "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory", "updatechecker": false, "memcache.local": "\\OC\\Memcache\\APCu", "integrity.check.disabled": true, "filelocking.enabled": true, "memcache.locking": "\\OC\\Memcache\\Redis", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "port": "6379", "timeout": "0.0", "password": "***REMOVED SENSITIVE VALUE***" }, "logout_url": "https:\/\/cloud.vkhfamily.be\/yunohost\/sso\/?action=logout", "maintenance": false, "mail_smtpmode": "smtp", "mail_smtpsecure": "ssl", "mail_sendmailmode": "smtp", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtpauthtype": "LOGIN", "mail_smtpauth": 1, "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "465", "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***" } ```

Are you using external storage, if yes which one: smb

Are you using encryption:

Are you using an external user-backend, if yes which one: NO

Client configuration

Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36

Operating system: Windows 10

Logs

Web server error log ``` Insert your web server log here ```
Nextcloud log ``` Insert your Nextcloud log here ```
Browser log Insert your browser log here, this could for example include: a) The javascript console log b) The network log c) ...
nickvergessen commented 5 years ago

On the screen in the browser i have this when i want to open the file (the file is showed in the file liste and i suppose it shoud not be)

Listing a file is not blocked, as it would cause too many problems on various ends: https://docs.nextcloud.com/server/16/admin_manual/file_workflows/access_control.html#denied-access

And since you can not access the file, everything seems to work as intended?