Feature request: Hide blocked items instead of just disabling them

[ManfredWisniewski]

This is not a bug but a feature request. If anyone is willing to point me in the right direction I would try and implement this myself.

Steps to reproduce

1. block any item for a user
2. user can still see the item on the backend but can not click on it anymore

wanted behaviour

Hide blocked items altogether

I have looked at the code generated by nextcloud very thoroughly and I can't find any way to distinguish blocked items in the html from normal ones. If that were possible I could just hide them via css but in the example I check everything was exactly the same. I was trying to hide this element: <tbody data-cy-files-list-tbody class="files-list__tbody files-list__tbody--list"> Also none of the child elements had anything that would identify the element as blocked. The new :has selector could be used to hide the element but as stated I could not find any way to distinguish the state.

Adding a distinguishing class would be enough to add the option to hide blocked items.

[nickvergessen]

It used to be colored nicely to make it more obvious, I guess it got dropped temporarily by the migration of the web frontend to Vue.

[nickvergessen]

27	28+

cc @jancborchardt quickly chatted with skj... about this and it was not intentional. He agrees that it makes sense to bring back an indication if a user has no permissions on a file at all. Should we style it the same way again?

Old SCSS code is https://github.com/nextcloud/server/blob/cfc4d2ec054c360c1a36d371d3ebbbc7a4119d87/apps/files/css/files.scss#L93-L100

[ManfredWisniewski]

@nickvergessen Thanks for taking up the issue! If you at least bring back a css-class that indicates the status users like me can decide on their own how to handle it.

[jancborchardt]

@nickvergessen wouldn’t it even make sense to completely hide the file @ManfredWisniewski suggests, especially cause the filename could already be confidential?

Otherwise yes, the greying out would be a good way to show the missing access. If it’s easier to do, we could also use color-text-maxcontrast for the text rather than giving the whole row a backdrop.

[nickvergessen]

wouldn’t it even make sense to completely hide the file, especially cause the filename could already be confidential?

No, this is not what the app does: https://docs.nextcloud.com/server/latest/admin_manual/file_workflows/access_control.html#denied-access

Also hiding mount points is problematic. We could of course visually hide them, but they would still have to be part of the response on API level. Otherwise it breaks the etag and therefore the syncing algorithm of the clients and would continuously trigger a resync. Having names "leaked on API level only" is worse then simply always showing them. This was fine for the past 8 years, so we can also continue like that.

[ManfredWisniewski]

For me this is mainly a UX, not a security issue. The file names are not confidential. But in a directory with a lot of documents giving access to only 2 out of 50 files makes it difficult for the user to find the files that are actually intended for him.

Concerning the linked access control app: exactly this is the problem. I can deny access - but the user still sees tons of files that he has no use for because he can't access it.

If there was a css class assigned to inaccessible items I could hide them myself - but with the current implementation there is no way to distinguish files/ directories the user has access to and which he does not - apart from clicking on the file or directory.